RSS

Tag Archives: splunkd

Splunkd request using urrlib2, splunk-python-sdk

Splunk guys are so cool they put together a splunk python sdk. It comes stock standard with examples, explanations, documentation, etc…

So I’m all ready to play along and none of the examples work(for me at least).

When making a request to splunkd(the service interface) you need to be authenticated. That makes perfect sense. The logic the example uses doesn’t work though:

import httplib
import urllib
from xml.etree import ElementTree

HOST = “localhost”
PORT = 8089
USERNAME = “admin”
PASSWORD = “changeme”

# Present credentials to Splunk and retrieve the session key
connection = httplib.HTTPSConnection(HOST, PORT)
body = urllib.urlencode({‘username’: USERNAME, ‘password’: PASSWORD})
headers = {
‘Content-Type’: “application/x-www-form-urlencoded”,
‘Content-Length’: str(len(body)),
‘Host’: HOST,
‘User-Agent’: “a.py/1.0”,
‘Accept’: “*/*”
}
try:
connection.request(“POST”, “/services/auth/login”, body, headers)
response = connection.getresponse()
finally:
connection.close()

That bombs out immediately. Wiggled and jiggled some code and it still nothing. I then tried the very simple :

params = urllib.urlencode({‘username’:USERNAME, ‘password’:PASSWORD})

resp = urllib2.urlopen(url, params)

print resp.read()

The response is a session key.

Works like a charm!!! I’m still not sure why the first example didn’t though. I have never used httplib and don’t intend to. But I shall investigate!!!

urllib and urllib2 have always been awesome.

Simplicity is priceless.

 

 

 
2 Comments

Posted by on February 1, 2012 in Uncategorized

 

Tags: , , , , , ,

Splunk: Changing the splunkd port 8089

So I am messing around with Splunk. Splunk is a powerful engine that allows you to monitor, analyze and understand your app’s/websites/infrastructure’s metadata. (if you want to know more then check it out yourself.)

What i wanted to do was build a django/python app that pulls data from splunk and does some crazy stuff with it.

Splunk has a web and service(splunkd) interface. The web interface is on an open port but the service interface is not. It uses port 8089 by default. I never knew this. So im trying to do a simple GET request for 4 hours and all i get is “nothiing”. No reply, error, etc…

Turns out that splunkd needs to listen on another open port:

1. open web.conf (/etc/system/default/)

2. set mgmtHostPort to <your port number>

3. restart splunk

splunk restart splunkd

That should be it…

some helpful links:

start splunk

splunk webconf

… and a thank you to Jonno

 

 

 

 

 

 

 

 
Leave a comment

Posted by on February 1, 2012 in Uncategorized

 

Tags: , , ,