splunklib

raw JSON →
1.0.0 verified Mon Apr 27 auth: no python

A simple library for performing Splunk search automation. Provides a thin wrapper around Splunk's REST API to execute searches and retrieve results. Current version 1.0.0, released in 2022, with no recent updates.

pip install splunklib

Common errors

error AttributeError: module 'splunklib' has no attribute 'SplunkClient'
cause Incorrect import or outdated version.
fix
Ensure you installed splunklib (pip install splunklib) and import from splunklib import SplunkClient.
error ConnectionError: Failed to establish a new connection: [Errno 111] Connection refused
cause Splunk server is not reachable or wrong host/port.
fix
Check host, port, and that Splunk REST API is accessible (default port 8089).

Warnings

gotcha The library uses urllib3's disable_warnings() by default, which disables SSL certificate verification. Always set verify=False explicitly or handle certificates yourself.
fix Pass verify=False or configure SSL context.
gotcha Server host must not include 'http://' or 'https://' prefix; only the hostname or IP is accepted.
fix Use 'splunk.example.com' not 'https://splunk.example.com'.
gotcha The library does not support Splunk authentication tokens; only username/password basic auth.
fix Use username and password parameters.

Imports

Quickstart

Basic example: connect to Splunk, run a search, and print results.

from splunklib import SplunkClient

client = SplunkClient(
    host='splunk.example.com',
    port=8089,
    username='admin',
    password='changeme',
    scheme='https'
)
search_query = 'search index=main | head 10'
results = client.search(search_query)
for result in results:
    print(result)
last verified Mon Apr 27
next check Sun Jul 26