Skip to main content

A simple and complete package to abstract main operations with Splunk API (send data / run search / get result)

Project description

PyPI

easy_slpunk>

A simple and complete package to abstract main operations with Splunk API (send data / run searches).

Install

pip install easy_splunk

Upgrade

pip install easy_splunk -U

Usage

from easy_splunk import Splunk


host = "EVENT_HOST"
source = "EVENT_SOURCE"


try:
    spk_hec = Splunk(protocol="https", url="10.0.0.2", port="8088", timeout=60,
        hec_key="e51e9c62-5f25-46cf-9a4e-218638cdab77")
    spk_syslog = Splunk(protocol="syslog", url="10.0.0.2", port="5514")
except:
    raise


#Send a dict data as JSON to Splunk API
data_hec = {}
data_hec["Key_1"] = "Valor_1"
data_hec["Key_2"] = "Valor_2"
data_hec["Key_3"] = "Valor_3"
spk_hec.send_data(event_host=host, event_source=source, event_data=data_hec)
spk_hec.send_data(event_source=source, event_data=data_hec)

#Send a basic syslog message to Splunk
data_syslog = "Syslog message sent by easy_splunk"
spk_syslog.send_data(event_data=data_syslog)

#Run a specific search and get the result as a list of JSONs
search = 'index=raw_syslog | head 1'
search_output = spk_hec.run_search(username='admin', password='admin', search=search)
print(search_output)

OUTPUTS SEND_DATA()

Splunk Search

OUTPUT RUN_SEARCH()

[
    {
        'preview': False, 
        'offset': 0, 
        'result': 
        {
            '_bkt': 'raw_syslog~0~1C4DDDBB-BFC8-49A2-A2FC-6418F3E80CAD', 
            '_cd': '0:56', 
            '_indextime': '1561619057', 
            '_raw': 'Syslog message sent by easy_splunk', 
            '_serial': '0', 
            '_si': ['localhost', 'raw_syslog'], 
            '_sourcetype': 'syslog', 
            '_time': '2019-06-27 15:04:17.000 CST', 
            'host': '10.0.0.2', 
            'index': 'raw_syslog', 
            'linecount': '1', 
            'source': 'udp:5514', 
            'sourcetype': 'syslog', 
            'splunk_server': 'localhost'
        }
    }
]

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

easy_splunk-0.1.9.tar.gz (4.0 kB view hashes)

Uploaded Source

Built Distribution

easy_splunk-0.1.9-py3-none-any.whl (16.5 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page