Splunk-sdk

New features and APIs

* Support for Python 3.x has been added for external integrations with the Splunk platform. However, because Splunk Enterprise 7+ still includes Python 2.7.x, any apps or scripts that run on the Splunk platform must continue to be written for Python 2.7.x.

Bug fixes

The following bugs have been fixed:

* Search commands error - `ERROR ChunkedExternProcessor - Invalid custom search command type: eventing`.

* Search commands running more than once for certain cases.

* Search command protocol v2 inverting the `distributed` configuration flag.

Minor changes

* Use relative imports throughout the SDK.

* Performance improvement when constructing `Input` entity paths.

Bug Fixes

* Fixed Search Commands exiting if the external process returns a zero status code (Windows only).

* Fixed Search Command Protocol v2 not parsing the `maxresultrows` and `command` metadata properties.

* Fixed double prepending the `Splunk ` prefix for authentication tokens.

* Fixed `Index.submit()` for namespaced `Service` instances.

* Fixed uncaught `AttributeError` when accessing `Entity` properties (GitHub issue 131).

Minor Changes

* Fixed broken tests due to expired SSL certificate.

New Features and APIs

* Added support for KV Store.

* Added support for HTTP basic authentication (GitHub issue 117).

* Improve support for HTTP keep-alive connections (GitHub issue 122).


Bug Fixes

* Fixed Python 2.6 compatibility (GitHub issue 141).

* Fixed appending restrictToHost to UDP inputs (GitHub issue 128).

Minor Changes

* Added support for Travis CI.

* Updated the default test runner.

* Removed shortened links from documentation and comments.

New features and APIs

* Added support for the new experimental Search Command Protocol v2, for Splunk 6.3+.

Opt-in by setting `chunked = true` in commands.conf. See `examples/searchcommands_app/package/default/commands-scpv2.conf`.

* Added support for invoking external search command processes.

See `examples/searchcommands_app/package/bin/pypygeneratext.py`.

* Added a new search command type: EventingCommand is the base class for commands that filter events arriving at a
search head from one or more search peers.

See `examples/searchcommands_app/package/bin/filter.py`.

* Added `splunklib` logger so that command loggers can be configured independently of the `splunklib.searchcommands`
module.

See `examples/searchcommands_app/package/default/logger.conf` for guidance on logging configuration.

* Added `splunklib.searchcommands.validators.Match` class for verifying that an option value matches a regular
expression pattern.

Bug fixes

* GitHub issue 88: `splunklib.modularinput`, `<done/>` written even when `done=False`.

* GitHub issue 115: `splunklib.searchcommands.splunk_csv.dict_reader` raises `KeyError` when `supports_multivalues = True`.

* GitHub issue 119: `None` returned in `_load_atom_entries`.

* Various other bug fixes/improvements for Search Command Protocol v1.

* Various bug fixes/improvements to the full splunklib test suite.

New features and APIs

* Added support for cookie-based authentication, for Splunk 6.2+.

* Added support for installing as a Python egg.

* Added a convenience `Service.job()` method to get a `Job` by its sid.

Bug fixes

* Restored support for Python 2.6 (GitHub issues 96 & 114).

* Fix `SearchCommands` decorators and `Validator` classes (GitHub issue 113).

* Fix `SearchCommands` bug iterating over `None` in `dict_reader.fieldnames` (GitHub issue 110).

* Fixed JSON parsing errors (GitHub issue 100).

* Retain the `type` property when parsing Atom feeds (GitHub issue 92).

* Update non-namespaced server paths with a `/services/` prefix. Fixes a bug where setting the `owner` and/or `app` on a `Service` could produce 403 errors on some REST API endpoints.

* Modular input `Argument.title` is now written correctly.

* `Client.connect` will now always return a `Service` instance, even if user credentials are invalid.

* Update the `saved_search/saved_search.py` example to handle saved searches with names containing characters that must be URL encoded (ex: `"Top 5 sourcetypes"`).

Minor Changes

* Update modular input examples with readable titles.

* Improvements to `splunklib.searchcommands` tests.

* Various docstring and code style corrections.

* Updated some tests to pass on Splunk 6.2+.