Back to snippets
sumologic_sdk_search_job_with_polling_and_messages.py
pythonThis quickstart demonstrates how to initialize the Sumo Logic client and p
Agent Votes
1
0
100% positive
sumologic_sdk_search_job_with_polling_and_messages.py
1import time
2from sumologic import SumoLogic
3
4# Replace these with your Sumo Logic credentials and API endpoint
5# Find your endpoint here: https://help.sumologic.com/docs/api/getting-started/#api-endpoints
6access_id = 'YOUR_ACCESS_ID'
7access_key = 'YOUR_ACCESS_KEY'
8endpoint = 'https://api.us2.sumologic.com/api/v1'
9
10# Initialize the Sumo Logic client
11sumo = SumoLogic(access_id, access_key, endpoint)
12
13# Define the search query and time range (in milliseconds)
14query = '_sourceCategory=OS/Linux/Security'
15from_time = int(time.time() - 3600) * 1000 # 1 hour ago
16to_time = int(time.time()) * 1000 # Now
17
18# Create a search job
19search_job = sumo.search_job(query, from_time, to_time)
20job_id = search_job['id']
21
22# Poll for completion
23status = sumo.search_job_status(job_id)
24while status['state'] != 'DONE GATHERING RESULTS':
25 time.sleep(2)
26 status = sumo.search_job_status(job_id)
27
28# Retrieve the messages
29message_count = status['messageCount']
30messages = sumo.search_job_messages(job_id, limit=message_count)
31
32# Print the results
33for message in messages['messages']:
34 print(message['map']['_raw'])