I am using Python SDK, I created an Index and TCP Socket connection using below
## Create the index if it doesn't exist
if 'kpiindex' not in service.indexes:
if verbose > 0: print "Creating index 'kpiindex' .."
service.indexes.create("kpiindex")
# Create the TCP input if it doesn't exist
input_host = kwargs.get("inputhost", DEFAULT_SPLUNK_HOST)
input_port = kwargs.get("inputport", DEFAULT_SPLUNK_PORT)
input_name = str(input_port)
if input_name not in service.inputs:
if verbose > 0: print "Creating input '%s'" % input_name
service.inputs.create(
input_port, "tcp", index="kpiindex", sourcetype="kpiindex")
global ingest
ingest = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ingest.connect((input_host, input_port))
(At this point I have confirmed that "kpiindex" is available in the list of indexes on splunk dashboard.)
Going forward the data to be indexed from a CSV file is read into a buffer and then sent to splunk using below.
ingest.send(buffer)
However this data is not visible in splunk. Please help!