In a previous blog series, I covered how to create and CRUD a KV Store using Splunk’s SPL (Search Processing Language). Feel free to check out the various pieces and parts of that tutorial here: Creating and CRUDing a KV Store in Splunk: Part 1 and Part 2.
In this blog post I’m going to cover how to do the same thing using Python. The blog post is available, as well as the subsequent screencasts. So, feel free to read, watch or do both.
In order to follow along with this you should download the Splunk Python SDK.
Export the PYTHONPATH
You can place the Splunk SDK folder where you want, but you will need to add the folder to your Python path in order to run the examples:
In this example, I’m going to use a .splunkrc file to store my credentials. The .splunkrc file is a handy way for us to store our credentials when we connect to Splunk through our Python script.
You don’t have to use a .splunkrc file, but its easier than having to write this every time we want to execute a file, see below:
Where to put .splunkrc
The location of the .splunkrc file will depend on whether or not you’re following along using Windows.
On Windows, you will put the .splunkrc in C:\Users\currenusername\.splunkrc
If you are on Linux or OSX place it in ~/.splunkrc
How does this work?
When we run our Python file, Splunk is going to check and see if user credentials have been passed into the command line. If not, it will then check if a .splunkrc file exists.