topic Re: Create custom command search in Splunk Search

How to create custom command search?

lnn2204 — Thu, 26 May 2022 06:06:37 GMT

Hi guys, I'm using splunk 8.0

I want to create a command that can send some infos to another via web or api. I read the Dev page but hard to understand. Do you know some easy script?

Like I have an table after search

a	b	c	Action
312	213	13	1
13	123	46	0

When Action=1, the script will send info {a:1,b:213,c:13} to another platform, exp: send message to telegram.

<basesearch> | where action=1 | sendinfo a,b,c

Re: Create custom command search

shivanshu1593 — Wed, 25 May 2022 08:45:47 GMT

You can watch @techiesid YouTube channel to create your custom command

https://www.youtube.com/watch?v=tTfEv5fLZEs

###If it helps. Kindly consider an upvote/accepting as an answer###

Re: Create custom command search

lnn2204 — Wed, 25 May 2022 09:58:47 GMT

One more question, I just want to out the value of fields, then send it. So which command should i create? (Streaming, Generating, Transforming or something else). Because I'm using Streaming and it return error: TypeError at "/opt/splunk/etc/apps/testCommand/bin/splunklib/searchcommands/internals.py", line 573 : 'NoneType' object is not iterable

This is my command:

from __future__ import absolute_import, division, print_function, unicode_literals import os,sys import time from splunklib.searchcommands import dispatch, StreamingCommand, Configuration, Option, validators import requests @Configuration() class GenerateTextCommand(StreamingCommand): def stream(self,records): for record in records: fields = self.fieldnames i = record[fields[0]] botURL = "https://api.telegram.org/botTOKEN/sendMessage?chat_id=CHAT_ID&text="+str(i) r = requests.get(botURL) dispatch(GenerateTextCommand, sys.argv, sys.stdin, sys.stdout, __name__)

Re: Create custom command search

shivanshu1593 — Wed, 25 May 2022 19:09:54 GMT

I'm hoping that you have done part of setting up commands.conf and metadata for your custom command. The error that you are seeing down to the fact that the field records is None type, meaning it contains no values and you cannot iterate over None type. Looks like you are not able to pass the data from your SPL to your custom command. Also, you are doing the get request, when you want to send (post) the data instead. Try the following (off the top of my head. May have some bugs that you can fix):

from __future__ import absolute_import, division, print_function, unicode_literals import os,sys import time from splunklib.searchcommands import dispatch, StreamingCommand, Configuration, Option, validators import requests @Configuration() class GenerateTextCommand(StreamingCommand): fieldname = Option( doc=''' **Syntax:** **fieldname=***<fieldname>* **Description:** Name of the field that will hold the session_key''', require=True, validate=validators.Fieldname()) def stream(self,records): for record in records: fields = self.fieldnames i = record[fields[0]] botURL = "https://api.telegram.org/botTOKEN/sendMessage?chat_id=CHAT_ID&text="+str(i) r = requests.post(botURL) record[self.fieldname] = r yield record dispatch(GenerateTextCommand, sys.argv, sys.stdin, sys.stdout, __name__)

Please make sure that you run your custom command in the search

(This will return the value of r. You may wish to format it once it works):

| yourcustomcommand fieldname=events_sent

Hope this helps,

###If it helps, please consider an upvote/accepting as an answer###

Re: Create custom command search

lnn2204 — Thu, 26 May 2022 02:40:56 GMT

Thank you, because it's streaming command, so i need to but things back to the result. And I found the way 😄 thanks.