{"id":5722,"date":"2018-05-25T13:08:37","date_gmt":"2018-05-25T13:08:37","guid":{"rendered":"http:\/\/www.garysieling.com\/blog\/?p=5722"},"modified":"2018-05-25T13:08:37","modified_gmt":"2018-05-25T13:08:37","slug":"send-json-data-splunk-cloud-python","status":"publish","type":"post","link":"https:\/\/www.garysieling.com\/blog\/send-json-data-splunk-cloud-python\/","title":{"rendered":"Send JSON data to Splunk Cloud with Python"},"content":{"rendered":"

In order to send data to Splunk Cloud with HTTP, you should set up an event collector<\/a>. When you do this, save the auth token they give you. The URL you connect to is your Splunk cloud name, with “input-” pre-pended (e.g. input-prd-p-v12345.cloud.splunk.com), using port 8088.<\/p>\n

To build the HTTP request in python, first set up the request, using the token they give you in the authorization header. You also need to pick a GUID for the second property.<\/p>\n

\n\nimport requests\nheaders = {\n  'Authorization': 'Splunk ' + token,\n  'X-Splunk-Request-Channel': 'aaaaaaaa-4444-aaaa-bbbb-0025754046ec'\n}\n<\/pre>\n
Chances are you’ll need to be able to debug this, so this code will make the requests library print out everything it sends:<\/p>\n
\n\nimport logging\nimport contextlib\ntry:\n    from http.client import HTTPConnection # py3\nexcept ImportError:\n    from httplib import HTTPConnection # py2\n\ndef debug_requests_on():\n    '''Switches on logging of the requests module.'''\n    HTTPConnection.debuglevel = 1\n\n    logging.basicConfig()\n    logging.getLogger().setLevel(logging.DEBUG)\n    requests_log = logging.getLogger(\"requests.packages.urllib3\")\n    requests_log.setLevel(logging.DEBUG)\n    requests_log.propagate = True\n\ndebug_requests_on()\n\nlogging.basicConfig(level=logging.DEBUG)\n<\/pre>\n
Then all you have to do is construct a JSON object with your event data and send it. Splunk Cloud appears to use SNI SSL, which this set of libraries doesn’t handle well, I disabled certificate checking, but this is not recommended for a production system. <\/p>\n
\n\nfor o in objects:\n  jsonData = {\n    \"host\":\"jenkins\",\n    \"index\":\"model-performance\",\n    \"sourcetype\":\"http\",\n    \"source\":\"http:python-report\",\n    \"event\": json.dumps(o)\n  }\n  r = requests.post(url, json=jsonData, headers=headers, verify=False)\n  print(r.json())\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Sending data to splunk cloud<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[12],"tags":[447,522],"aioseo_notices":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.garysieling.com\/blog\/wp-json\/wp\/v2\/posts\/5722"}],"collection":[{"href":"https:\/\/www.garysieling.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.garysieling.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.garysieling.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.garysieling.com\/blog\/wp-json\/wp\/v2\/comments?post=5722"}],"version-history":[{"count":0,"href":"https:\/\/www.garysieling.com\/blog\/wp-json\/wp\/v2\/posts\/5722\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.garysieling.com\/blog\/wp-json\/wp\/v2\/media?parent=5722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.garysieling.com\/blog\/wp-json\/wp\/v2\/categories?post=5722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.garysieling.com\/blog\/wp-json\/wp\/v2\/tags?post=5722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}