CLI tool for querying Splunk logs. Search indexes, discover fields, and manage search jobs.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for vivainio from gravatar.com vivainio

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags splunk , cli , logs , search , observability , siem
  • Requires: Python >=3.11
Classifiers
Report project as malware

Project description

Splank

CLI tool for querying Splunk logs.

Install

uv tool install splank

Setup

splank init

This creates ~/.config/splank/credentials.toml with your Splunk credentials.

Configuration

The credentials file supports multiple profiles. Each profile authenticates either with a Splunk auth token (HTTP Authorization: Bearer …) or with username + password — set one or the other:

default_profile = "prod"

[profiles.prod]
host = "splunk.example.com"
port = 8089
token = "your-token-here"
verify_ssl = true

[profiles.qa]
host = "splunk-qa.example.com"
port = 8089
username = "admin"
password = "changeme"
verify_ssl = true

Usage

# Search (uses default profile)
splank search 'index=main Level=ERROR' -m 10

# Search using specific profile
splank -p qa search 'index=main Level=ERROR'

# Paste a Splunk web UI URL directly — query and time range are extracted
splank search 'https://splunk.example.com/en-US/app/search/search?q=search%20index%3Dmain&earliest=-30d%40d&latest=now'

# Discover indexes
splank discover 'web*'

# Discover with field info
splank discover 'app-*' --fields -o DISCOVERY.md

# Manage jobs
splank jobs
splank clear

Commands

  • init - Create credentials file
  • search - Execute SPL query
  • discover - Discover available indexes
  • jobs - List search jobs
  • clear - Clear my search jobs

Search Options

splank search 'index=main Level=ERROR' [options]
Option Description
-e, --earliest Earliest time (default: -24h)
-l, --latest Latest time (default: now)
-m, --max-results Max results (default: 100)
-f, --format Output format: json, csv, table, toon (default: toon)
-o, --output Output file (default: stdout)
--internal Include internal Splunk fields (_bkt, _cd, etc.)
-w, --width Truncate field values to N chars (default: 500, 0=no limit)
-z, --zoom Parse JSON from _raw and output as toon

By default, internal Splunk fields (_bkt, _cd, _indextime, _serial, _si, _sourcetype, _subsecond) are hidden. Use --internal to show them.

The --zoom flag is useful when log lines contain JSON - it extracts and parses the JSON from _raw, outputs as toon format (compact and human-readable), and ignores Splunk metadata.

Global Options

  • -p, --profile - Splunk profile to use (e.g., 'qa', 'prod')
  • -V, --version - Show version

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for vivainio from gravatar.com vivainio

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags splunk , cli , logs , search , observability , siem
  • Requires: Python >=3.11
Classifiers

Release history Release notifications | RSS feed

This version

0.4.1

0.4.0

0.3.3

0.3.2

0.3.1

0.3.0

0.2.0

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

splank-0.4.1.tar.gz (36.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

splank-0.4.1-py3-none-any.whl (45.1 kB view details)

Uploaded Python 3

File details

Details for the file splank-0.4.1.tar.gz.

File metadata

  • Download URL: splank-0.4.1.tar.gz
  • Upload date:
  • Size: 36.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.19 {"installer":{"name":"uv","version":"0.11.19","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for splank-0.4.1.tar.gz
Algorithm Hash digest
SHA256 57db5158fc9bc674934434b01a05b3e3906cb46da2a38f661d6218d2936e536d
MD5 72b090ed21aa228e92ea7146d673cb02
BLAKE2b-256 d30aa05a568b740e807251288fce428420d582e9e535f0972e168b3950c36475

See more details on using hashes here.

File details

Details for the file splank-0.4.1-py3-none-any.whl.

File metadata

  • Download URL: splank-0.4.1-py3-none-any.whl
  • Upload date:
  • Size: 45.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: uv/0.11.19 {"installer":{"name":"uv","version":"0.11.19","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for splank-0.4.1-py3-none-any.whl
Algorithm Hash digest
SHA256 34280a97f5dbafb5451cf1fcd5c128022651cc8a109811c4986c335e4b9dc000
MD5 ca548df9ab187424634767ccac15061b
BLAKE2b-256 41ed5ac8fe8848e0b2e02ed3424c2dd7ed44a4ce040840c00ae0ab123ff3e725

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page