This recipe requires the installation of the third-party library splunk-sdk. All other libraries used in this script are present in Python's standard library. Additionally, we must install Splunk on the host operating system and, due to limitations of the splunk-sdk library, run the script using Python 2.

To install Splunk, we need to navigate to Splunk.com, fill out the form, and select the Splunk Enterprise free trial download. This enterprise trial allows us to practice with the API and gives us the ability to upload 500 MB per day. Once we have downloaded the application, we need to launch it to configure the application. While there are a lot of configurations we could change, launch it with the defaults, for now, to keep things simple and focus on the API. In doing so, the default address for the server will be localhost:8000. By navigating to this address in a browser, we can log in for the first time, set up accounts and (please do this) change the administrator password.

With the Splunk instance active, we can now install the API library. This library handles the conversion from the REST API into Python objects. At the time of writing of this book, the Splunk API is only available in Python 2. The splunk-sdk library can be installed with pip:

pip install splunk-sdk==1.6.2