Highest Voted 'splunk-sdk' Questions

1

vote

1 answer

Recording earliest login time for each day

I need to return the earliest login time per day for a single username. However, some returns do not match the login from that date. Query below: index=app_redacted_int_* sourcetype="redacted" SessionState="Active" UserName=ABCDE123 | rex…

asked Jul 29 '20 at 20:39

George S

11
1

1

vote

2 answers

How to connect to Splunk API via Python, receiving javascript error

I am trying to connect to Splunk via API using python. I can connect, and get a 200 status code but when I read the content, it doesn't read the content of the page. View below: Here is my code: import json import requests import re baseurl =…

python json python-requests splunk splunk-sdk

asked Jul 16 '20 at 16:19

Coder123

334
6
26

1

vote

1 answer

Splunk Python SDK API job.results limited to 50k results. Trying to set an offset to pull multiple chunks of 50k but don't know how to get it to work

I have a job who's job['resultCount'] is 367k, but no matter what I do, I can't seem to pull more than the first 50,000 chunk. I read this chunk of code off of an answer here for someone who had a similar end goal and setup:…

python-3.x python-2.7 api splunk splunk-sdk

asked Nov 07 '19 at 16:44

Cdhippen

615
1
10
32

1

vote

1 answer

How do I pass credential in custom search command Splunk

My custom search command required some credentials to work (third party lib auth) and I don't want to have it hardcoded. What is the best practice to pass the credentials inside this custom search command? I'm looking to do some similar to set-up…

splunk splunk-sdk

asked Aug 12 '19 at 09:12

Nikitka Gurtovoy

169
1
9

1

vote

2 answers

How to add "Not" in endswith tag of Transaction search in Splunk

I am building a query in splunk to filter logs that start with "INFO:main:TABLE:" and does "NOT" endswith "INFO:main: Done" I want all the transactions that do not log "Done" in the end. "!"/ "Not" does not seem to work. Part of the query I am…

splunk splunk-query splunk-sdk

asked Aug 09 '19 at 20:11

Tannu Priya

313
2
15

1

vote

0 answers

Android Splunk SDK 5.2.5 gradle is failing to sync

I am trying to add Splunk sdk and gradle is failing to sync with Cause: javacTask I will add the stacktrace. I have mint-android-repo-5.2.5.zip folder under app folder (so it is app > mint-plugin-repo-5.2.5) I am using Android studio 3.4, and below…

android gradle splunk splunk-sdk

asked May 07 '19 at 15:31

M.Baraka

725
1
10
24

1

vote

1 answer

Radar chart Display legend

I cannot find options (radarOptions) to display a legend in my chart using chart.js in Splunk environment. This doesn't work for me: options: { legend: { display: true, labels: { fontColor: 'rgb(255, 99, 132)' …

javascript charts chart.js splunk splunk-sdk

asked May 06 '19 at 12:57

Taras Ustyianovych

11
3

1

vote

2 answers

Splunk: Splunk-python SDK: How to include pandas, numpy to create custom command

I am making a custom command for splunk, say getInfluentialCommand. So I make a .py file in bin directory. in this .py file, I need to include pandas, numpy. How to do it? Does splunk python environment allow me to include other python module? Do I…

splunk splunk-sdk

asked Mar 21 '19 at 07:23

user84592

4,750
11
55
91

1

vote

1 answer

Splunk query to get max indexed timestamp for a source type

I need Splunk query to get maximum indexed timestamp or latest indexed timestamp for a source type. Please help as I am stucked here for quite long. your help is highly appreciated. thanks

splunk splunk-query splunk-sdk

asked Dec 18 '18 at 18:13

Anshu

69
2
18

1

vote

1 answer

Splunk Alert with run a script action

Is there any way to run external script with source IP (source IP of device which sent alert to splunk, host= value in event) address as variable? There is in splunk documentation few variables but non of them are host. I need to trigger config…

splunk splunk-query splunk-sdk

asked Nov 21 '18 at 13:59

Datagram.Network

111
3

1

vote

1 answer

How to work with Splunk Mint and Facebook ads in same project

I've been trying to integrate Facebook ads in my app for Android with the audience-network-sdk:5.0.0 and Facebook sdk crashed with this error: 10-16 13:12:07.128 25301-25725/? D/ProxyCache: Open connection to http://127.0.0.1:43557/ping …

android proxy localhost facebook-audience-network splunk-sdk

asked Oct 16 '18 at 18:40

Samuel Castro

21
3

1

vote

0 answers

How to compare two or more field values

i have this kind of data: event 1: field_name=field_value, status="process", status_file="file_name" event 2: field_name=field_value, status="send", status_file="file_name" event 3: field_name=field_value, transfer_status="transferred",…

splunk splunk-query splunk-formula splunk-calculation splunk-sdk

asked Jan 30 '18 at 20:05

Chandana Puppy

133
1
9

0

votes

1 answer

Splunk how to route logs into two sources

I have Splunk Enterprise local instance running and consuming logs from Splunk java SDK loginArgs.put("sourcetype", "echologs"); var receiver = splunkService.getReceiver(); ... String data = LocalDateTime.now() + "…

java splunk splunk-sdk

asked Jun 22 '23 at 13:29

Echoinacup

482
4
12

0

votes

0 answers

Splunk SDK search query outputs limited information

I am currently using Splunk SDKs to export data out of Splunk with the following: SPLUNK QUERY: search index=***** sourcetype=*** host={host} earliest={earliest} latest={latest} I have a python script that…

splunk splunk-sdk splunk-api

asked Jun 12 '23 at 19:38

Devoper

1
3

0

votes

1 answer

Splunk using info_min_time as timestamp instead of _raw

I am having the following Splunk query to forward some data to a Splunk Summary index:- index=* eventId="USER_LOGIN_SUCCESS" userRole!=*FF_* userType!="FirstFuel" sourcetype="firstengage" | eval datetime=strftime(_time, "%Y-%m-%d %H:%M:%S") |…

splunk splunk-query splunk-dashboard splunk-calculation splunk-sdk

asked Jun 07 '23 at 12:31

Sumit Desai

1,542
9
22

Questions tagged [splunk-sdk]