Splunk Search

Create custom search command in windows environment

ketaka
Explorer

I created a custom search command on windows, but the following error message is displayed and I can not execute it.
In the MacOS environment, could you create, but is there a problem that depends on Windows?

" Error in 'run' command: The external search command 'HelloWorld' does not exist in commands.conf. "

Here are the things I tried.

  • Create new app
    App name : "Hello World"
    Folder name : "hello_world"

  • Create executable file

    • path: C: \ Program Files \ Splunk \ etc \ apps \ hello_world \ bin
    • File name_1: hello_world.py
    • File content_1: Print 'title' Print 'Hello World'
  • Create configuration file

    • path: C: \ Program Files \ Splunk \ etc \ apps \ hello_world \ local
    • File name_2: commands.conf
    • File content_2: [HelloWorld] Filename = hello_world.py
    • File name_3: authorize.conf
    • File content_3: [Capability :: run_script_HelloWorld]

[Role_admin]
Run_script_HelloWorld = enabled

0 Karma

tcole_splunk
Splunk Employee
Splunk Employee

Hi!

Are you attempting to run the custom search command from the default Search & Reporting app? If so, you need to enable the command to run across apps. You can do this in Splunk Web on the Settings > Advanced Search > Search Commands page. For more information, see Manage access to a custom search command.

Please let me know if this helps!

-Taylor

ketaka
Explorer

Hi Taylor

There was no command that I created on the Settings > Advanced Search > Search Commands page.

Do I need splunk SDK to create custom search commands?
When made with macOS, it was usable without being conscious.

How do I make custom search commands?

I do not understand the correct procedure for creating a custom search command.

thanks

ketaka

0 Karma

tcole_splunk
Splunk Employee
Splunk Employee

Hi Ketaka!

I would recommend creating custom search commands with the Splunk SDK for Python. The SDK contains all of the Python classes and templates that you need to build the command.

For information about creating custom search commands with the Python SDK, please see http://dev.splunk.com/view/custom-spl/SP-CAAAFFT. These docs contain an overview of creating custom search commands as well as examples from the SDK.

Please let me know if this helps!

-Taylor

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Also in the link provided by @tcole_splunk is the parent topic (on the right hand navigation) for Introduction to custom search commands

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...