Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About swagatam1308
swagatam1308
Engager
Member since:
02-26-2021
03-13-2021
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 02-26-2021 |
Activity Feed
- Posted Re: Python api for splunk to gather data on Splunk Search. 03-13-2021 08:23 PM
- Tagged Re: Python api for splunk to gather data on Splunk Search. 03-13-2021 08:23 PM
- Posted Re: Python api for splunk to gather data on Splunk Search. 03-13-2021 11:14 AM
- Posted Re: Python api for splunk to gather data on Splunk Search. 03-11-2021 10:40 AM
- Posted Re: Python api for splunk to gather data on Splunk Search. 03-03-2021 11:54 AM
- Posted Re: Python api for splunk to gather data on Splunk Search. 03-03-2021 11:10 AM
- Posted Re: Python api for splunk to gather data on Splunk Search. 03-02-2021 12:32 PM
- Tagged Re: Python api for splunk to gather data on Splunk Search. 03-02-2021 12:32 PM
- Karma Re: Python api for splunk to gather data for tscroggins. 03-02-2021 11:19 AM
- Posted Python api for splunk to gather data on Splunk Search. 02-26-2021 06:38 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
03-13-2021
08:23 PM
Thanks for your reply. Would the same work for any other app configured on splunk server? I meant if index=app_name[configured on splunk] would that work? In my case if I gave index=app_name then special fields not coming on api result from cli.
... View more
- Tags:
- thanks
03-13-2021
11:14 AM
Can you please give the command. From GUI it is fine but same splunk query not working from cli command thet you pasted unfortunately. Please help!
... View more
03-03-2021
11:54 AM
I observed from splunk api script of python only general fields are printing output but interesting fields are not as attached in screenshot. Any idea how to get interesting fields output results also via splunk python script to gather data ?
... View more
03-03-2021
11:10 AM
@tscroggins Thanks for your repl. The values are same like pasted in conversation and we are getting result from GUI but inspecting job id with sid generated from API is showing syntax error as pasted in last chat. upto below it is executing fine without chart from API but with chart option from API splunk call of python it is returning no result Please advice index="ti-p_plasma" sourcetype="plasma: ops-gateway" earliest=-1h source="/home/zsvg9ky/deployments/ops-gateway/ops-gateway/logs/access*" NOT ogw_uri IN (.js .css .gif .jpeg .png .jpg .fonts .assets/) NOT ogw_status_code IN (201 405 206) | rex field=ogw_uri "^/(?<end_point_services>[A-Za-z0-9_-]+)[/|?].*$"
... View more
03-02-2021
12:32 PM
@tscroggins thanks for your reply , The query is running from Gui but from python script below attached it giving 0 output saying chart option is saying no result. PFA the output of the SID generated from splunk python api script from GUI chart count option is not working from REST API script but it is working from GUI search panel. Please advice.
... View more
- Tags:
- splunk
02-26-2021
06:38 AM
Hi All, We need to write a python script to pull data for below query ,using script below but no output is showing. Please advice how we can do it with python script as AND operation seems not working Index="ti-p_plasma" sourcetype="plasma: ops-gateway" earliest=-1h source ="/home/zsvg9ky/deployments/ops-gateway/ops-gateway/logs/access*" | search ogw_uri!=.js AND ogw_uri!=.css AND ogw_uri!=.gif AND ogw_uri!=.jpeg AND ogw_uri!=.png AND ogw_uri!=.jpg AND ogw_uri!=.fonts AND ogw_uri!=.assets/ | Rex field=ogw_uri " ^/(?<end_point_services>[A-Za-z0-9_-]+)[/|?].*$" | chart count by end_point_services, ogw_status_code | field -"201","405","206" I am using below python script but output is not producing nothing from __future__ import print_function from future import standard_library standard_library.install_aliases() import urllib.request, urllib.parse, urllib.error import httplib2 from xml.dom import minidom baseurl = 'https://3.131.162.26:8089' userName = 'admin' password = 'India@nic' searchQuery = 'index=main host="splunk1" source="/var/log/secure"|stats' # Authenticate with server. # Disable SSL cert validation. Splunk certs are self-signed. serverContent = httplib2.Http(disable_ssl_certificate_validation=True).request(baseurl + '/services/auth/login', 'POST', headers={}, body=urllib.parse.urlencode({'username':userName, 'password':password}))[1] sessionKey = minidom.parseString(serverContent).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue # Remove leading and trailing whitespace from the search searchQuery = searchQuery.strip() # If the query doesn't already start with the 'search' operator or another # generating command (e.g. "| inputcsv"), then prepend "search " to it. if not (searchQuery.startswith('search') or searchQuery.startswith("|")): searchQuery = 'search ' + searchQuery print(searchQuery) # Run the search. # Again, disable SSL cert validation. print(httplib2.Http(disable_ssl_certificate_validation=True).request(baseurl + '/services/search/jobs','POST', headers={'Authorization': 'Splunk %s' % sessionKey},body=urllib.parse.urlencode({'search': searchQuery}))[1]) Which genereting job sid then using below script to show the output curl -k -H "Authorization:Splunk $token" https://3.131.35.127:8089/services/search/jobs/$jobid/results_preview --get -d output_mode=csv
... View more
Labels
- Labels:
-
search job inspector
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-13-2021
11:59 PM
|
