link:
http://dev.splunk.com/view/python-sdk/SP-CAAAER5
download SDK & setup with python
code:
import splunklib.client as client import splunklib.results as results import time
start = time.time()
HOST = "hostname"
PORT = 8089
USERNAME = "username"
PASSWORD = "password"
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)
kwargs_oneshot = {"earliest_time": "2017-07-01T12:00:00.000",
"latest_time": "2017-07-09T12:00:00.000",
"exec_mode": "blocking"} # ,'search_mode': 'normal'
searchquery_oneshot = "search index=networkname netlinename|table rowname"
search_results = service.jobs.create(searchquery_oneshot, **kwargs_oneshot)
# Get the results and display them using the ResultsReader
rr = search_results.results(**{'count': 0})
reader = results.ResultsReader(rr)
inbound = []
outbound = []
for item in reader:
_raw_list = str(item['_raw'])
# print _raw_list
inbound.append(_raw_list.split(",")[3])
outbound.append(_raw_list.split(",")[4])
# print inbound
# print outbound
print "inLen", len(inbound)
print "outLen", len(outbound)
print str(int(time.time() - start))