topic Re: Creating custom Commands- Splunk [5.0.2] in Splunk Dev

Creating custom Commands- Splunk [5.0.2]

Stephen93Marsh — Fri, 28 Jun 2013 14:40:42 GMT

I'm trying to make a custom Command using python but I'm running into some errors.

"Error in 'script': Getinfo probe failed for external search command 'testscript'"

For the moment I'm just trying to figure out how to get any script to work, which is proving more difficult that I anticipated.

How I created the app and command:

So, I created a test app called "TestCommands" using the sample_app template.
Then, I created a dummy script called "testcommand.py" in the bin folder within that app.

import sys
import csv
import splunk.Intersplunk

while True:
    line = sys.stdin.readline()
    if not line.strip(): break

reader = csv.DictReader( sys.stdin )
headers = reader.fieldnames
writer = csv.DictWriter( sys.stdout, headers )
writer.writer.writerows( headers )

(From what I understand, this should just output the headers back to splunk)

I also have a commands.conf located in the default and local folders of the apps. (The directions were unclear as to which of these i should put it in) Both of those contain the same information:

[testscript]
filename = testcommand.py
streaming = true
supports_getinfo=true
maxinputs = 0

My Search is as follows:

source="pathname\dummydata.csv" | testscript"

I have checked that the data source isn't the problem.
Thanks for the help.

Re: Creating custom Commands- Splunk [5.0.2]

martin_mueller — Fri, 28 Jun 2013 16:59:43 GMT

Your command does not do anything that appears to support getinfo and the error message mentions the same, so I suggest turning that off in commands.conf.

Re: Creating custom Commands- Splunk [5.0.2]

Stephen93Marsh — Fri, 28 Jun 2013 17:11:44 GMT

After trying this, it just says "Unknown search command" 😞

Re: Creating custom Commands- Splunk [5.0.2]

martin_mueller — Fri, 28 Jun 2013 17:20:49 GMT

Concerning local vs default, put the .conf in default. You're the creator of the app, so you provide the default configuration. The user of your app can then override things in local if he needs to.

Re: Creating custom Commands- Splunk [5.0.2]

chris — Fri, 28 Jun 2013 22:17:11 GMT

Maybe you could start by copying one of the commands in the search app. uniq.py a very basic example.

Re: Creating custom Commands- Splunk [5.0.2]

Stephen93Marsh — Mon, 01 Jul 2013 15:02:17 GMT

I'll try that Chris. If I start basic enough, its bound to work. Thanks

Re: Creating custom Commands- Splunk [5.0.2]

OL — Thu, 18 Dec 2014 08:43:11 GMT

I had this issue when upgrading my python SDK of my app to version 1.3.0 (from 1.2.3). The solution was to add at the beginning of my script the following lines (as it is the case in the new examples):

import sys

from splunklib.searchcommands import \
    dispatch, StreamingCommand, Configuration, Option, validators

Hope it might help others 🙂