python 脚本运行 splunk 查询并获取 output 作为文本 output

Question

Trying to run below code it executes but I do not get the correct value any help is appreciated expecting single value like 492. Code runs but does not give the correct value. Tried splunk library but unable to use those.

Answer 1

import urllib
import httplib2 #import library
import json
import pprint
import time
import re
from xml.dom import minidom

searchquery = 'search index="movable_in" sourcetype="movable:in:assets" | stats avg(exposure_score)'

myhttp = httplib2.Http()
baseurl = 'https://xxxx.splunkxxx.com:8089'
usernamesp = 'xxxx'
passwordsp = 'xxxx'


def get_splunk_result(searchquery):
    # Step 1: Get a session key
    servercontent = myhttp.request(f'{baseurl}/services/auth/login', 'POST', headers={},
                                   body=urllib.parse.urlencode({'username': usernamesp, 'password': passwordsp}))[1]
    sessionkey = minidom.parseString(servercontent).getElementsByTagName('sessionKey')[0].childNodes[0].nodeValue
    # print ("====>sessionkey:  %s  <====" % sessionkey)
    sid = ''
    # ------------------
    if not searchquery.startswith('search'):
        searchquery = f'search {searchquery}'

    # Step 2: Get a sid with the search query
    i = 0
    while True:
        time.sleep(1)
        try:
            searchjob = myhttp.request(f'{baseurl}/services/search/jobs', 'POST',
                                       headers={F'Authorization': F'Splunk %s' % sessionkey},
                                       body=urllib.parse.urlencode({'search': searchquery}))[1]
            sid = minidom.parseString(searchjob).getElementsByTagName('sid')[0].childNodes[0].nodeValue
            break
        except:
            i = i + 1
            # print(i)
            if (i > 30): break
    # print("====>SID:  %s  <====" % sid)
    # Step 3: Get search status

    myhttp.add_credentials(usernamesp, passwordsp)
    servicessearchstatusstr = '/services/search/jobs/%s/' % sid

    isnotdone = True
    while isnotdone:
        searchstatus = myhttp.request(f'{baseurl}{servicessearchstatusstr}', 'GET')[1]
        isdonestatus = re.compile('isDone">(0|1)')
        strstatus = str(searchstatus)
        isdonestatus = isdonestatus.search(strstatus).groups()[0]
        if (isdonestatus == '1'):
            isnotdone = False
# Step 4: Get the search result

    services_search_results_str = '/services/search/jobs/%s/results?output_mode=json_rows&count=0' % sid
    searchresults = myhttp.request(f'{baseurl}{services_search_results_str}', 'GET')[1]

    searchresults = json.loads(searchresults)
    # searchresults = splunk_result(searchresults)
    return searchresults


output = get_splunk_result(searchquery)
print(output)