{"id":4267,"library":"splunk-sdk","title":"Splunk SDK for Python","description":"The Splunk Software Development Kit for Python allows developers to programmatically interact with the Splunk platform's REST API. It provides a Pythonic interface for searching data, managing configurations, working with indexes and inputs, and building custom applications. The library is actively maintained with frequent minor releases and bug fixes.","status":"active","version":"2.1.1","language":"en","source_language":"en","source_url":"https://github.com/splunk/splunk-sdk-python","tags":["splunk","sdk","api-client","data-management","logging","rest-api"],"install":[{"cmd":"pip install splunk-sdk","lang":"bash","label":"Install with pip"}],"dependencies":[{"reason":"Used for handling deprecation warnings within the SDK. It was explicitly moved as a dependency in version 2.0.1.","package":"deprecation","optional":false}],"imports":[{"note":"The `splunklib.client` module is the primary entry point for connecting to a Splunk instance and accessing its resources.","symbol":"client","correct":"import splunklib.client as client"}],"quickstart":{"code":"import os\nimport splunklib.client as client\n\n# Configure connection details using environment variables or replace directly\nHOST = os.environ.get('SPLUNK_HOST', 'localhost')\nPORT = int(os.environ.get('SPLUNK_PORT', 8089))\nUSERNAME = os.environ.get('SPLUNK_USERNAME', 'admin')\nPASSWORD = os.environ.get('SPLUNK_PASSWORD', 'your_password') # Use a strong password or token in production\n\ntry:\n    # Connect to Splunk\n    service = client.connect(\n        host=HOST,\n        port=PORT,\n        username=USERNAME,\n        password=PASSWORD,\n        autologin=True,\n        # Set verify=False for self-signed certificates in development, but not recommended for production\n        # verify=False # Example: os.environ.get('SPLUNK_SSL_VERIFY', 'true').lower() == 'true'\n    )\n\n    # Print connected user and Splunk version\n    print(f\"Connected as: {service.username}\")\n    print(f\"Splunk version: {service.info['version']}\")\n\n    # List available apps\n    print(\"\\nAvailable apps:\")\n    for app in service.apps:\n        print(f\"- {app.name}\")\n\nexcept Exception as e:\n    print(f\"Error connecting to Splunk: {e}\")\n    print(\"Please ensure Splunk is running and connection details (host, port, username, password) are correct.\")\n    print(\"For self-signed certificates, you might need to set verify=False (not recommended for production).\")\n","lang":"python","description":"This quickstart demonstrates how to connect to a Splunk Enterprise instance using username and password authentication, and then lists the installed applications. It uses environment variables for credentials, which is a common practice for security."},"warnings":[{"fix":"Migrate your code to Python 3 and ensure all dependencies are Python 3 compatible. Review the 2.0.0 release notes for specific changes.","message":"Version 2.0.0 removed all Python 2 compatibility, including the `six.py` dependency and `__future__` imports. Applications developed for Python 2 using older SDK versions will break.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"Review Splunk's API documentation for Search API v2.0 and update your SDK usage accordingly to ensure compatibility with modern Splunk Enterprise versions.","message":"Splunk Enterprise 10.0 (and later) has deprecated and deactivated Search API v1.0 endpoints, urging migration to Search API v2.0. Applications relying on older SDK methods that implicitly use v1.0 may encounter breaking changes when connecting to newer Splunk instances.","severity":"breaking","affected_versions":">=2.0.0 (when interacting with Splunk Enterprise >=10.0)"},{"fix":"Remove any usage of `wrap_socket`. Implement custom HTTP handlers if specific socket wrapping functionality is required.","message":"The `wrap_socket` method in the `Context` class was deprecated and subsequently removed in version 2.1.0.","severity":"deprecated","affected_versions":">=2.1.0 (removal)"},{"fix":"For production, ensure valid SSL certificates are used or configure certificate trust appropriately. For development/testing with self-signed certs, set `verify=False` in `client.connect` with caution.","message":"Connecting to Splunk using HTTPS with self-signed certificates might lead to SSL verification errors. While explicit support for self-signed certificates was added in 2.1.0, developers might still need to configure the `verify` parameter in `client.connect` (e.g., set to `False` for testing) or properly manage certificates. Setting `verify=False` is not recommended for production environments.","severity":"gotcha","affected_versions":"All"},{"fix":"For production deployments, use secure methods for credential management, such as environment variables, secrets management services, or Splunk's built-in authentication mechanisms (e.g., bearer tokens, session keys) directly in your application code.","message":"The SDK's `.env` file for storing connection credentials is strictly for development convenience and should NOT be used for production credentials due to security risks.","severity":"gotcha","affected_versions":"All"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}