What's new in the Splunk SDK for Python

The current version of the Splunk SDK for Python is 1.6.3. This topic summarizes the changes included in each version of the SDK.

Note: For a detailed list of new features and APIs, breaking changes, and other changes, see the Splunk SDK for Python Changelog (/splunk-sdk-python/changelog.md).


Version 1.6.3 of the Splunk SDK for Python (2018-03-16) contains the following changes since the last release:

Support for Python 3.x has been added for external integrations with the Splunk platform. However, because Splunk Enterprise 7+ still includes Python 2.7.x, any apps or scripts that run on the Splunk platform must continue to be written for Python 2.7.x.

The following bugs have been fixed:

  • Search commands error - ERROR ChunkedExternProcessor - Invalid custom search command type: eventing.
  • Search commands running more than once for certain cases.
  • Search command protocol v2 inverting the distributed configuration flag.


Version 1.6.2 of the Splunk SDK for Python (2017-01-04) contains the following changes since the last release:

Minor changes:

  • Use relative imports throughout the the SDK.
  • Performance improvement when constructing Input entity paths.


Here's what was new in version 1.6.1 of the Splunk SDK for Python (2016-12-01):

Bug fixes:

  • Fixed Search Commands exiting if the external process returns a zero status code (Windows only).
  • Fixed Search Command Protocol v2 not parsing the maxresultrows and command metadata properties.
  • Fixed double prepending the Splunk prefix for authentication tokens.
  • Fixed Index.submit() for namespaced Service instances.
  • Fixed uncaught AttributeError when accessing Entity properties (GitHub issue #131).

Minor changes:

  • Fixed broken tests due to expired SSL certificate.


Here's what was new in version 1.6.0 of the Splunk SDK for Python (2016-05-19):

New features and APIs:

  • Added support for KV Store.
  • Added support for HTTP basic authentication (GitHub issue #117).
  • Improve support for HTTP keep-alive connections (GitHub issue #122).

Bug fixes:

  • Fixed Python 2.6 compatibility (GitHub issue #141).
  • Fixed appending restrictToHost to UDP inputs (GitHub issue #128).

Minor changes:

  • Added support for Travis CI.
  • Updated the default test runner.
  • Removed shortened links from documentation and comments.


Here's what was new in version 1.5.0 of the Splunk SDK for Python (2015-10-01):

New features and APIs:

  • Added support for the new experimental Search Command Protocol v2, for Splunk 6.3.0 and later. Opt-in by setting chunked = true in commands.conf. See examples/searchcommands_app/package/default/commands-scpv2.conf.
  • Added support for invoking external search command processes. See examples/searchcommands_app/package/bin/pypygeneratext.py.
  • Added a new search command type: EventingCommand is the base class for commands that filter events arriving at a search head from one or more search peers. See examples/searchcommands_app/package/bin/filter.py.
  • Added splunklib logger so that command loggers can be configured independently of the splunklib.searchcommands module. See examples/searchcommands_app/package/default/logger.conf for guidance on logging configuration.
  • Added splunklib.searchcommands.validators.Match class for verifying that an option value matches a regular expression pattern.

Bug fixes:

  • GitHub issue 88: splunklib.modularinput, <done/> written even when done=False.
  • GitHub issue 115: splunklib.searchcommands.splunk_csv.dict_reader raises KeyError when supports_multivalues = True.
  • GitHub issue 119: None returned in _load_atom_entries.
  • Various other bug fixes/improvements for Search Command Protocol v1.
  • Various bug fixes/improvements to the full splunklib test suite


Here's what was new in version 1.4.0 of the SDK:

New features and APIs:

  • Added support for cookie-based authentication, for Splunk 6.2 and later.
  • Added support for installing as a Python egg.
  • Added a convenience Service.job() method to get a Job by its sid.

Bug fixes:

  • Restored support for Python 2.6.
  • Fix SearchCommands decorators and Validator classes.
  • Fix SearchCommands bug iterating over None in dict_reader.fieldnames.
  • Fixed JSON parsing errors.
  • Retain the type property when parsing Atom feeds.
  • Update non-namespaced server paths with a /services/ prefix. Fixes a bug where setting the owner or app on a Service could produce 403 errors on some REST API endpoints.
  • Modular input Scheme.title is now written correctly.
  • Client.connect will now always return a Service instance, even if user credentials are invalid.
  • Updated the saved_search/saved_search.py example to handle saved searches with names containing characters that must be URL encoded (ex: "Top 5 sourcetypes").

Minor changes:

  • Update modular input examples with readable titles.
  • Improvements to splunklib.searchcommands tests.
  • Various docstring and code style corrections.
  • Updated some tests to pass on Splunk 6.2 and later.


Here's what was new in version 1.3.1 of the SDK:

Bug fixes:

  • Hot fix to binding.py to work with Python 2.7.9, which introduced SSL certificate validation by default as outlined in PEP 476.
  • Update async, handler_proxy, and handler_urllib2 examples to work with Python 2.7.9 by disabling SSL certificate validation by default.


Here's what was new in version 1.3.0 of the SDK:

  • Added support for storage passwords.
  • Added a script (GenerateHelloCommand) to the searchcommand_app example to generate a custom search command.
  • Added a human readable title parameter to modularinput.Argument.
  • Renamed the searchcommand csv module to splunk_csv.


Here's what was new in version 1.2.3 of the SDK:

  • Improved error handling in custom search commands.
  • Made ResponseReader more stream-like, so that it can be wrapped in a buffered reader for a performance gain.
  • Bug fixes.


Here's what was new in version 1.2.2 of the SDK:

  • Bug fixes for autologin.


Here's what was new in version 1.2.1 of the SDK:

  • New features for building custom search commands.
  • New feature for building modular inputs.
  • Bug fixes and quality improvements.


Here's what was new in version 1.2 of the SDK:


Here's what was new in version 1.1 of the SDK:


Here's what was new in version 1.0 of the SDK:

  • Support for autologin to Splunk from the client.
  • Improved job management, including the ability to run export searches.
  • Added support for modular inputs, which is a new feature in Splunk 5.0.
  • Added a Role class, which includes easier management of capabilities.
  • Easier handling of streaming data to inputs.