使用Python从文件内容组成splunk查询_Python_Python 3.x_File_Splunk

使用Python从文件内容组成splunk查询

python python-3.x file

使用Python从文件内容组成splunk查询,python,python-3.x,file,splunk,Python,Python 3.x,File,Splunk,我试图通过从文本文件内容中获取值来编写Splunk查询。在这里，我不想使用任何Splunk模块/库这是我的简单代码- import pandas as pd from pandas import ExcelWriter from pandas import ExcelFile import sys df = pd.read_excel("I:\\splunk_dashboards\\FID_list.xlsx", sheetname='FID_lastweek') sys.stdout =

我试图通过从文本文件内容中获取值来编写Splunk查询。在这里，我不想使用任何Splunk模块/库

这是我的简单代码-

import pandas as pd
from pandas import ExcelWriter
from pandas import ExcelFile
import sys

df = pd.read_excel("I:\\splunk_dashboards\\FID_list.xlsx", sheetname='FID_lastweek')
sys.stdout = open("I:\\splunk_dashboards\\FID.txt", "w")


v = df['FID']
#print(df['FID'])

print(v)

这是一个简单的代码，它检索特定的列值并将其存储在文本文件中

下一步是使用存储在文本文件中的结果形成splunk查询

例如，下面是文本文件的结果-

0                            CollectionLimitsValidation
1                               PaymentLimitsValidation
2                              AccountDetailsFacadeBean
3                              AccountDetailsFacadeBean

index=hfc_new_98764 host=QA FID=$(Value1_from_text_file) OR FID=$(value2_from _text_file) OR.... it goes on upto the final values

在另一个文本文件中，我确实有一个如下所示的splunk查询-

0                            CollectionLimitsValidation
1                               PaymentLimitsValidation
2                              AccountDetailsFacadeBean
3                              AccountDetailsFacadeBean

index=hfc_new_98764 host=QA FID=$(Value1_from_text_file) OR FID=$(value2_from _text_file) OR.... it goes on upto the final values

从上面的模板中，我需要一个splunk查询，如下所示-

index=hfc_new_98764 host=QA FID=CollectionLimitsValidation OR FID=PaymentLimitsValidation OR FID=.... it goes on upto the final values

我需要帮助来迭代文本文件中的值并存储在模板文件中。

我能够通过文件操作实现上述场景，以下是我的完整代码-

# -*- coding: utf-8 -*-
"""
Created on Wed May 30 18:24:04 2018

@author: Harish
"""

import pandas as pd
from pandas import ExcelWriter
from pandas import ExcelFile
import sys
import fileinput
#import os


#Getting the values from Excel sheet

df = pd.read_excel("I:\\splunk_dashboards\\FID_list.xlsx", sheetname='FID_lastweek')
sys.stdout = open("I:\\splunk_dashboards\\new.txt", "w")
df.FID.unique()
v = df['FID'].to_string(index=False)
pd.options.display.max_colwidth = 200
#print(df['FID'])
#print('"{}"'.format(v))
print(v)


#os.system("script_to_create_FID.py")

#left alignment script
sys.stdout = open("I:\\splunk_dashboards\\aligned_file.txt", "w")
with open("I:\\splunk_dashboards\\new.txt") as f:
    for line in f:
        s = line.lstrip()
        m = s.strip()
        print('"{}"'.format(m))
        #print(m)

#FID and OR values 
prefix = 'FID='
suffix = '  OR'

with open('I:\\splunk_dashboards\\aligned_file.txt', 'r') as src:
    with open('I:\\splunk_dashboards\\final_FID.txt', 'w') as dest:
       for line in src:
           dest.write('%s%s%s\n' % (prefix, line.rstrip('\n'), suffix))


#Added Splunk index here      
for linenum,line in enumerate( fileinput.FileInput("I:\\splunk_dashboards\\final_FID.txt",inplace=1) ):
    if linenum==0 :
        print 'index=hfc_new_98764 host=QA" NOT(WARN=yes)'
        print line.rstrip()
    else:
        print line.rstrip()

#Add sort function at the end
a = '| stats count As NumberOfCalls, count(eval(ERCD=0)) AS "Success" ,count(eval(ERCD!=0)) AS "Failures" by FID | sort – Failures'
with open("I:\\splunk_dashboards\\final_FID.txt","a") as text:    
    text.writelines(a)

步骤1-使用从excel获取的FID列表创建新的文本文件步骤2-格式化文本文件步骤3-在查询的前面和最后添加'FID'和'OR' 步骤4-生成查询