get data from splunk

link:

http://dev.splunk.com/view/python-sdk/SP-CAAAER5

download SDK & setup with python

code:

import splunklib.client as client import splunklib.results as results import time

start = time.time()

HOST = "hostname"

PORT = 8089

USERNAME = "username"

PASSWORD = "password"

service = client.connect(

host=HOST,

port=PORT,

username=USERNAME,

password=PASSWORD)

kwargs_oneshot = {"earliest_time": "2017-07-01T12:00:00.000",

"latest_time": "2017-07-09T12:00:00.000",

"exec_mode": "blocking"}      # ,‘search_mode‘: ‘normal‘

searchquery_oneshot = "search index=networkname netlinename|table rowname"

search_results = service.jobs.create(searchquery_oneshot, **kwargs_oneshot)

# Get the results and display them using the ResultsReader

rr = search_results.results(**{‘count‘: 0})

reader = results.ResultsReader(rr)

inbound = []

outbound = []

for item in reader:

_raw_list = str(item[‘_raw‘])

# print _raw_list

　　inbound.append(_raw_list.split(",")[3])

outbound.append(_raw_list.split(",")[4])

# print inbound

# print outbound

print "inLen", len(inbound)

print "outLen", len(outbound)

print str(int(time.time() - start))