I am pleased to announce that we have just released the Splunk Python SDK beta. This release contains significant updates that make it even easier to build applications on top of Splunk using Python.
- Improvements to entity state management
- Improvements to usability of entity collections
- Support for collection paging – collections now support the paging arguments: count, offset, search, sort_dir, sort_key and sort_mode. Note that Inputs and Jobs are not pageable collections and only support basic enumeration and iteration.
- Support for event types:
- Added Service.event_types + units
- Added examples/event_types.py
- Support for fired alerts:
- Added Service.fired_alerts + units
- Added examples/fired_alerts.py
- Support for saved searches:
- Added Service.saved_searches + units
- Added examples/saved_searches.py
- Sphinx based SDK API docs and improved source code docstrings.
- Support for IPv6 – it is now possible to connect to a Splunk instance listening on an IPv6 address.
We do our best to minimize the number of breaking changes in each release. If you were using the preview release of the Python SDK, there are some breaking changes that you should be aware of. More details on the changes can be found in our change log on GitHub.
The core module was renamed from splunk to splunklib. The Splunk product ships with an internal Python module named splunk and the name conflict with the SDK prevented installing the SDK into Splunk Python sandbox for use by Splunk extensions. This module name change enables the Python SDK to be installed on the Splunk server.
The client module was modified to enable Entity state caching which required changes to the Entity interface and changes to the typical usage pattern.
The Collection interface was changed so that Collection.list and the corresponding collection callable return a list of member Entity objects instead of a list of member entity names. This change was a result of user feedback indicating that people expected to see eg: service.apps() return a list of apps and not a list of app names.
Previously the binding context (binding.Context) and all tests & samples took a single (optional) namespace argument that specified both the app and owner names to use for the binding context. However, the underlying Splunk REST API takes these as separate app andowner arguments and it turned out to be more convenient to reflect these arguments directly in the SDK, so the binding context (and all samples & test) now take separate (and optional) app and owner arguments instead of the prior namespace argument.
Getting Started & Staying Connected
Watch and fork Splunk’s Python SDK on GitHub. Learn more about how to get started with the Python SDK on our developer site. Stay up to date on the latest developments by following us on Twitter at @splunkdev