topic Re: Is Python the only supported language, or can I create a custom command or macro via Ruby? in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Is-Python-the-only-supported-language-or-can-I-create-a-custom/m-p/262207#M50326 <P>IMHO, this is a simple enough script, I would go ahead and port it to python as a <CODE>scripted/external lookup</CODE>. It is well worth the exercise and once you have done it once, you can add that to your Splunk toolbox.</P> Tue, 24 May 2016 07:17:19 GMT woodcock 2016-05-24T07:17:19Z Is Python the only supported language, or can I create a custom command or macro via Ruby? https://community.splunk.com/t5/Getting-Data-In/Is-Python-the-only-supported-language-or-can-I-create-a-custom/m-p/262206#M50325 <P>All, </P> <P>A vendor just sent me this script to decode their vendor message table. It's not just a simple lookup, but a concatenation with several events. I see guides on Python. Is that the only supported language for custom commands? Should I just use Python to wrap this? Any guides on this? </P> <P>thanks!</P> <PRE><CODE>#!/usr/bin/env ruby # to use: # chmod 744 threat_extract.rb # ./threat_extract.rb $THREATS_NUMBER arg = ARGV.first.to_i hsh = { 1 =&gt; 'Known Violators', 2 =&gt; 'Blocked Country', 4 =&gt; 'Browser Integrity Check', 8 =&gt; 'Known Violator User Agent', 16 =&gt; 'Rate Limited', 32 =&gt; 'Known Violator Honeypot Access', 64 =&gt; 'Referrer Block', 128 =&gt; 'Session Length Exceeded', 256 =&gt; 'Pages Per Session Exceeded', 512 =&gt; 'Bad User Agents', 1024 =&gt; 'Aggregator User Agents', 2048 =&gt; 'Filtered IP', 4096 =&gt; 'JavaScript Not Loaded', 8192 =&gt; 'JavaScript Check Failed', 16384 =&gt; 'Identifier Validation Error', 32768 =&gt; 'Known Violator Automation Tool', 65536 =&gt; 'Form Spam Submission', 131072 =&gt; 'Unverified Signature', 262144 =&gt; 'IP Pinning Failure', 524288 =&gt; 'Invalid JavaScript Test Results', 1048576 =&gt; 'Organization Block', 2097152 =&gt; 'Known Violator Data Center' } puts *hsh.reject { |(k, v)| (k &amp; arg).zero? }.map {|(k, v)| "#{k} =&gt; #{v}"} </CODE></PRE> Tue, 24 May 2016 04:15:29 GMT https://community.splunk.com/t5/Getting-Data-In/Is-Python-the-only-supported-language-or-can-I-create-a-custom/m-p/262206#M50325 daniel333 2016-05-24T04:15:29Z Re: Is Python the only supported language, or can I create a custom command or macro via Ruby? https://community.splunk.com/t5/Getting-Data-In/Is-Python-the-only-supported-language-or-can-I-create-a-custom/m-p/262207#M50326 <P>IMHO, this is a simple enough script, I would go ahead and port it to python as a <CODE>scripted/external lookup</CODE>. It is well worth the exercise and once you have done it once, you can add that to your Splunk toolbox.</P> Tue, 24 May 2016 07:17:19 GMT https://community.splunk.com/t5/Getting-Data-In/Is-Python-the-only-supported-language-or-can-I-create-a-custom/m-p/262207#M50326 woodcock 2016-05-24T07:17:19Z