Dev into Splunk
how to develop world-changing applications with Splunk
discussion group · report a bug
Subscribe to splunkdev group
Email:

Object SDK

The Splunk Object SDK provides the developer with a simple way to put objects into Splunk and retrieve them. In a distributed environment, for example, you could have trillions of objects put into Splunk and retrieve specific objects exceedingly fast, or perform analysis on them.

The Object SDK is currently available in Python, and Java and .NET will follow shortly. The examples below are in Python, but should be understandable and similar to the other versions. 

      # get a session
      session = SSession('https://10.0.0.7:8089', 'admin', 'changeme')
      # make an instance of my object
      myEmployee = MyEmployeeClass(name='bob smith', employer='splunk', age=25 ...)
      # splunk stores my object
      session.put(myEmployee)
      ...
      # get back a list MyEmployeeClass objects for each Splunk employee
      splunkEmployees = session.get('MyEmployeeClass', employer='splunk')
      ...
      # search for all employees, calculating the average age per employer
      results = session.get('MyEmployeeClass, postsearch='stats avg(age) by employer')
      for result in results:
          print "Employer: %s AvgAge: %s" % (result['employer'], result['avg(age)'])

The Splunk Object SDK is new, so feedback is appreciated. We'll try to make right any problems you encounter.


© 2005-2010 Splunk Inc.