运行搜索命令时出错
在使用 splunk 企业时,我想从后端运行搜索命令,关键字是“index =”。当我运行这个命令时,我得到了结果,但是当我在我的代码中添加这个命令时,我得到“splunklib.binding.HTTPError: HTTP 400 Bad Request -- Unknown search command 'index'”。我能够登录 splunk 企业并运行基本搜索命令“search * | head 100”
def normal_search():
#searchquery_normal = "search * | head 10"
searchquery_normal = "index = some_tool_name"
kwargs_normalsearch = {"exec_mode": "normal"}
job = service.jobs.create(searchquery_normal, **kwargs_normalsearch)
# A normal search returns the job's SID right away, so we need to poll for completion
while True:
while not job.is_ready():
pass
stats = {"isDone": job["isDone"],
"doneProgress": float(job["doneProgress"])*100,
"scanCount": int(job["scanCount"]),
"eventCount": int(job["eventCount"]),
"resultCount": int(job["resultCount"])}
status = ("\r%(doneProgress)03.1f%% %(scanCount)d scanned "
"%(eventCount)d matched %(resultCount)d results") % stats
sys.stdout.write(status)
sys.stdout.flush()
if stats["isDone"] == "1":
sys.stdout.write("\n\nDone!\n\n")
break
sleep(2)
# Get the results and display them
for result in results.ResultsReader(job.results()):
print result
job.cancel()
sys.stdout.write('\n')
预期:没有错误实际:splunklib.binding.HTTPError:HTTP 400 错误请求 - 未知搜索命令“索引”
.