![]() ![]() 1įrom _future_ import absolute_import from _future_ import print_function import splunklib.client as client import splunklib.results as results HOST = "192.168.1.130" PORT = 8089 USERNAME = "admin" PASSWORD = "" # Create a Service instance and log in I changed the query to give an average of CPU used, as I have the Linux tech add-on installed. The example code and the connection code becomes the below: To connect successfully, the code from above needs to be included, The issue I found with this page was that it did not show the full code of connecting and running a search. Issues will occur if the one-shot code is copy and pasted. (Code that checks if a search is done will be shown below.) This just allows for a search to run, without code being required that checks if the search is completed. Because this is a blocking search, the results are not available until the search has finished. Instead of returning a search job, this mode returns the results of the search once completed. One-shot: A one-shot search is a blocking search that is scheduled to run immediately. As explained below, the search runs immediately and returns the results once completed. As I just wanted to create a quick search (it does not take long to process) I opted for the One-Shot search. Titled: “How to run searches and jobs using the Splunk Enterprise SDK for Python” Jumping to the SDK again, there is a nicely titled article that is useful. So currently, the code is able to connect to Splunk and print out the Apps. Information hereĪs mentioned above I have the free version, so my credentials are the following: There will not be a Splunk Username and Password screen. A way to test this, is by going to you Splunk instance via the web browser and it will automatically log in. However, if you have changed the license over to “Free Splunk”, there is technically no authentication. The above credentials will work with Enterprise Splunk and Enterprise Free Splunk. Once running, the code connects, authenticates and replies with the apps installed: connect ( host = HOST, port = PORT, username = USERNAME, password = PASSWORD ) # Print installed apps to the console to verify loginįor app in service. Import splunklib.client as client HOST = "localhost" PORT = 8089 USERNAME = "admin" PASSWORD = "yourpassword" # Create a Service instance and log in This is great to ensure you can connect to the Splunk API. The example code below, will print out the app names. ![]() It is also within the Splunk Developer Documentation “How to Connect”, which is what I used to ensure my connection was working. The splunklib.client will be used to connect to Splunk. Naturally, I named the file splunklib.py - due to fighting attempting to have splunklib module work. I probably had my path incorrect.Īnyhow, if you run into this error, the solution for me was to clone the github repo and placed my files in there. Googling this shows the solution is just to install the SDK and follow the documentation. ModuleNotFoundError: No module named 'splunklib' For my Linux enviornment this would not work. If you go to the documentation page here for installation steps, it will suggest using pip or setup.py. So how can we connect to Splunk? Installing the Python SDK You can use the Splunk Enterprise SDK for Python to perform a variety of actions in Splunk Enterprise, including searching data, developing custom UIs, and managing configurations for your instance. This also leads to the Splunk Enterprise SDK for Python The Splunk Developer documentation can be found here.The Splunk SDK github for python can be found here.Splunk license has been changed to a free licence Splunk SDK Some documentation can be found here My home setup I am currently investigating how to make the API remotely accessible.Īdditionally,if this is a prod system, it is best to use Oauth authentication. As such the code will need to be installed and executed locally on the system. If this is a prod system or Splunk Enterprise, the API may not be accessible remotely. Splunk Enterprise, Splunk Free Enterprise, or Splunk Enterprise Installed. Not 100% sure what to do with that yet, but I was thinking some type of trend analysis.Īlso, it was not easy to find the right documentation, so this is my attempt to help others that try this. I have code working that pulls data from Splunk and pushes it into a Google Sheet. Working with Splunk on a day to day basis I thought I might try some ‘automation’. I’ve recently been attempting to automate actions that I do on an everyday basis. Connecting to Splunk without the SDK, using httplib and beautifulsoup.Connecting to Splunk with the Python SDK, executing a search and receiving the results. ![]()
0 Comments
Leave a Reply. |