-1

Trying to run below code it executes but I do not get the correct value any help is appreciated expecting single value like 492. Code runs but does not give the correct value. Tried splunk library but unable to use those.

import urllib
import httplib2 #import library
import json
import pprint
import time
import re
from xml.dom import minidom

searchquery = 'search index="movable_in" sourcetype="movable:in:assets" | stats avg(exposure_score)'

myhttp = httplib2.Http()
baseurl = 'https://xxxx.splunkxxx.com:8089'
usernamesp = 'xxxx'
passwordsp = 'xxxx'


def get_splunk_result(searchquery):
    # Step 1: Get a session key
    servercontent = myhttp.request(f'{baseurl}/services/auth/login', 'POST', headers={},
                                   body=urllib.parse.urlencode({'username': usernamesp, 'password': passwordsp}))[1]
    sessionkey = minidom.parseString(servercontent).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
    # print ("====>sessionkey:  %s  <====" % sessionkey)
    sid = ''
    # ------------------
    if not searchquery.startswith('search'):
        searchquery = f'search {searchquery}'

    # Step 2: Get a sid with the search query
    i = 0
    while True:
        time.sleep(1)
        try:
            searchjob = myhttp.request(f'{baseurl}/services/search/jobs', 'POST',
                                       headers={F'Authorization': F'Splunk %s' % sessionkey},
                                       body=urllib.parse.urlencode({'search': searchquery}))[1]
            sid = minidom.parseString(searchjob).getElementsByTagName('sid')[0].childNodes[0].nodeValue
            break
        except:
            i = i + 1
            # print(i)
            if (i > 30): break
    # print("====>SID:  %s  <====" % sid)
    # Step 3: Get search status

    myhttp.add_credentials(usernamesp, passwordsp)
    servicessearchstatusstr = '/services/search/jobs/%s/' % sid

    isnotdone = True
    while isnotdone:
        searchstatus = myhttp.request(f'{baseurl}{servicessearchstatusstr}', 'GET')[1]
        isdonestatus = re.compile('isDone">(0|1)')
        strstatus = str(searchstatus)
        isdonestatus = isdonestatus.search(strstatus).groups()[0]
        if (isdonestatus == '1'):
            isnotdone = False
# Step 4: Get the search result

    services_search_results_str = '/services/search/jobs/%s/results?output_mode=json_rows&count=0' % sid
    searchresults = myhttp.request(f'{baseurl}{services_search_results_str}', 'GET')[1]

    searchresults = json.loads(searchresults)
    # searchresults = splunk_result(searchresults)
    return searchresults


output = get_splunk_result(searchquery)
print(output)
warren
  • 32,620
  • 21
  • 85
  • 124
user3754136
  • 509
  • 11
  • 25
  • 1
    What incorrect value do you get? Why can you not use the Splunk library? – RichG Sep 19 '22 at 20:21
  • Have no idea how to use that i need a script preferably python which runs a query and gives the response did check splunk library but did not work so far for me. – user3754136 Sep 20 '22 at 07:52
  • 1
    "did not work so far for me" is not a thing we can help you with - what have you tried? What error(s) have you received? What do you *expect* for results? – warren Sep 20 '22 at 15:09
  • getting output {'preview': False, 'init_offset': 0, 'messages': [], 'fields': ['avg(exposure_score)'], 'rows': [['529.5385045300148']]} Process finished with exit code 0 – user3754136 Sep 21 '22 at 15:55
  • Is there a way to filter above like get value of rows only and exclude everything else. – user3754136 Sep 21 '22 at 19:11
  • Got this working only output is in json – user3754136 Sep 26 '22 at 19:15

1 Answers1

-1
import urllib
import httplib2 #import library
import json
import pprint
import time
import re
from xml.dom import minidom

searchquery = 'search index="movable_in" sourcetype="movable:in:assets" | stats avg(exposure_score)'

myhttp = httplib2.Http()
baseurl = 'https://xxxx.splunkxxx.com:8089'
usernamesp = 'xxxx'
passwordsp = 'xxxx'


def get_splunk_result(searchquery):
    # Step 1: Get a session key
    servercontent = myhttp.request(f'{baseurl}/services/auth/login', 'POST', headers={},
                                   body=urllib.parse.urlencode({'username': usernamesp, 'password': passwordsp}))[1]
    sessionkey = minidom.parseString(servercontent).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
    # print ("====>sessionkey:  %s  <====" % sessionkey)
    sid = ''
    # ------------------
    if not searchquery.startswith('search'):
        searchquery = f'search {searchquery}'

    # Step 2: Get a sid with the search query
    i = 0
    while True:
        time.sleep(1)
        try:
            searchjob = myhttp.request(f'{baseurl}/services/search/jobs', 'POST',
                                       headers={F'Authorization': F'Splunk %s' % sessionkey},
                                       body=urllib.parse.urlencode({'search': searchquery}))[1]
            sid = minidom.parseString(searchjob).getElementsByTagName('sid')[0].childNodes[0].nodeValue
            break
        except:
            i = i + 1
            # print(i)
            if (i > 30): break
    # print("====>SID:  %s  <====" % sid)
    # Step 3: Get search status

    myhttp.add_credentials(usernamesp, passwordsp)
    servicessearchstatusstr = '/services/search/jobs/%s/' % sid

    isnotdone = True
    while isnotdone:
        searchstatus = myhttp.request(f'{baseurl}{servicessearchstatusstr}', 'GET')[1]
        isdonestatus = re.compile('isDone">(0|1)')
        strstatus = str(searchstatus)
        isdonestatus = isdonestatus.search(strstatus).groups()[0]
        if (isdonestatus == '1'):
            isnotdone = False
# Step 4: Get the search result

    services_search_results_str = '/services/search/jobs/%s/results?output_mode=json_rows&count=0' % sid
    searchresults = myhttp.request(f'{baseurl}{services_search_results_str}', 'GET')[1]

    searchresults = json.loads(searchresults)
    # searchresults = splunk_result(searchresults)
    return searchresults


output = get_splunk_result(searchquery)
print(output)
user3754136
  • 509
  • 11
  • 25