Skip to content
/ elasticsplunk Public
forked from brunotm/elasticsplunk

A Search command to explore Elasticsearch data within Splunk.

License

MIT and 2 other licenses found

Licenses found

MIT
LICENSE
Apache-2.0
LICENSE_elaticsearch-py.txt
Apache-2.0
LICENSE_splunk-sdk-python.txt
1 star 25 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

skywalka/elasticsplunk

BranchesTags
 
 

Repository files navigation

ElasticSplunk Search Command

A Search command to explore Elasticsearch data within Splunk.

Currently supported

  • Multiple node search
  • Index Specification
  • SSL connections
  • Scroll searches
  • Fields to include
  • Splunk timepicker values
  • Relative time values
  • Timestamp field specification
  • Index listing "action=indices-list"
  • Cluster health "action=cluster-health"

Included libraries

  • elasticsearch-py
  • urllib3
  • splunklib from the splunk-sdk-python

Examples

Search:

|ess eaddr="https://node1:9200,https://node2:9200" index=indexname tsfield="@timestamp" latest=now earliest="now-24h" query="field:value AND host:host*"

List indices

|ess eaddr="https://node1:9200,https://node2:9200" action=indices-list"

Cluster health

|ess eaddr="https://node1:9200,https://node2:9200" action=cluster-health"

Written by Bruno Moura [email protected]

About

A Search command to explore Elasticsearch data within Splunk.

Resources

Readme

License

MIT and 2 other licenses found

Licenses found

MIT
LICENSE
Apache-2.0
LICENSE_elaticsearch-py.txt
Apache-2.0
LICENSE_splunk-sdk-python.txt
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%