使用python搜索Splunk API
我尝试使用python在Splunk的API上执行搜索,我能够获得会话密钥,但仅此而已。我对python和splunk都是新手,所以我有点不了解,如果有任何帮助,我将不胜感激 错误:使用python搜索Splunk API,python,api,python-requests,splunk,Python,Api,Python Requests,Splunk,我尝试使用python在Splunk的API上执行搜索,我能够获得会话密钥,但仅此而已。我对python和splunk都是新手,所以我有点不了解,如果有任何帮助,我将不胜感激 错误: Traceback (most recent call last): File "splunkAPI.py", line 31, in <module> sid = minidom.parseString(r.text).getElementsByTagN
Traceback (most recent call last):
File "splunkAPI.py", line 31, in <module>
sid = minidom.parseString(r.text).getElementsByTagName('sid')[0].firstChild.nodeValue
IndexError: list index out of range
嗯。。。这段代码看起来非常熟悉:P不幸的是,在我编写它时,错误检查并没有那么重要 如果搜索查询未正确定义,则会出现您看到的问题。它必须以
search=
开头。还请注意,如果执行标准的Splunk搜索,则需要包含一个初始的search
命令
例如,search=search index=*
将起作用,search=index=*
将不起作用
如果您需要在搜索字符串中包含引号,我建议您使用以下格式
search\u query=“”search=search index=*“一个搜索表达式”| stats count”“”
现在正在运行搜索,但搜索似乎没有结束。它只会永远循环“搜索状态:正在运行”。在搜索中,尝试添加一些内容以减少正在处理的数据量。例如“搜索=搜索索引=*|头10”
import time # need for sleep
from xml.dom import minidom
import json, pprint
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
base_url = 'https://___________:8089'
username = '______'
password = '______'
search_query = "____________"
#-------------------------get session token------------------------
r = requests.get(base_url+"/servicesNS/admin/search/auth/login",
data={'username':username,'password':password}, verify=False)
session_key = minidom.parseString(r.text).getElementsByTagName('sessionKey')[0].firstChild.nodeValue
print ("Session Key:", session_key)
#-------------------- perform search -------------------------
r = requests.post(base_url + '/services/search/jobs/', data=search_query,
headers = { 'Authorization': ('Splunk %s' %session_key)},
verify = False)
sid = minidom.parseString(r.text).getElementsByTagName('sid')[0].firstChild.nodeValue
done = False
while not done:
r = requests.get(base_url + '/services/search/jobs/' + sid,
headers = { 'Authorization': ('Splunk %s' %session_key)},
verify = False)
response = minidom.parseString(r.text)
for node in response.getElementsByTagName("s:key"):
if node.hasAttribute("name") and node.getAttribute("name") == "dispatchState":
dispatchState = node.firstChild.nodeValue
print ("Search Status: ", dispatchState)
if dispatchState == "DONE":
done = True
else:
time.sleep(1)
r = requests.get(base_url + '/services/search/jobs/' + sid + '/results/',
headers = { 'Authorization': ('Splunk %s' %session_key)},
data={'output_mode': 'json'},
verify = False)
pprint.pprint(json.loads(r.text))