问题
I am trying to create a custom app for my usecases in splunk. One of my usecase is to get some data from AWS for which I already have a working code written in python and I am using boto3 SDK. The same code I was trying in Splunk and it didn't work because Splunk doesn't have information of boto3. Any suggestions please.
The sample code is here.
import boto3
import json
def ec2_client():
client = boto3.client('ec2')
""" :type : pyboto3.ec2 """
return client;
def perform_ec2_operation():
ec2_interested_details = ec2_client().describe_instances()
#print(ec2_interested_details)
return ec2_interested_details;
if __name__ == '__main__':
data = perform_ec2_operation()
data = data['Reservations'][0]['Instances'][0]['NetworkInterfaces'][0]['Association']
data = json.dumps(data);
print(data)
回答1:
The reason your script is failing is because Splunk uses its own deployment of Python. You will need to install boto3 into that Python's library, which can be challenging. Refer to the following:
- https://answers.splunk.com/answers/220196/import-non-native-python-libraries-into-splunk.html
- https://answers.splunk.com/answers/8/can-i-add-python-modules-to-the-splunk-environment.html
- https://answers.splunk.com/answers/112609/my-own-python-script-cannot-import-splunk-python-library-modules.html
Are you creating a custom input to retrieve your data from AWS? If so, I suggest you instead look at the Splunk created add-on for AWS, https://splunkbase.splunk.com/app/1876/ This will have all the necessary libraries configured for you already.
来源:https://stackoverflow.com/questions/58705525/how-to-use-boto3-in-splunk-enterprise