python - splunklib.binding.HTTPError：HTTP 400 错误请求 - 未知搜索命令“索引”

问题描述

运行搜索命令时出错

在使用 splunk 企业时，我想从后端运行搜索命令，关键字是“index =”。当我运行这个命令时，我得到了结果，但是当我在我的代码中添加这个命令时，我得到“splunklib.binding.HTTPError: HTTP 400 Bad Request -- Unknown search command 'index'”。我能够登录 splunk 企业并运行基本搜索命令“search * | head 100”

def normal_search():
    #searchquery_normal = "search * | head 10"
    searchquery_normal = "index = some_tool_name"
    kwargs_normalsearch = {"exec_mode": "normal"}
    job = service.jobs.create(searchquery_normal, **kwargs_normalsearch)

    # A normal search returns the job's SID right away, so we need to poll for completion
    while True:
        while not job.is_ready():
            pass
        stats = {"isDone": job["isDone"],
                 "doneProgress": float(job["doneProgress"])*100,
                  "scanCount": int(job["scanCount"]),
                  "eventCount": int(job["eventCount"]),
                  "resultCount": int(job["resultCount"])}

        status = ("\r%(doneProgress)03.1f%%   %(scanCount)d scanned   "
                  "%(eventCount)d matched   %(resultCount)d results") % stats

        sys.stdout.write(status)
        sys.stdout.flush()
        if stats["isDone"] == "1":
            sys.stdout.write("\n\nDone!\n\n")
            break
        sleep(2)

    # Get the results and display them
    for result in results.ResultsReader(job.results()):
        print result

    job.cancel()   
    sys.stdout.write('\n')

预期：没有错误实际：splunklib.binding.HTTPError：HTTP 400 错误请求 - 未知搜索命令“索引”

.

标签： pythonsplunk-sdk