### Running Testing Quickstart using Docker and Make - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/python/README.md Executes a sequence of `make` commands designed to set up, wait for, test against, and then tear down a Splunk Enterprise instance using Docker and docker-compose. This provides a quick way to run the SDK examples and tests in an isolated environment. Requires Docker, docker-compose, and make to be installed and configured. ```Shell make up SPLUNK_VERSION=latest\nmake wait_up\nmake test\nmake down ``` -------------------------------- ### Starting Examples Docker Container (Shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/README.md This command executes the 'up' target defined in the project's Makefile. Its purpose is to build and start the necessary Docker containers to run the Splunk app examples locally. This requires 'make' and Docker to be installed and configured on the system. ```Shell make up ``` -------------------------------- ### Running Browser Examples NPM Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/README.md Command to start a simple web server and open the browser-based Splunk App JavaScript examples page. This command is run from the /splunk-app-examples/javascript directory. ```Shell npm run browser-examples ``` -------------------------------- ### Starting Example Services (Shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/eventingsearchcommands_app/README.md Executes the `make up` command from the repository root to start the necessary services for running the Splunk app example locally. This command is typically used with a Makefile to orchestrate container startup or other setup tasks. ```shell make up ``` -------------------------------- ### Starting Splunk App Docker Containers - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/streamingsearchcommands_app/README.md This shell command uses a Makefile to orchestrate the setup and startup of Docker containers required for running the Splunk streaming search command example. It is the first step in setting up the local environment. Requires `make` and Docker installed. ```shell make up ``` -------------------------------- ### Installing Node.js Dependencies NPM Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/README.md Command to install the required Node.js packages for the Splunk App JavaScript SDK examples using npm. This command should be executed from the /splunk-app-examples/javascript directory. ```Shell npm install ``` -------------------------------- ### Run Initial Project Setup with Yarn Source: https://github.com/splunk/splunk-app-examples/blob/master/setup_pages/SUIT-setup-page-example/README.md Execute this command from the project's root directory using Yarn to perform the initial setup routine. This process typically installs dependencies across all packages and enables the use of other development scripts. This step is mandatory before running tasks like `start` or `build`. ```bash yarn run setup ``` -------------------------------- ### Get Help for Python SDK Example - Command Line Source: https://github.com/splunk/splunk-app-examples/blob/master/python/README.md Displays the command-line arguments, options, and usage information for a specific Splunk Python SDK example script. This is achieved by passing the `--help` argument when executing the script and is useful for understanding the example's functionality and required inputs. ```Command Line python examplename.py --help ``` -------------------------------- ### Starting Splunk Example Environment Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/random_numbers/README.md Executes the `make up` command from the project root, which typically uses a Makefile to build and start Docker containers required for the example, including Splunk. This is the first step to run the example locally. Requires `make` and `docker` installed. ```shell make up ``` -------------------------------- ### Installing Splunk Python SDK via pip - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/python/README.md Installs the Splunk Enterprise SDK for Python using the pip package manager. This is a necessary prerequisite for running the examples and tests. Requires pip to be installed; `sudo` may be needed depending on system configuration and installation location. ```Shell [sudo] pip install splunk-sdk ``` -------------------------------- ### Navigate to Python Directory and Install Tox (for testing) - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/python/README.md First changes the current directory to the `python` directory where the tests are located, then installs the `tox` testing tool using pip. Tox is required to run the included unit tests for the Splunk SDK examples. Requires pip and access to the 'python' directory. ```Shell cd python\n[sudo] pip install tox ``` -------------------------------- ### Starting Splunk Example Services (shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/generatingsearchcommands_app/README.md Executes the `make up` command from the repository root. This command typically starts the necessary Docker containers or services defined in a Makefile to run the Splunk app example. Prerequisites include having `make` and Docker installed. ```shell make up ``` -------------------------------- ### Running All Node.js Examples NPM Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/README.md Command to execute all the Splunk App JavaScript SDK Node.js command-line examples in a single run. This command is typically run from the /splunk-app-examples/javascript/ directory. ```Shell npm test ``` -------------------------------- ### Executing Makefile for Local Setup - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/github_commits/README.md This command executes the `up` target in the project's Makefile. It is the first step to set up and start the Splunk environment and the modular input example locally, likely using Docker Compose. ```shell make up ``` -------------------------------- ### Running Node.js Example with Credentials Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/README.md Command to execute a Node.js example while providing Splunk connection credentials (username and password) directly on the command line. This method is used when the .splunkrc file is not configured or present. ```Shell node jobs.js --username yourusername --password yourpassword list ``` -------------------------------- ### Run Python SDK Example with Username/Password Auth - Command Line Source: https://github.com/splunk/splunk-app-examples/blob/master/python/README.md Executes a specific Splunk Python SDK example script (`examplename.py`) from the command line, explicitly providing authentication details using the `--username` and `--password` arguments. This method is an alternative to using a `.env` file. Requires a Python interpreter and access to the example script. ```Command Line python examplename.py --username=\"admin\" --password=\"changeme\" ``` -------------------------------- ### Starting Splunk Example Environment: Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/python/twitted/twitted/README.md Executes the `make up` command from the repository root to build and start the Docker containers required for the Splunk Twitter example app, including Splunk itself. This command is the first step in setting up the local environment. ```shell make up ``` -------------------------------- ### Running Dockerized Splunk via Make - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/customsearchcommands_app/README.md Executes the `make up` command from the repository root to build and start the Dockerized Splunk environment with the app pre-installed. This command simplifies the setup process required to run the examples. ```shell make up ``` -------------------------------- ### Running Specific Node.js Example Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/README.md Command to execute a specific Node.js example file, jobs.js, from the command line with a specific argument (list). This command is run from the /splunk-app-examples/javascript/node directory. ```Shell node jobs.js list ``` -------------------------------- ### Checking Running Docker Containers - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/streamingsearchcommands_app/README.md This shell command lists currently running Docker containers. It is used here to verify that the Splunk container started by `make up` is in a 'healthy' state before proceeding with testing the app. Requires Docker installed. ```shell docker ps ``` -------------------------------- ### .splunkrc File Path Windows Example Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/README.md Example file path indicating where to save the .splunkrc configuration file on Windows systems. The path should be updated with the actual current username. This is not a command to run, but an example file location. ```Shell C:\Users\currentusername\.splunkrc ``` -------------------------------- ### Configuring Splunk Connection via .splunkrc File Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/README.md Example content for the .splunkrc convenience file used by Splunk SDK examples and unit tests. This file stores Splunk connection details like host, port, username, and password, allowing examples to run without specifying these values on the command line. It's intended only for development convenience and should not be used for production credentials. ```Configuration File # Splunk Enterprise host (default: localhost) host=localhost # Splunk Enterprise admin port (default: 8089) port=8089 # Splunk Enterprise username username=admin # Splunk Enterprise password password=changed! # Access scheme (default: https) scheme=https # Your version of Splunk Enterprise version=8.2 ``` -------------------------------- ### Install Yarn Globally using npm Source: https://github.com/splunk/splunk-app-examples/blob/master/setup_pages/SUIT-setup-page-example/README.md This command uses the Node Package Manager (npm) to install Yarn, a package manager, globally on your system. Yarn is a prerequisite for managing dependencies and running project-specific scripts in this repository. ```bash npm install --global yarn ``` -------------------------------- ### Creating .splunkrc File Windows CMD Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/README.md Command to open Notepad and create a new file named .splunkrc in the current directory on Windows via the command prompt. This can be used as a workaround if Windows Explorer makes it difficult to name the file starting with a dot. ```Shell Notepad.exe .splunkrc ``` -------------------------------- ### .splunkrc File Path OS X Example Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/README.md Example file path indicating where to save the .splunkrc configuration file on OS X systems. The tilde (~) represents the current user's home directory. This is not a command to run, but an example file location. ```Shell ~/.splunkrc ``` -------------------------------- ### Navigate to Python Examples Directory (before running examples) - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/python/README.md Changes the current working directory to the `python` directory within the repository. This directory contains the Splunk SDK example scripts that can be executed from the command line. ```Shell cd python ``` -------------------------------- ### Checking Running Docker Containers - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/github_forks/README.md Runs the 'docker ps' command to list active Docker containers. This confirms that the containers, particularly the Splunk container started by 'make up', are running correctly and are in a healthy state before proceeding with the application setup in Splunk. ```shell docker ps ``` -------------------------------- ### Starting Splunk Development Environment - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/github_forks/README.md Executes the 'make up' command from the repository root. This command typically uses Docker Compose to build and start the necessary containers for running the Splunk modular input example locally, including the Splunk instance itself. It prepares the environment for testing and configuration. ```shell make up ``` -------------------------------- ### Run Python SDK Example with Session Key Auth - Command Line Source: https://github.com/splunk/splunk-app-examples/blob/master/python/README.md Executes a Splunk Python SDK example script using a session key for authentication, passed via the `--sessionKey` command-line argument. This method allows authentication using an existing Splunk session key. Requires a valid session key and a Python interpreter. ```Command Line python examplename.py --sessionKey=\"\" ``` -------------------------------- ### Starting Splunk App Environment with Makefile (Shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/reportingsearchcommands_app/README.md Executes the 'up' target defined in the project's Makefile, typically used to start the necessary services, often via Docker Compose, for running the Splunk app example locally. This command assumes Docker and a configured Makefile are present in the repository root. ```shell make up ``` -------------------------------- ### Running the Splunk API Explorer Python Script Source: https://github.com/splunk/splunk-app-examples/blob/master/python/explorer/README.md This snippet provides the command to execute the Splunk API explorer script. It starts the local server and opens a browser window for the interactive explorer. Configuration values are loaded from a `.env` file or passed via command-line arguments. ```Shell ./explorer.py ``` -------------------------------- ### Run Python SDK Example using .env Configuration - Command Line Source: https://github.com/splunk/splunk-app-examples/blob/master/python/README.md Executes a Splunk Python SDK example script without specifying explicit authentication arguments on the command line. In this case, the script is configured to load connection and credential details automatically from a `.env` file if it exists. Requires a Python interpreter and a configured `.env` file. ```Command Line python examplename.py ``` -------------------------------- ### Checking Docker Container Status (shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/generatingsearchcommands_app/README.md Runs the `docker ps` command to list active Docker containers. This is used to confirm that the Splunk container started by `make up` is running correctly and is in a 'healthy' state before proceeding. Requires Docker to be installed and running. ```shell docker ps ``` -------------------------------- ### Run Splunk Python SDK Unit Tests with Tox - Command Line Source: https://github.com/splunk/splunk-app-examples/blob/master/python/README.md Executes the Splunk Python SDK unit tests located in the `/tests` directory using the `tox` test automation tool. The `-e py` argument specifies the Python environment configured in the tox configuration. Requires tox to be installed and executed from the 'python' directory. ```Command Line tox -e py ``` -------------------------------- ### Example .env Configuration for Splunk SDK Examples - dotenv Source: https://github.com/splunk/splunk-app-examples/blob/master/python/README.md Provides an example structure for a `.env` file used to store Splunk Enterprise connection details (host, port, scheme, version) and credentials (username, password, tokens). This file allows SDK examples to read these values automatically during development without requiring command-line arguments, though storing credentials here is not recommended for production. ```dotenv # Splunk Enterprise host (default: localhost)\nhost=localhost\n# Splunk Enterprise admin port (default: 8089)\nport=8089\n# Splunk Enterprise username\nusername=admin\n# Splunk Enterprise password\npassword=changed!\n# Access scheme (default: https)\nscheme=https\n# Your version of Splunk Enterprise\nversion=8.0\n# Bearer token for authentication\n#splunkToken=\n# Session key for authentication\n#token= ``` -------------------------------- ### Run Python SDK Example with Bearer Token Auth - Command Line Source: https://github.com/splunk/splunk-app-examples/blob/master/python/README.md Executes a Splunk Python SDK example script using Bearer token authentication by providing the token value via the `--bearerToken` command-line argument. This is an alternative authentication method to username/password or session key. Requires a valid Bearer token and a Python interpreter. ```Command Line python examplename.py --bearerToken= ``` -------------------------------- ### Checking Running Docker Containers Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/random_numbers/README.md Executes the `docker ps` command to list currently running Docker containers. This is used here specifically to check if the Splunk container started by `make up` is running and in a healthy state before proceeding with configuration. Requires `docker` installed. ```shell docker ps ``` -------------------------------- ### Starting React Development Server (Shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/browser/create-splunk-react-app/README.md This command runs the React application in development mode. It starts a local server, typically at `https://localhost:3000`, and includes features like hot module replacement and lint error display. It requires Yarn to be installed. ```Shell yarn start ``` -------------------------------- ### Verifying Docker Container Status (Shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/reportingsearchcommands_app/README.md Lists all running Docker containers. Used to confirm that the Splunk service, started by the previous command (`make up`), is running and in a healthy state before attempting to access the Splunk web interface. ```shell docker ps ``` -------------------------------- ### Verifying Splunk Docker Status: Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/python/twitted/twitted/README.md Runs the `docker ps` command to list currently running Docker containers. This is used to confirm that the Splunk container started in the previous step is in a healthy state and accessible. ```shell docker ps ``` -------------------------------- ### Checking Docker Container Status - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/github_commits/README.md This command lists running Docker containers. It is used to verify that the Splunk container started in the previous step is running and healthy before proceeding with configuration. ```shell docker ps ``` -------------------------------- ### Generating Test Data and Executing Streaming Command - Splunk SPL Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/streamingsearchcommands_app/README.md This Splunk Search Processing Language (SPL) query demonstrates the custom streaming search command `streamingcsc`. It first generates 5 test events with a random 'celsius' field and then pipes them to the `streamingcsc` command, which is expected to add a 'fahrenheit' field. Requires the `streamingcsc` app to be installed and enabled in Splunk. ```splunk_spl | makeresults count=5 | eval celsius = random()%100 | streamingcsc ``` -------------------------------- ### Listing Applications (Python) Source: https://github.com/splunk/splunk-app-examples/blob/master/python/analytics/README.md Executes a query using the `AnalyticsRetriever` to fetch and print a list of all distinct application names that have logged data into Splunk. This provides an overview of the different data sources available through the retriever. ```python print retriever.applications() ``` -------------------------------- ### Checking Docker Container Status - Shell Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/customsearchcommands_app/README.md Runs the `docker ps` command to list running Docker containers. This step is used to verify that the Splunk container started by the `make up` command is in a `healthy` state before proceeding to log into the Splunk UI. ```shell docker ps ``` -------------------------------- ### Initializing Analytics Tracker (Python) Source: https://github.com/splunk/splunk-app-examples/blob/master/python/analytics/README.md Demonstrates how to create an instance of the `AnalyticsTracker` class, which handles logging analytics events to Splunk. It requires specifying an application name (namespace) and Splunk connection options. This tracker is used to log events specific to the given application. ```python from analytics.input import AnalyticsTracker splunk_opts = ... tracker = AnalyticsTracker("myapp", splunk_opts) ``` -------------------------------- ### Getting Events Over Time (All) (Python) Source: https://github.com/splunk/splunk-app-examples/blob/master/python/analytics/README.md Executes a Splunk query through the `AnalyticsRetriever` to aggregate and retrieve the counts of all events over time, typically grouped by a default time range like a month. This provides a general trend of activity across all tracked events. ```python print retriever.events_over_time() ``` -------------------------------- ### Initializing Analytics Retriever (Python) Source: https://github.com/splunk/splunk-app-examples/blob/master/python/analytics/README.md Illustrates the creation of an `AnalyticsRetriever` instance, which is used to query and retrieve analytics data previously logged to Splunk. Similar to the Tracker, it requires an application name and Splunk connection options. This retriever allows fetching data related to the specified application. ```python from analytics.output import AnalyticsRetriever splunk_opts = ... retriever = AnalyticsRetriever("myapp", splunk_opts) ``` -------------------------------- ### Searching All Github Forks Input Data - SPL Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/github_forks/README.md A Splunk Search Processing Language (SPL) query designed to retrieve events from all configured instances of the 'github_forks' modular input. Using the wildcard '*' with the 'source' field allows searching across all repositories being monitored by this modular input. ```spl source="github_forks://*" ``` -------------------------------- ### Getting Events Over Time (Specific Event) (Python) Source: https://github.com/splunk/splunk-app-examples/blob/master/python/analytics/README.md Uses the `AnalyticsRetriever` to query for and retrieve the counts of a specific event type (e.g., "login") over time. This allows analyzing the temporal distribution and trends for individual event categories. ```python print retriever.events_over_time(event_name="login") ``` -------------------------------- ### Searching for All Modular Input Data - Splunk Search Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/github_commits/README.md This Splunk Search Processing Language (SPL) command searches for events from all configured instances of the `github_commits` modular input. It retrieves commit data collected by any configuration of this input type. ```Splunk Search source="github_commits://*" ``` -------------------------------- ### Checking Docker Container Status (Shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/eventingsearchcommands_app/README.md Runs the `docker ps` command to list currently running Docker containers. This is used to verify that the Splunk service required by the example is running and in a healthy state before proceeding. ```shell docker ps ``` -------------------------------- ### Extending SPL2 View with Lookup Command - SPL2 Source: https://github.com/splunk/splunk-app-examples/blob/master/spl2-sample-apps/sample_spl2_buttercup/README.md Illustrates how to extend the output of an SPL2 view (`products`) by applying a standard SPL `lookup` command. The example uses the `buttercup_suppliers_lookup` to enrich events by matching `supplierId` and outputting the `supplier_name`. This requires the `products` view and the `buttercup_suppliers_lookup` to be defined in the app. ```SPL2 | @spl2 from products | lookup buttercup_suppliers_lookup supplierId AS supplierID OUTPUTNEW supplier_name ``` -------------------------------- ### Running React App Tests (Shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/browser/create-splunk-react-app/README.md This command launches the test runner, usually Jest, in interactive watch mode. It allows developers to run tests written for the React application and provides feedback on test results. It requires Yarn and testing libraries to be installed. ```Shell yarn test ``` -------------------------------- ### Executing Custom Generating Search Command (SPL) Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/generatingsearchcommands_app/README.md Runs the custom Splunk generating search command `generatingcsc` provided by the example app within the Splunk search interface. This command takes a `count` parameter, which specifies the number of events to generate and return as results. ```SPL | generatingcsc count=4 ``` -------------------------------- ### Listing Event Types (Python) Source: https://github.com/splunk/splunk-app-examples/blob/master/python/analytics/README.md Queries Splunk via the `AnalyticsRetriever` to retrieve and display all unique event names (types) that have been logged across all applications accessible by the retriever. This helps understand the variety of events being tracked. ```python print retriever.events() ``` -------------------------------- ### Executing Hashtags Custom Command: Splunk SPL Source: https://github.com/splunk/splunk-app-examples/blob/master/python/twitted/twitted/README.md A Splunk Search Processing Language query that searches the `twitter` index and pipes the results to the custom `hashtags` command. This command extracts and lists all unique hashtags found in the tweets within the index. Requires the 'twitted' app to be installed. ```splunk_spl index="twitter" | hashtags ``` -------------------------------- ### Searching for Specific Modular Input Data - Splunk Search Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/github_commits/README.md This Splunk Search Processing Language (SPL) command searches for events originating from the `github_commits` modular input instance specifically named "python". It retrieves commit data collected by that particular input configuration. ```Splunk Search source="github_commits://python" ``` -------------------------------- ### Extending SPL2 View with Stats Command - SPL2 Source: https://github.com/splunk/splunk-app-examples/blob/master/spl2-sample-apps/sample_spl2_buttercup/README.md Demonstrates how to extend the results obtained from an SPL2 view (specifically, the `successful_purchases` view) by piping the output to the standard SPL `stats` command. This example calculates the count of events, grouped by `categoryId`. This requires the `successful_purchases` view to be defined within the app. ```SPL2 | @spl2 from successful_purchases | stats count() BY categoryId ``` -------------------------------- ### Using Simulate Search Command - Splunk SPL Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/customsearchcommands_app/README.md Demonstrates the `simulate` custom search command in Splunk SPL. It generates a sequence of events by repeatedly sampling with replacement from a specified CSV file (`population.csv`) based on parameters like generation rate, interval, duration, and a random seed. ```splunk-spl | simulate csv="/opt/splunk/etc/apps/customsearchcommands_app/default/data/population.csv" rate=10 interval=00:00:01 duration=00:00:02 seed=9 ``` -------------------------------- ### Listing Property Values (Python) Source: https://github.com/splunk/splunk-app-examples/blob/master/python/analytics/README.md Queries Splunk using the `AnalyticsRetriever` to find and list all unique values recorded for a specific property (`prop_name`) within a particular event type (`event_name`). This allows exploring the range of values a given property can take. ```python event_name = "login" prop_name = "useragent" print retriever.property_values(event_name, prop_name)) ``` -------------------------------- ### Using Generatetext Search Command - Splunk SPL Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/customsearchcommands_app/README.md Illustrates the `generatetext` custom search command in Splunk SPL. It creates a specified number of events (`count=3`), where each event contains the given text string (`text="Hello there"`) as its content. ```splunk-spl | generatetext count=3 text="Hello there" ``` -------------------------------- ### Executing Top Hashtags Custom Command: Splunk SPL Source: https://github.com/splunk/splunk-app-examples/blob/master/python/twitted/twitted/README.md A Splunk Search Processing Language query that searches the `twitter` index and uses the custom `tophashtags` command to find the most frequent hashtags. The `top=10` option specifies that only the top 10 hashtags should be returned. Requires the 'twitted' app to be installed. ```splunk_spl index="twitter" | tophashtags top=10 ``` -------------------------------- ### Listing Event Properties (Python) Source: https://github.com/splunk/splunk-app-examples/blob/master/python/analytics/README.md Uses the `AnalyticsRetriever` to query for all unique property keys (`key` names) associated with a specific event type (e.g., "login"). This helps identify the schema-less fields attached to events of a particular kind. ```python event_name = "login" print retriever.properties(event_name) ``` -------------------------------- ### Executing Splunk Chart Generation Script (Shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/python/dashboard/README.md This command executes the main Python script (`feed.py`) responsible for generating charts based on data indexed in Splunk. It might accept a command-line argument specifying the type of chart or data to process, as shown in the example `python feed.py tophashtags`. Ensure pandas and matplotlib are installed before running. ```shell python feed.py ``` ```shell python feed.py tophashtags ``` -------------------------------- ### Tracking Analytics Event (Python) Source: https://github.com/splunk/splunk-app-examples/blob/master/python/analytics/README.md Shows how to use the `track` method of the `AnalyticsTracker` instance to log a specific event, such as a "login". The method accepts the event name, an optional `distinct_id` for grouping, and arbitrary key-value properties for detailed event information. This logs the event data to Splunk via the tracker. ```python userid = ... username = ... useragent = ... tracker.track("login", distinct_id = user_id, "username"=username, "useragent"=useragent) ``` -------------------------------- ### Searching All Random Number Inputs Splunk Search Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/random_numbers/README.md A Splunk search query using the `source` field with a wildcard. It searches for events originating from the modular input type `random_numbers` across all configured instances, regardless of their specific names. Requires Splunk and the modular input configured. ```splunk-search source="random_numbers://*" ``` -------------------------------- ### Searching Specific Github Forks Input Data - SPL Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/github_forks/README.md A Splunk Search Processing Language (SPL) query used to retrieve events indexed by a specific instance of the 'github_forks' modular input. The 'source' field is used to filter events originating from the input named 'pythonforks' as configured in the Splunk UI. ```spl source="github_forks://pythonforks" ``` -------------------------------- ### Using Sum Search Command - Splunk SPL Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/customsearchcommands_app/README.md Shows how to use the `sum` custom search command in Splunk SPL within a pipeline. It retrieves data using `inputlookup`, calculates word counts using `countmatches`, and then sums the values in the `word_count` field, storing the total in a new field called `word_counts`. ```splunk-spl | inputlookup tweets | countmatches fieldname=word_count pattern="\\w+" text | sum total=word_counts word_count ``` -------------------------------- ### Using Countmatches Search Command - Splunk SPL Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/customsearchcommands_app/README.md Demonstrates the `countmatches` custom search command in Splunk SPL. It takes data from the `tweets` lookup, counts non-overlapping matches to a regular expression (`\w+`) in the `text` field, and stores the count in a new field named `word_count`. ```splunk-spl | inputlookup tweets | countmatches fieldname=word_count pattern="\\w+" text ``` -------------------------------- ### Executing Custom Reporting Search Command (Splunk) Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/reportingsearchcommands_app/README.md Runs a Splunk Search Processing Language (SPL) query. It first generates 10 sample events with random numerical fields (`math`, `eng`, `cs`) using `makeresults` and `eval`. These events are then piped to the custom `reportingcsc` command, which counts events where the sum of the three fields exceeds the specified `cutoff` parameter (150). ```splunk | makeresults count=10 | eval math=random()%100, eng=random()%100, cs=random()%100 | reportingcsc cutoff=150 math eng cs ``` -------------------------------- ### Searching Specific Random Number Input Splunk Search Source: https://github.com/splunk/splunk-app-examples/blob/master/modularinputs/python/random_numbers/README.md A Splunk search query using the `source` field to filter events. It looks for events originating from the modular input identified by the source `random_numbers` and specifically the input instance named `randomnumber`, which was configured in the Splunk UI. Requires Splunk and the configured modular input. ```splunk-search source="random_numbers://randomnumber" ``` -------------------------------- ### Querying with Custom Eventing Command (Splunk Search) Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/eventingsearchcommands_app/README.md A Splunk search query that first retrieves events from the `_internal` index, limits the results to 4000 events using `head`, and then applies the custom `eventingcsc` command to filter results where the `status` field equals `200`. This demonstrates the custom command's filtering capability on the dataset. ```splunk-search index="_internal" | head 4000 | eventingcsc status=200 ``` -------------------------------- ### Using Filter Search Command - Splunk SPL Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/customsearchcommands_app/README.md Shows how to use the `filter` custom search command in Splunk SPL. It first generates events using `generatetext`, then filters those events based on whether they contain the string "there" and replaces occurrences of "there" with "World" using the provided `replace_array`. ```splunk-spl | generatetext count=3 text="Hello there" | filter contains="there" replace_array="there,World" ``` -------------------------------- ### Executing Twitter Data Collector Script (Shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/python/twitted/README.md This command executes the main Python script responsible for collecting tweets from the Twitter stream API and sending them to a Splunk HTTP Event Collector endpoint. The script will interactively prompt the user for both the Twitter bearer token and the Splunk HEC token required for authentication and data submission. ```shell python input.py ``` -------------------------------- ### Building React App for Production (Shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/browser/create-splunk-react-app/README.md This command builds the React application for production deployment. It bundles, minifies, and optimizes the code, placing the output files in the `build` folder, ready to be served as a static site. It requires Yarn and build dependencies. ```Shell yarn build ``` -------------------------------- ### Querying SPL2 View from Splunk Web Search Bar - SPL2 Source: https://github.com/splunk/splunk-app-examples/blob/master/spl2-sample-apps/sample_spl2_buttercup/README.md Shows the basic syntax for running a defined SPL2 view directly from the Splunk Web search bar using the `@spl2 from` command. This requires a pre-release version of Splunk Enterprise that supports SPL2 applications. The output will be the results returned by the specified view. ```SPL2 | @spl2 from ``` -------------------------------- ### Running a Splunk View using SPL2 Source: https://github.com/splunk/splunk-app-examples/blob/master/spl2-sample-apps/sample_spl2_pii_masking/README.md This SPL2 command demonstrates the basic syntax for executing a specific view within a Splunk application directly from the search bar. It runs the view named `masked_view`, which is configured to mask sensitive data like email addresses. ```SPL2 | @spl2 from masked_view ``` -------------------------------- ### Running Masked Login View using SPL2 Source: https://github.com/splunk/splunk-app-examples/blob/master/spl2-sample-apps/sample_spl2_pii_masking/README.md This SPL2 command executes the `failed_logins_masked` view. This view processes the same failed login events dataset but applies masking to sensitive fields (like email addresses), demonstrating how to provide a PII-safe view of data. ```SPL2 | @spl2 from failed_logins_masked ``` -------------------------------- ### Ejecting Create React App Configuration (Shell) Source: https://github.com/splunk/splunk-app-examples/blob/master/javascript/browser/create-splunk-react-app/README.md This is a one-way command that removes the Create React App build dependency and copies all configuration files (webpack, Babel, ESLint, etc.) into the project directory. It provides full control over the build process but means the project will no longer receive updates from `react-scripts`. Requires Yarn. ```Shell yarn eject ``` -------------------------------- ### Running Unmasked Login View using SPL2 Source: https://github.com/splunk/splunk-app-examples/blob/master/spl2-sample-apps/sample_spl2_pii_masking/README.md This SPL2 command executes the `failed_logins_unmasked` view. This view returns a dataset of failed login events without applying any data masking, allowing users with appropriate permissions to see the original sensitive data. ```SPL2 | @spl2 from failed_logins_unmasked ``` -------------------------------- ### Manually Triggering Slack Alert Action in Splunk Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_alert_actions/slack_alerts/README.md This SPL command manually triggers the configured 'slack' alert action. It's used to test the configuration or preview message formats without relying on a scheduled alert. Parameters include 'param.channel' to specify the Slack channel and 'param.message' for the message content. This command is typically entered into the Splunk search bar. ```Splunk Search Processing Language | sendalert slack param.channel="#mychannel" param.message="Lorem ipsum" ``` -------------------------------- ### Accessing Splunk Service Object in Python Generating CSC Source: https://github.com/splunk/splunk-app-examples/blob/master/custom_search_commands/python/README.md Demonstrates how to access the Splunk service object within the `generate` method of a Python-based Generating Custom Search Command. The `self.service` attribute provides an instance that can be used to interact with the Splunk Service API, such as retrieving Splunk instance information. This object is made available to the main command execution methods like `generate`, `transform`, `stream`, or `reduce`. ```Python def generate(self): # other code # access service object that can be used to connect Splunk Service service = self.service # to get Splunk Service Info info = service.info ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.