topic Re: Splunk Custom Search Commands: How can I write the generator.py script so that it calls the script.py? in Splunk Search

Splunk Custom Search Commands: How can I write the generator.py script so that it calls the script.py?

siu — Thu, 16 Feb 2023 23:14:24 GMT

Hi everyone,

I have a script.py which requires one argument to run normally, for eg. script.py D:\Downloads\12-Dec-2022\1234\

I am intending to create a custom search command so that I can have a Splunk Dashboard GUI which allows the user to input the file path i.e D:\Downloads\12-Dec-2022\1234\ and then it will run in the backend this --> script.py D:\Downloads\12-Dec-2022\1234\ and generate a csv file in which I will use the splunk search command to format the data.

My question would be how can I write the generator.py script so that it calls the script.py

I have a template I found:

#!/usr/bin/env python import sys import os sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib")) from splunklib.searchcommands import \ dispatch, GeneratingCommand, Configuration, Option, validators @Configuration() class %(command.title())Command(GeneratingCommand): """ %(synopsis) ##Syntax %(syntax) ##Description %(description) """ def generate(self): # Put your event code here # To connect with Splunk, use the instantiated service object which is created using the server-uri and # other meta details and can be accessed as shown below # Example:- # service = self.service pass dispatch(%(command.title())Command, sys.argv, sys.stdin, sys.stdout, __name__)

However, I am not sure like how to write it such that this command will accept an argument (eg. file path inputted by the user)

So how I Forsee it is I have 3 things

1. Custom search command named mycommand
2. my own script.py which accepts one argument (a file path) use to run and generate stats
3. Splunk search command

So once I have the custom search command mycommand

I can use it in splunk search
| mycommand <user input>

something like that..however writing the custom search command am not sure how to make it accept an argument inputted for the user in the splunk gui. can anyone help please?

Re: Splunk Custom Search Commands: How can I write the generator.py script so that it calls the script.py?

PaulPanther — Mon, 20 Feb 2023 08:30:47 GMT

Just declare the field in the class like

filename = Option(require=True)

and then assign the user input as a variable to a new variable e.g.

filename = self.filename

sample code:

#!/usr/bin/env python import sys import os sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib")) from splunklib.searchcommands import \ dispatch, GeneratingCommand, Configuration, Option, validators @Configuration() class %(command.title())Command(GeneratingCommand): filename = Option(require=True) def generate(self): filename = self.filename # Put your event code here # To connect with Splunk, use the instantiated service object which is created using the server-uri and # other meta details and can be accessed as shown below # Example:- # service = self.service pass dispatch(%(command.title())Command, sys.argv, sys.stdin, sys.stdout, __name__)

Re: Splunk Custom Search Commands: How can I write the generator.py script so that it calls the script.py?

siu — Wed, 22 Feb 2023 15:22:53 GMT

# Import the necessary modules import splunklib.searchcommands as searchcommands import subprocess # Define a custom search command class class MyCustomCommand(searchcommands.GeneratingCommand): # Define any options for your custom command filepath = searchcommands.Option( doc=''' **Syntax:** **filepath=***<filepath>* **Description:** Path to the file to be processed by the Python script''', require=True, validate=validators.Fieldname()) # Define the fields that your command will output @staticmethod def output_schema(): return {'_time': searchcommands.DateTimeField(), 'output_field_1': searchcommands.StringField()} # Define the logic for your custom command def generate(self): # Call the Python script with the specified filepath as an argument result = subprocess.run(["python", "path/to/your/script.py", self.filepath], stdout=subprocess.PIPE) # Parse the output of the Python script output = result.stdout.decode().strip() # Create a new output record with the output of the Python script and the current timestamp output_record = {'_time': self._time, 'output_field_1': output} # Yield the output record to Splunk yield output_record # Register the custom command with Splunk dispatch(MyCustomCommand, sys.argv, sys.stdin, sys.stdout, __name__)

Thanks for your reply @PaulPanther

From your code I inspired to generate this code above

Re: Splunk Custom Search Commands: How can I write the generator.py script so that it calls the script.py?

siu — Sat, 18 Mar 2023 02:19:55 GMT

Hi @PaulPanther , with the inspired code above it still doesn't work, any help is much appreciated 🙂

Re: Splunk Custom Search Commands: How can I write the generator.py script so that it calls the script.py?

siu — Mon, 27 Mar 2023 09:20:34 GMT

is there anything else to change/add?

Re: Splunk Custom Search Commands: How can I write the generator.py script so that it calls the script.py?

siu — Fri, 28 Apr 2023 12:09:02 GMT

Hi @PaulPanther any updates?