I have created custom search command called "getmetricdemo". I have configured everything but I'm not getting output in splunk GUI when I run search query as "| getmetricdemo" . Here is my configuration details:
filename = system_python.path
command.arg.1 = getmetricdemo.py
generating = true
supports_rawargs = true
Since I'm invoking external processor, I gave python interpreter name in system_python.path file
python program is running fine when I execute in Linux CLI:
Both system_python.path and getmetricdemo.py are located in /opt/splunk/etc/apps//bin directory.
Could anyone please help me out here. Thanks in advance!!
all you need in commands is
passauth = true
& the python file should be in the bin directory of the app, commands in local/default of the same app, meta file in metadata dir of same app.
yes if its a cluster you need to push them from deployer to all search heads.
Now i did few changes:
After doing above changes, I again ran search command, Now I could see below error in job inspector:
06-22-2018 09:45:24.734 INFO ChunkedExternProcessor - Running process: /usr/bin/python getmetricdemo.py
06-22-2018 09:45:29.427 ERROR ChunkedExternProcessor - Failed attempting to parse transport header: _time,aaaa,bbbbb\r
06-22-2018 09:45:29.427 ERROR ChunkedExternProcessor - Error in 'getmetricdemo' command: External search command exited unexpectedly.
Thanks for your help. I have added as you mentioned. But still no luck. I have configured this in deployer. Does this custom search command need to be configured only in search head and works only in search head?