I am reading the documentation to create a simple search script:
#!/usr/bin/env python
import os
import sys
import json
import argparse
import datetime
from random import choice
try:
import splunklib.client as client
import splunklib.results as results
except:
print('')
print('Please install the Splunk Python SDK via # pip install splunk-sdk [http://dev.splunk.com/python]')
print('')
quit(1)
#################################################
### Deal with arguments vars and file handles ###
#################################################
token = ''.join([choice('abcdefghijklmnopqrstuvwxyz0123456789') for i in range(64)])
parser = argparse.ArgumentParser(description='Python Script to test Splunk functionality')
parser.add_argument('-H', help='Hostname to target', required=True)
parser.add_argument('-u', help='Splunk Username', required=True)
parser.add_argument('-p', help='Splunk Password', required=True)
parser.add_argument('-P', help='API Port, default = 8089', default="8089")
args = parser.parse_args()
## Connect to Splunk
try:
sdk = client.connect(host=args.H,port=args.P,username=args.u,password=args.p)
except:
print "Error connecting..."
kwargs_oneshot = {"earliest_time": "2018-08-132T12:00:00.000-07:00",
"latest_time": "2018-09-13T12:00:00.000-07:00"}
searchquery_oneshot = "search * | head 10"
oneshotsearch_results = sdk.jobs.oneshot(searchquery_oneshot, **kwargs_oneshot)
# Get the results and display them using the ResultsReader
reader = results.ResultsReader(oneshotsearch_results)
for item in reader:
print(item)
This produces no results. What am I missing? This does not seem to be a fully functioning search. I should say that the only index that has events is _internal.
↧