© 2019

Featured snippets are MIT license

Terms Of Use

Privacy Policy

Gears & Masters

  • Facebook Social Icon

Splunk adapter in Python



# Splunk Sync SplunkAdapter
import sys
import json
import Config
from SplunkKPI import KPIQuery
import splunklib.client as client
from DataLogging import DataLogger
from  multiprocessing import Pool

logger = DataLogger.__call__().get_logger()

class SplunkAdapter(object):
    def __init__(self):"Creating Splunk Adapter")
        self.splunk_connection = None
        self.kpi_query_obj_list = []

    def getInfluxJSON(self): + str(sys._getframe().f_code.co_name) + " : Enter")
        for kpi_query_obj in self.kpi_query_obj_list:
  "Yielding JSON Data for :" + kpi_query_obj.KPI_INFLUX_STRING)
            yield kpi_query_obj.json_value

    def generateInfluxData(self): + str(sys._getframe().f_code.co_name) + " : Enter")
        for kpi_query_obj in self.kpi_query_obj_list:
            # We iterate this list of objects and then frame the response json for insertion in InfluxDB

    def getSplunkQueryResponse(self): + str(sys._getframe().f_code.co_name) + " : Enter")
        splunk_kpi_query = None
        kwargs_export  = {"output_mode" :"json"}
        # Use the python subclasses list to get the list of KPIS
        self.kpi_query_obj_list = []
        for splunk_kpi_query in KPIQuery.__subclasses__():
            if ( splunk_kpi_query.KPI_QUERY is not  None and len(splunk_kpi_query.KPI_QUERY) > 0) :
                # This is added to enable and disable queries on adhoc basis

        splunk_kpi_query = None
        del splunk_kpi_query"Creating the splunk connection object")
        self.splunk_connection = client.connect(
        )"Executing the process in parallel")
        with Pool(4) as process_pool:

    def execute_generate(kpi_obj):
            # We execute the query which is stored as class variable for each KPI
  "Executing Query for : " + kpi_query_obj.KPI_INFLUX_STRING)
            qry_response = query = kpi_query_obj.KPI_QUERY , count = 0 ,**kwargs_export )
            # convert the JSON to python dict
            json_response = json.loads(qry_response.readall())
            # We check if the JSON response had a key called as reasults list
  "checking if the query response has any valid results")
            if 'results' in json_response.keys():
                # This will help us achieve two things. The part that generates the
                #influx inserts will be happy to have a empty list instead of None
                kpi_query_obj.query_result =  json_response['results']
      "Generating the JSON from the response")
        except Exception as ex_iter:
                logger.exception("Error in iterating and querying the list of splunk kpi" + str(ex_iter))

if __name__ == "__main__":
    splunk_obj = SplunkAdapter()

Vote Here

You must earn at least 1 vote on your snippets to be allowed to vote