OK, now that you've got the Splunk® SDK for Python installed, it's time to start playing with it.

Start with the ABC example

The Splunk SDK for Python consists of different modules that can interact with Splunkd (the service used for accessing, processing, indexing, and searching your data). The two modules that do most of the work are:

  • The binding module (splunklib.binding), which provides a thin abstraction over raw HTTP. It also handles authentication, remembers the session key, and appends the Authorization header to all requests.
  • The client module (splunklib.client), which builds on the binding module and provides an abstraction layer over the REST API, allowing you to access the endpoints.

So while we don't have an actual "Hello World" example, the ABC example (/splunk-sdk-python/examples/abc) in the Splunk SDK for Python provides some basic code examples to show how making calls using the REST API directly differs from using the Splunk SDK for Python. Each example retrieves a list of the installed Splunk apps, but the code gets progressively simpler as you go from using the REST API directly (a.py), to the binding layer (b.py), and then to the client layer (c.py). Before you run these examples, be sure to update the files with your own login credentials, which are hard coded and don't use the .splunkrc convenience file.

For more about the architecture of the Splunk SDK for Python, see The Splunk SDK for Python architecture.

Dig into the SDK examples

The Splunk SDK for Python has a lot more examples for you to try out. Go to the /splunk-sdk-python/examples directory, and you'll find a collection of command-line examples that cover the basic tasks, such as starting a Splunk session and logging in, running search queries and saved searches, working with indexes and inputs, and so on.

If you haven't found an example of how to use a specific API, check out the unit tests.