Re: splunk app python script not running

aab5272 · ‎07-13-2017

$SPLUNK_HOME/etc/apps/cpp_name/bin/script.py
i have a python script that modify the view .

i assume its not running when i checked the same logic in os-python it works well. In command.conf

filename = script.py
retainsevents = true
overrides_timeorder = false
streaming = true

is there anyhting else i need to do .

Also i tried to check the logs in index="_internal" Error fullpath to script , it doesn't show anythin up there.

can some body help.

jkat54 · ‎07-13-2017

Try the following

import splunk.mining.dcutils as dcu

logger = dcu.getLogger()

try:
  Your code
except Exception as e:
  logger.error(str(e))

Then run the script and check index=_internal scriptName.py

If that doesn't work, you've probably got a syntax or indentation error. check the search.log in the job inspector. Search it for scriptName.py.

aab5272 · ‎07-14-2017

I used your comment but i get th ebelow error i am not sure why

utils/bin/script.py

from splunk.Intersplunk import dcu
07-14-2017 16:14:10.376 ERROR ScriptRunner - stderr from '/productos/pentaho/splunk/bin/python /productos/pentaho/splunk/etc/apps/utils/bin/script.py': from ^ splunk.Intersplunk import dcu
07-14-2017 16:14:10.376 ERROR ScriptRunner - stderr from '/productos/pentaho/splunk/bin/python /productos/pentaho/splunk/etc/apps/utils/bin/script.py': SyntaxError: invalid syntax
07-14-2017 16:14:10.376 ERROR ScriptRunner - extern write error: errno=Broken pipe

from splunk.Intersplunk import dcu

I am not sure whats the syntax error in this . Well your answer helped me in debugging i am getting closed to what i want.

jkat54 · ‎07-14-2017

Try enabling show all characters in notepad++ and checking for tabs etc.

jkat54 · ‎07-14-2017

Also can you show me the exact command/search you are using to execute the code?

aab5272 · ‎07-14-2017

index="indexname" | script from the UI

jkat54 · ‎07-14-2017

Can you post the code?

jkat54 · ‎07-13-2017

How does it modify the view?

How are you executing the script within Splunk?

aab5272 · ‎07-13-2017

the logs being monitored is in the form of
label=labelname value=actual value
now the script is intended to convert the above into
labelname=actual value at search time.

the python script is inside the app. My props.conf and transform.conf are working fine and the fields are getting extracted.

when i run this from splunk CLI it gives me error at this line

results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
and makes reference to these two function from splunk python library.
/splunk/lib/python2.7/site-packages/splunk/Intersplunk.py"", line 336, in getOrganizedResults
results = readResults(input_str, settings)
File "splunk/lib/python2.7/site-packages/splunk/Intersplunk.py"", line 265, in readResults
line = input_buf.readline()

jkat54 · ‎07-13-2017

That error from Splunk cli is due to not having any results in the pipeline.

aab5272 · ‎07-13-2017

but i see data being streamed .

How can i fix this ?any idea?

jkat54 · ‎07-13-2017

Did you see my answer below?

splunk app python script not running

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!