1. splunk-sdk
import splunklib.client as client
import splunklib.results as results
service = client.connect(
host='splunk-server-ip',
port=8089,
username='your-username',
password='your-password'
)
job = service.jobs.create(
'search index=_internal | head 5',
exec_mode='blocking',
output_mode='json'
)
job_results = job.results(output_mode='json')
reader = results.JSONResultsReader(job_results)
for result in reader:
if isinstance(result, dict):
print(result)
2. requests
import time
import requests
from requests.auth import HTTPBasicAuth
import urllib3
urllib3.disable_warnings()
splunk_host = 'splunk-server-ip'
username='your-username'
password='your-password'
search_query = 'search index=_internal | head 5'
response = requests.post(
f'{splunk_host}/services/search/jobs',
headers={'Content-Type': 'application/x-www-form-urlencoded'},
data={
'search': search_query,
'output_mode': 'json'
},
auth=HTTPBasicAuth(username, password),
verify=False
)
sid = response.json()['sid']
time.sleep(1)
result_response = requests.get(
f'{splunk_host}/services/search/jobs/{sid}/results',
params={'output_mode': 'json'},
auth=HTTPBasicAuth(username, password),
verify=False
)
for result in result_response.json()['results']:
print(result)
