Databases Reference
In-Depth Information
The list of fields is contained in
meta/fieldOrder
. Each result will then follow this
field order.
Though not necessary (since jobs expire on their own) we can save disk space on our
Splunk servers by cleaning up after ourselves. Simply calling the
DELETE
method
on the job URL will delete the results and reclaim the used disk space.
curl -u admin:changeme -k -X DELETE https://localhost:8089/services/
search/jobs/1352061658.136
Just to show the Python API action, here's a simple script:
import splunk.search as search
import splunk.auth as auth
import sys
import time
username = sys.argv[1]
password = sys.argv[2]
q = sys.argv[3]
sk = auth.getSessionKey(username, password)
job = search.dispatch("search " + q, sessionKey=sk)
while not job.isDone:
print "Job is still running."
time.sleep(.5)
for r in job.results:
for f in r.keys():
print "%s=%s" % (f, r[f])
print "----------"
job.cancel()
This script uses the Python modules included with Splunk, so we must run it using
Splunk's included Python as follows:
$ /opt/splunk/bin/splunk cmd python simplesearch.py admin changeme
'earliest=-7d index="_internal" warn | timechart count by source'
This produces output as follows:
_time=2012-10-31T00:00:00-0500
/opt/splunk/var/log/splunk/btool.log=0
/opt/splunk/var/log/splunk/searches.log=0
Search WWH ::
Custom Search