Hi, so my team is currently has some data on Splunk cloud. My task is to use your REST API to get this data using python.
On Splunk web I get this data by using the following query:
| from inputlookup:"cloud_accountList"
I have written a simple python script to get the data:
splunkTenant = 'avc3'
splunkURL = {
'api': f"https://ab1.{splunkTenant}.splunkcloud.com:1234",
}
splunkCredentials = {
'user': 'test_user',
'password': 'SplunkIsGreat'
}
searchString = f"| from inputlookup:\"cloud_accountList\""
search = {
'search': searchString,
'output_mode': 'json'
}
splunkEndpoints = {
'returnedAppSearch': f"{splunkURL['api']}/servicesNS/{splunkCredentials['user'].upper()}",
}
cacertpath = '/Users/***/Downloads/cacert.pem'
searchURL2 = f"{splunkEndpoints['returnedAppSearch']}/APP_NAME/search/jobs"
splunk_response = requests.post(
url=searchURL,
auth=(str(splunkCredentials['user']), str(splunkCredentials['password'])),
verify=cacertpath
data=search)
When I run this script I get an error. Can someone please help me out?
Regards
What error do you get?
'ERROR', 'text': "The lookup table 'cloud_accountList' requires a .csv or KV store lookup definition
This is the error I am getting
Looks like you need to set up a definition for the lookup
Thanks ITWhisperer. Can you list the exact steps we have to follow? I am very new to this.
Went over this with an admin. Looks like the lookup is already defined. Is there anything else I can try?