import splunk.authimport splunk.restimport splunk.searchimport jsonimport ti

1. import splunk.auth
2. import splunk.rest
3. import splunk.search
4. import json
5. import time
6.  
7. # Authenticate
8. session_key = splunk.auth.getSessionKey(username='admin', password='changeme')
9.  
10. search_to_run = "Errors in the last 24 hours"
11.  
12. job = splunk.search.dispatchSavedSearch(search_to_run, session_key)
13.  
14. print "Started job", job.id
15.  
16. while not job.isDone:
17. time.sleep(1)
18.  
19. # Note: you will need to modify how you get output depending on if you want the events, results, or preview of the results
20.  
21. # 1) Here is an example of getting results (when you use a reporting command in the search, like "stats")
22. # dataset = job.results
23.  
24. # 2) Here is an example of getting results_preview (when the search isn't done yet and you want to view the preview)
25. # dataset = job.results_preview
26.  
27. # 3) Here is an example of getting events (when you want the raw events and no reporting commands are used)
28. dataset = job.events
29.  
30. for event in dataset:
31. print event['host']