Solved: Re: How to execute external script to manipulate f...

sieutruc · ‎10-18-2012

hello,

i have a testing python script as:
test.py

  fo=open("c:/test.txt",'w')
  fo.write("hello")
  fo.close()

and put in \etc\apps\Search\bin

\etc\apps\Search\local\commands.conf is:

[test]
filename= test.py

I execute in search :

| test

Error "you have insufficient privileges to perform this action", i tried the other way, but unsuccessful

Can you show me what i should do to run that script ? (i run with admin role)

Gilberto_Castil · ‎10-18-2012

Hello there,

There is difference between a custom command and invoking an external script with Splunk. There are also different applications to each one of these items. Personally, I use custom commands to receive search results and manipulate for presentation -where the search language does not meet my requirements or for specific functionality. I run external scripts when I want to pass results of a search to an external action or process.

Without the context of your intent, here are the mechanics to either case.

To use a custom command you will need to embed your code around a wrapper. This is explained here.

import sys,splunk.Intersplunk
results = []

try:
   results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

############### YOUR CODE HERE ##############
   fo=open("c:/test.txt",'w')
   fo.write("hello")
   fo.close()

############### DATA MANIPULATION HERE ##############

except:
   import traceback
   stack =  traceback.format_exc()
   results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))

splunk.Intersplunk.outputResults( results )

On the other hand, if you just want to run an script and pass some variables to it, the process is different. The Splunk Language provides a 'script' command which allows for the call. That is documented here. You would use this on your search like this:

index="blah" sourcetype="blah"... | script python test.py param1 param2

I hope this helps.

Happy Splunkin'

View solution in original post

Gilberto_Castil · ‎10-18-2012

Hello there,

There is difference between a custom command and invoking an external script with Splunk. There are also different applications to each one of these items. Personally, I use custom commands to receive search results and manipulate for presentation -where the search language does not meet my requirements or for specific functionality. I run external scripts when I want to pass results of a search to an external action or process.

Without the context of your intent, here are the mechanics to either case.

To use a custom command you will need to embed your code around a wrapper. This is explained here.

import sys,splunk.Intersplunk
results = []

try:
   results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

############### YOUR CODE HERE ##############
   fo=open("c:/test.txt",'w')
   fo.write("hello")
   fo.close()

############### DATA MANIPULATION HERE ##############

except:
   import traceback
   stack =  traceback.format_exc()
   results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))

splunk.Intersplunk.outputResults( results )

On the other hand, if you just want to run an script and pass some variables to it, the process is different. The Splunk Language provides a 'script' command which allows for the call. That is documented here. You would use this on your search like this:

index="blah" sourcetype="blah"... | script python test.py param1 param2

I hope this helps.

Happy Splunkin'

shaileshmali · ‎06-23-2016

I have splunk script below which takes input can you help how to use splunk intersplunk for this script to take input and provide output

def base36encode(number):
if not isinstance(number, (int, long)):
raise TypeError('number must be an integer')
if number < 0:
raise ValueError('number must be positive')

alphabet, base36 = ['0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ', '']

while number:
    number, i = divmod(number, 36)
    base36 = alphabet[i] + base36

return base36 or alphabet[0]

def base36decode(number):
return int(number, 36)

print(base36encode(1412823931503067241))
print(base36decode('AQF8AA0006EH'))

Gilberto_Castil · ‎03-07-2013

Hello harshjets, I have upated the link.

http://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/SearchScripts

harshjets · ‎02-14-2013

This Link
"To use a custom command you will need to embed your code around a wrapper. This is explained here."
is no longer available can you please let me know where can I find this info.

Gilberto_Castil · ‎10-24-2012

Hello and sorry for the late reply. The school of thought is that if you are not looking to manipulate search results with the script, then the two methods above are not the best approach.

Splunk has a scripted input mechanism which allows you to schedule the execution of a script and the capture the stdout message from the script. The result is a record of the notification obtained by the script and its execution state. That would give you the result you desire.

If you do not wish to use Splunk for scheduling, dump the script results to a file and then have Splunk index that file.

sieutruc · ‎10-19-2012

can i ask one more ? if i want to show on splunk web the message that indicates the status of the execution script , is it running or terminated with succesfull or errorous notification, what function should i use ?

sieutruc · ‎10-19-2012

it's perfect 🙂 thank you so much .

How to execute external script to manipulate file from search command

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!