python sdk and realtime search?

Question

I am trying to get realtime streaming results using the python sdk. The code I was using looks like this:

auth.getSessionKey('admin','changeme')
args = {"earliestTime": 0, "latestTime": 0}
job = search.dispatch(' search *',**args)

for event in job:
  print  event['_raw']

print search
job.cancel()

No errors, but no results either. What am I doing wrong?

Accepted Answer

Using the Job Inspector, I was able to reverse the kwargs...

args = {'time_format': '%s.%Q', 'search': 'search *', 'required_field_list': '*', 'max_count': '10000', 'ui_dispatch_app': 'search', 'latest_time': 'rt', 'status_buckets': '300', 'ui_dispatch_view': 'flashtimeline', 'earliest_time': 'rt-1m', 'auto_cancel': '100'}

This changes the search line to be:

job = search.dispatch(**args)

This all seems to work, but is probably more complex than needed.

Answer 2

0

There is also a new Splunk Python SDK on GitHub. You can access it here: https://github.com/splunk/splunk-sdk-python

There are a number of search examples in the SDK.

Any questions - psanford@splunk.com or ping us on Twitter: @splunkdev

link

answered 28 Sep '11, 10:01

psanford_splunk
179●2
accept rate: 8%

python sdk and realtime search?

Follow this question

Splunk Resources

Related questions