{"id":13642674,"url":"https://github.com/splunk/splunk-sdk-python","last_synced_at":"2025-10-11T09:56:13.580Z","repository":{"id":37925517,"uuid":"1504670","full_name":"splunk/splunk-sdk-python","owner":"splunk","description":"Splunk Software Development Kit for Python","archived":false,"fork":false,"pushed_at":"2025-04-09T16:08:17.000Z","size":71602,"stargazers_count":703,"open_issues_count":56,"forks_count":375,"subscribers_count":101,"default_branch":"master","last_synced_at":"2025-04-09T17:25:57.772Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://dev.splunk.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/splunk.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2011-03-20T23:20:06.000Z","updated_at":"2025-04-09T12:29:17.000Z","dependencies_parsed_at":"2022-07-13T03:50:48.450Z","dependency_job_id":"3b255056-523c-4dfa-8e9a-cc6f0528aced","html_url":"https://github.com/splunk/splunk-sdk-python","commit_stats":{"total_commits":1288,"total_committers":93,"mean_commits":"13.849462365591398","dds":0.829192546583851,"last_synced_commit":"e44135872675d8f5450b7eef990735b233477b27"},"previous_names":[],"tags_count":43,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-sdk-python","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-sdk-python/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-sdk-python/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-sdk-python/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/splunk","download_url":"https://codeload.github.com/splunk/splunk-sdk-python/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249958840,"owners_count":21351723,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T01:01:34.781Z","updated_at":"2025-10-11T09:56:13.552Z","avatar_url":"https://github.com/splunk.png","language":"Python","readme":"[![Build Status](https://github.com/splunk/splunk-sdk-python/actions/workflows/test.yml/badge.svg?branch=master)](https://github.com/splunk/splunk-sdk-python/actions/workflows/test.yml)\n\n[Reference Docs](https://dev.splunk.com/enterprise/reference)\n\n# The Splunk Enterprise Software Development Kit for Python\n\n#### Version 2.1.1\n\nThe Splunk Enterprise Software Development Kit (SDK) for Python contains library code designed to enable developers to build applications using the Splunk platform.\n\nThe Splunk platform is a search engine and analytic environment that uses a distributed map-reduce architecture to efficiently index, search, and process large time-varying data sets.\n\nThe Splunk platform is popular with system administrators for aggregation and monitoring of IT machine data, security, compliance, and a wide variety of other scenarios that share a requirement to efficiently index, search, analyze, and generate real-time notifications from large volumes of time-series data.\n\nThe Splunk developer platform enables developers to take advantage of the same technology used by the Splunk platform to build exciting new applications.\n\n## Getting started with the Splunk SDK for Python\n\n\n## Get started with the Splunk Enterprise SDK for Python\n\nThe Splunk Enterprise SDK for Python contains library code, and its examples are located in the [splunk-app-examples](https://github.com/splunk/splunk-app-examples) repository. They show how to programmatically interact with the Splunk platform for a variety of scenarios including searching, saved searches, data inputs, and many more, along with building complete applications.\n\n### Requirements\n\nHere's what you need to get going with the Splunk Enterprise SDK for Python.\n\n* Python 3.7, Python 3.9 and Python 3.13\n  \n  The Splunk Enterprise SDK for Python is compatible with python3 and has been tested with Python v3.7, v3.9 and v3.13.\n\n* Splunk Enterprise 9.2 or 8.2\n\n    The Splunk Enterprise SDK for Python has been tested with Splunk Enterprise 9.2, 8.2 and 8.1\n\n  If you haven't already installed Splunk Enterprise, download it [here](http://www.splunk.com/download). \n  For more information, see the Splunk Enterprise [_Installation Manual_](https://docs.splunk.com/Documentation/Splunk/latest/Installation).\n\n* Splunk Enterprise SDK for Python\n\n  Get the Splunk Enterprise SDK for Python from [PyPI](https://pypi.org/project/splunk-sdk/). If you want to contribute to the SDK, clone the repository from [GitHub](https://github.com/splunk/splunk-sdk-python).\n\n### Install the SDK\n\nUse the following commands to install the Splunk Enterprise SDK for Python libraries. However, it's not necessary to install the libraries to run the unit tests from the SDK.\n\nUse `pip`:\n\n    [sudo] pip install splunk-sdk\n\nInstall the Python egg:\n\n    [sudo] pip install --egg splunk-sdk\n\nInstall the sources you cloned from GitHub:\n\n    [sudo] python setup.py install\n\n## Testing Quickstart\n\nYou'll need `docker` and `docker-compose` to get up and running using this method.\n\n```\nmake up SPLUNK_VERSION=9.2\nmake wait_up\nmake test\nmake down\n```\n\nTo run the examples and unit tests, you must put the root of the SDK on your PYTHONPATH. For example, if you downloaded the SDK to your home folder and are running OS X or Linux, add the following line to your **.bash_profile** file:\n\n    export PYTHONPATH=~/splunk-sdk-python\n\n### Following are the different ways to connect to Splunk Enterprise\n#### Using username/password\n```python\nimport splunklib.client as client\nservice = client.connect(host=\u003chost_url\u003e, username=\u003cusername\u003e, password=\u003cpassword\u003e, autologin=True)\n```\n\n#### Using bearer token\n```python\nimport splunklib.client as client\nservice = client.connect(host=\u003chost_url\u003e, splunkToken=\u003cbearer_token\u003e, autologin=True)\n```\n\n#### Using session key\n```python\nimport splunklib.client as client\nservice = client.connect(host=\u003chost_url\u003e, token=\u003csession_key\u003e, autologin=True)\n```\n\n###\n#### Update a .env file\n\nTo connect to Splunk Enterprise, many of the SDK examples and unit tests take command-line arguments that specify values for the host, port, and login credentials for Splunk Enterprise. For convenience during development, you can store these arguments as key-value pairs in a **.env** file. Then, the SDK examples and unit tests use the values from the **.env** file when you don't specify them.\n\n\u003e**Note**: Storing login credentials in the **.env** file is only for convenience during development. This file isn't part of the Splunk platform and shouldn't be used for storing user credentials for production. And, if you're at all concerned about the security of your credentials, enter them at the command line rather than saving them in this file.\n\nhere is an example of .env file:\n\n    # Splunk Enterprise host (default: localhost)\n    host=localhost\n    # Splunk Enterprise admin port (default: 8089)\n    port=8089\n    # Splunk Enterprise username\n    username=admin\n    # Splunk Enterprise password\n    password=changed!\n    # Access scheme (default: https)\n    scheme=https\n    # Your version of Splunk Enterprise\n    version=9.2\n    # Bearer token for authentication\n    #splunkToken=\u003cBearer-token\u003e\n    # Session key for authentication\n    #token=\u003cSession-Key\u003e\n\n#### SDK examples\n\nExamples for the Splunk Enterprise SDK for Python are located in the [splunk-app-examples](https://github.com/splunk/splunk-app-examples) repository. For details, see the [Examples using the Splunk Enterprise SDK for Python](https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/examplespython) on the Splunk Developer Portal.\n\n#### Run the unit tests\n\nThe Splunk Enterprise SDK for Python contains a collection of unit tests. To run them, open a command prompt in the **/splunk-sdk-python** directory and enter:\n\n    make\n\nYou can also run individual test files, which are located in **/splunk-sdk-python/tests**. To run a specific test, enter:\n\n    make test_specific\n\nThe test suite uses Python's standard library, the built-in `unittest` library, `pytest`, and `tox`.\n\n\u003e**Notes:**\n\u003e*  The test run fails unless the [SDK App Collection](https://github.com/splunk/sdk-app-collection) app is installed.\n\u003e*  To exclude app-specific tests, use the `make test_no_app` command.\n\u003e*  To learn about our testing framework, see [Splunk Test Suite](https://github.com/splunk/splunk-sdk-python/tree/master/tests) on GitHub.\n\u003e   In addition, the test run requires you to build the searchcommands app. The `make` command runs the tasks to do this, but more complex testing may require you to rebuild using the `make build_app` command.\n\n## Repository\n\n| Directory | Description                                                |\n|:--------- |:---------------------------------------------------------- |\n|/docs      | Source for Sphinx-based docs and build                     |\n|/splunklib | Source for the Splunk library modules                      |\n|/tests     | Source for unit tests                                      |\n|/utils     | Source for utilities shared by the unit tests              |\n\n### Customization\n* When working with custom search commands such as Custom Streaming Commands or Custom Generating Commands, We may need to add new fields to the records based on certain conditions.\n* Structural changes like this may not be preserved.\n* Make sure to use ``add_field(record, fieldname, value)`` method from SearchCommand to add a new field and value to the record.\n* ___Note:__ Usage of ``add_field`` method is completely optional, if you are not facing any issues with field retention._\n\nDo\n```python\nclass CustomStreamingCommand(StreamingCommand):\n    def stream(self, records):\n        for index, record in enumerate(records):\n            if index % 1 == 0:\n                self.add_field(record, \"odd_record\", \"true\")\n            yield record\n```\n\nDon't\n```python\nclass CustomStreamingCommand(StreamingCommand):\n    def stream(self, records):\n        for index, record in enumerate(records):\n            if index % 1 == 0:\n                record[\"odd_record\"] = \"true\"\n            yield record\n```\n### Customization for Generating Custom Search Command\n* Generating Custom Search Command is used to generate events using SDK code.\n* Make sure to use ``gen_record()`` method from SearchCommand to add a new record and pass event data as a key=value pair separated by , (mentioned in below example).\n\nDo\n```python\n@Configuration()\nclass GeneratorTest(GeneratingCommand):\n    def generate(self):\n        yield self.gen_record(_time=time.time(), one=1)\n        yield self.gen_record(_time=time.time(), two=2)\n```\n\nDon't\n```python\n@Configuration()\nclass GeneratorTest(GeneratingCommand):\n    def generate(self):\n        yield {'_time': time.time(), 'one': 1}\n        yield {'_time': time.time(), 'two': 2}\n```\n\n### Access metadata of modular inputs app\n* In stream_events() method we can access modular input app metadata from InputDefinition object\n* See [GitHub Commit](https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/github_commits/bin/github_commits.py) Modular input App example for reference.\n```python\n    def stream_events(self, inputs, ew):\n        # other code\n        \n        # access metadata (like server_host, server_uri, etc) of modular inputs app from InputDefinition object\n        # here inputs is a InputDefinition object\n        server_host = inputs.metadata[\"server_host\"]\n        server_uri = inputs.metadata[\"server_uri\"]\n        \n        # Get the checkpoint directory out of the modular input's metadata\n        checkpoint_dir = inputs.metadata[\"checkpoint_dir\"]\n```\n\n### Access service object in Custom Search Command \u0026 Modular Input apps\n\n#### Custom Search Commands\n* The service object is created from the Splunkd URI and session key passed to the command invocation the search results info file.\n* Service object can be accessed using `self.service` in `generate`/`transform`/`stream`/`reduce` methods depending on the Custom Search Command.\n* For Generating Custom Search Command\n  ```python\n    def generate(self):\n        # other code\n        \n        # access service object that can be used to connect Splunk Service\n        service = self.service\n        # to get Splunk Service Info\n        info = service.info\n  ```\n\n \n\n#### Modular Inputs app:\n* The service object is created from the Splunkd URI and session key passed to the command invocation on the modular input stream respectively.\n* It is available as soon as the `Script.stream_events` method is called.\n```python\n    def stream_events(self, inputs, ew):\n        # other code\n        \n        # access service object that can be used to connect Splunk Service\n        service = self.service\n        # to get Splunk Service Info\n        info = service.info\n```\n\n\n### Optional:Set up logging for splunklib\n+ The default level is WARNING, which means that only events of this level and above will be visible\n+ To change a logging level we can call setup_logging() method and pass the logging level as an argument.\n+ Optional: we can also pass log format and date format string as a method argument to modify default format\n\n```python\nimport logging\nfrom splunklib import setup_logging\n\n# To see debug and above level logs\nsetup_logging(logging.DEBUG)\n```\n\n### Changelog\n\nThe [CHANGELOG](CHANGELOG.md) contains a description of changes for each version of the SDK. For the latest version, see the [CHANGELOG.md](https://github.com/splunk/splunk-sdk-python/blob/master/CHANGELOG.md) on GitHub.\n\n### Branches\n\nThe **master** branch represents a stable and released version of the SDK.\nTo learn about our branching model, see [Branching Model](https://github.com/splunk/splunk-sdk-python/wiki/Branching-Model) on GitHub.\n\n## Documentation and resources\n\n| Resource                | Description |\n|:----------------------- |:----------- |\n| [Splunk Developer Portal](http://dev.splunk.com) | General developer documentation, tools, and examples |\n| [Integrate the Splunk platform using development tools for Python](https://dev.splunk.com/enterprise/docs/devtools/python)| Documentation for Python development |\n| [Splunk Enterprise SDK for Python Reference](http://docs.splunk.com/Documentation/PythonSDK) | SDK API reference documentation |\n| [REST API Reference Manual](https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTprolog) | Splunk REST API reference documentation |\n| [Splunk\u003eDocs](https://docs.splunk.com/Documentation) | General documentation for the Splunk platform |\n| [GitHub Wiki](https://github.com/splunk/splunk-sdk-python/wiki/) | Documentation for this SDK's repository on GitHub |\n| [Splunk Enterprise SDK for Python Examples](https://github.com/splunk/splunk-app-examples) | Examples for this SDK's repository |\n\n## Community\n\nStay connected with other developers building on the Splunk platform.\n\n* [Email](mailto:devinfo@splunk.com)\n* [Issues and pull requests](https://github.com/splunk/splunk-sdk-python/issues/)\n* [Community Slack](https://splunk-usergroups.slack.com/app_redirect?channel=appdev)\n* [Splunk Answers](https://community.splunk.com/t5/Splunk-Development/ct-p/developer-tools)\n* [Splunk Blogs](https://www.splunk.com/blog)\n* [Twitter](https://twitter.com/splunkdev)\n\n### Contributions\n\nIf you would like to contribute to the SDK, see [Contributing to Splunk](https://www.splunk.com/en_us/form/contributions.html). For additional guidelines, see [CONTRIBUTING](CONTRIBUTING.md). \n\n### Support\n\n*  You will be granted support if you or your company are already covered under an existing maintenance/support agreement. Submit a new case in the [Support Portal](https://www.splunk.com/en_us/support-and-services.html) and include \"Splunk Enterprise SDK for Python\" in the subject line.\n\n   If you are not covered under an existing maintenance/support agreement, you can find help through the broader community at [Splunk Answers](https://community.splunk.com/t5/Splunk-Development/ct-p/developer-tools).\n\n*  Splunk will NOT provide support for SDKs if the core library (the code in the \u003cb\u003e/splunklib\u003c/b\u003e directory) has been modified. If you modify an SDK and want support, you can find help through the broader community and [Splunk Answers](https://community.splunk.com/t5/Splunk-Development/ct-p/developer-tools). \n\n   We would also like to know why you modified the core library, so please send feedback to _devinfo@splunk.com_.\n\n*  File any issues on [GitHub](https://github.com/splunk/splunk-sdk-python/issues).\n\n### Contact Us\n\nYou can reach the Splunk Developer Platform team at _devinfo@splunk.com_.\n\n## License\n\nThe Splunk Enterprise Software Development Kit for Python is licensed under the Apache License 2.0. See [LICENSE](LICENSE) for details.\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fsplunk-sdk-python","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsplunk%2Fsplunk-sdk-python","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fsplunk-sdk-python/lists"}