https://community.splunk.com/t5/Splunk-Search/Custom-command-giving-unexpected-result/m-p/391889#M114086 <P>Hi,<BR /> 2 things can be tested here a bit further :<BR /> 1-What happens if you run this command through CLI? something like <CODE>$ splunk search "| shape</CODE>. What output do you receive?<BR /> 2- What happens if you run something like this from splunk web - <CODE>index="main"|sourcetype="tutorial"|shape</CODE><BR /> 3- you of course need to restart splunk enterprise after making the configuration changes</P> Sun, 17 Jun 2018 10:17:34 GMT Sukisen1981 2018-06-17T10:17:34Z https://community.splunk.com/t5/Splunk-Search/Custom-command-giving-unexpected-result/m-p/391888#M114085 <P>I have followed below link but not receiving expected result.</P> <P><STRONG>Step 1</STRONG><BR /> Commands.conf<BR /> [shape]<BR /> chunked=true<BR /> filename = shape.py<BR /> generating = true<BR /> supports_rawargs = true</P> <P><STRONG>Step 2</STRONG><BR /> authorize.conf<BR /> [capability::run_script_first]<BR /> [role_admin]<BR /> run_script_first = enabled</P> <P>Step <STRONG>3</STRONG><BR /> shape.py (in bin directory)<BR /> shape.py from below location.<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/7.1.1/Search/Customsearchcommandshape" target="_blank">https://docs.splunk.com/Documentation/Splunk/7.1.1/Search/Customsearchcommandshape</A></P> <P><STRONG>Step 4:</STRONG><BR /> IImage attached<BR /> <IMG src="https://community.splunk.com/storage/temp/250951-result.png" alt="alt text" /></P> <P><STRONG>Step 5</STRONG><BR /> expected result same as below link<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/7.1.1/Search/Customsearchcommandshape" target="_blank">https://docs.splunk.com/Documentation/Splunk/7.1.1/Search/Customsearchcommandshape</A></P> <P>Query<BR /> 1) How to send data from python to splunk? (splunk.Intersplunk.outputResults(results))<BR /> 2) how to get result same as Step 5 link<BR /> 3) is there any way, where as I may check that my python script is working properly? (any log or anywhere in UI) </P> <P>OR<BR /> Share some custom command whereas I should be able to pass splunk data to receive data from python script???</P> <P>Thanks in advance.</P> Tue, 29 Sep 2020 20:03:33 GMT https://community.splunk.com/t5/Splunk-Search/Custom-command-giving-unexpected-result/m-p/391888#M114085 nadirriyani 2020-09-29T20:03:33Z https://community.splunk.com/t5/Splunk-Search/Custom-command-giving-unexpected-result/m-p/391889#M114086 <P>Hi,<BR /> 2 things can be tested here a bit further :<BR /> 1-What happens if you run this command through CLI? something like <CODE>$ splunk search "| shape</CODE>. What output do you receive?<BR /> 2- What happens if you run something like this from splunk web - <CODE>index="main"|sourcetype="tutorial"|shape</CODE><BR /> 3- you of course need to restart splunk enterprise after making the configuration changes</P> Sun, 17 Jun 2018 10:17:34 GMT https://community.splunk.com/t5/Splunk-Search/Custom-command-giving-unexpected-result/m-p/391889#M114086 Sukisen1981 2018-06-17T10:17:34Z https://community.splunk.com/t5/Splunk-Search/Custom-command-giving-unexpected-result/m-p/391890#M114087 <P>Please find response<BR /> 1) <BR /> Error in 'shape' command: You must provide a field argument.<BR /> The search job has failed due to an error. You may be able view the job in the Job Inspector.<BR /> 2)<BR /> FATAL: Error in 'shape' command: You must provide a field argument.</P> <P>3)I had already restarted splunk post changes in the configuration file.</P> <P>I am using splunk enterprise 7.11 version </P> <P>Have you run this example in your machine?<BR /> which splunk version are you using?<BR /> do I need to install any python lib?</P> Mon, 18 Jun 2018 05:06:26 GMT https://community.splunk.com/t5/Splunk-Search/Custom-command-giving-unexpected-result/m-p/391890#M114087 nadirriyani 2018-06-18T05:06:26Z