https://community.splunk.com/t5/Getting-Data-In/External-command-calling-subprocess-not-working/m-p/71379#M14520 <P>Support came back with this which works for shell and other python scripts but I can't get it to work with perl. It is a nice workaround for accessing python modules that are not part of splunk.</P><P><BR /> def getemp(host):<BR /> cmd = ("./mrilookup.pl ",host)<BR /> pseudohandle = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)<BR /> stdout, stderr = pseudohandle.communicate()<BR /> return stdout.rstrip()</P> Sun, 24 Mar 2013 14:45:27 GMT rdownie 2013-03-24T14:45:27Z https://community.splunk.com/t5/Getting-Data-In/External-command-calling-subprocess-not-working/m-p/71378#M14519 <P>I am attempting to write an external command that uses a subprocess call and assigns the value returned by the subprocess call to a field and returns that in the output results. Like the many examples, if I set:</P> <PRE><CODE>for r in results: r['foo']="bar" si.outputResults(results) </CODE></PRE> <P>works fine and gives me a fieldname of foo with a value of bar. </P><P><BR /> But when I try to assign the fieldname to what is returned from my subprocess call, it just creates the fieldname named the value and doesn't pass anything else back </P><P><BR /> Here is the code I am using, the ldapquery.py script returns a value "22393".</P> <PRE><CODE>#import the python module provided with Splunk import splunk.Intersplunk as si import subprocess import os #read the results into a variable results, dummyresults, settings = si.getOrganizedResults() def getemp(host): emp = subprocess.call(["./ldapquery.py", host]) return emp #loop over each result. results is a list of dict. for r in results: #r is a dict. Access fields using the fieldname. myhost = r['myhost'] r['employee'] = getemp(myhost) #return the results back to Splunk si.outputResults(results) </CODE></PRE> <P></P><P> Outputs "22393" as the name of the field and just gives it as a header.</P><P><BR /> the search I am using to test this is:</P><P><BR /> | stats count | eval myhost="bemsrv1" | hrdquery</P> <P>the commands.conf file is.</P><P></P> <PRE><CODE>[hrdquery] filename = hrdquery.py streaming = true retainsevents = true </CODE></PRE> <P></P><P>Any help with this would be greatly appreciated.</P><P><BR /> Thanks, Bob</P> Fri, 22 Mar 2013 11:08:56 GMT https://community.splunk.com/t5/Getting-Data-In/External-command-calling-subprocess-not-working/m-p/71378#M14519 rdownie 2013-03-22T11:08:56Z https://community.splunk.com/t5/Getting-Data-In/External-command-calling-subprocess-not-working/m-p/71379#M14520 <P>Support came back with this which works for shell and other python scripts but I can't get it to work with perl. It is a nice workaround for accessing python modules that are not part of splunk.</P><P><BR /> def getemp(host):<BR /> cmd = ("./mrilookup.pl ",host)<BR /> pseudohandle = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)<BR /> stdout, stderr = pseudohandle.communicate()<BR /> return stdout.rstrip()</P> Sun, 24 Mar 2013 14:45:27 GMT https://community.splunk.com/t5/Getting-Data-In/External-command-calling-subprocess-not-working/m-p/71379#M14520 rdownie 2013-03-24T14:45:27Z