$SPLUNK_HOME/etc/apps/cpp_name/bin/script.py
i have a python script that modify the view .
i assume its not running when i checked the same logic in os-python it works well. In command.conf
filename = script.py
retainsevents = true
overrides_timeorder = false
streaming = true
is there anyhting else i need to do .
Also i tried to check the logs in index="_internal" Error fullpath to script , it doesn't show anythin up there.
can some body help.
Try the following
import splunk.mining.dcutils as dcu
logger = dcu.getLogger()
try:
Your code
except Exception as e:
logger.error(str(e))
Then run the script and check index=_internal scriptName.py
If that doesn't work, you've probably got a syntax or indentation error. check the search.log in the job inspector. Search it for scriptName.py.
I used your comment but i get th ebelow error i am not sure why
utils/bin/script.py
from splunk.Intersplunk import dcu
07-14-2017 16:14:10.376 ERROR ScriptRunner - stderr from '/productos/pentaho/splunk/bin/python /productos/pentaho/splunk/etc/apps/utils/bin/script.py': from ^ splunk.Intersplunk import dcu
07-14-2017 16:14:10.376 ERROR ScriptRunner - stderr from '/productos/pentaho/splunk/bin/python /productos/pentaho/splunk/etc/apps/utils/bin/script.py': SyntaxError: invalid syntax
07-14-2017 16:14:10.376 ERROR ScriptRunner - extern write error: errno=Broken pipe
from splunk.Intersplunk import dcu
I am not sure whats the syntax error in this . Well your answer helped me in debugging i am getting closed to what i want.
Try enabling show all characters in notepad++ and checking for tabs etc.
Also can you show me the exact command/search you are using to execute the code?
index="indexname" | script from the UI
Can you post the code?
How does it modify the view?
How are you executing the script within Splunk?
the logs being monitored is in the form of
label=labelname value=actual value
now the script is intended to convert the above into
labelname=actual value at search time.
the python script is inside the app. My props.conf and transform.conf are working fine and the fields are getting extracted.
when i run this from splunk CLI it gives me error at this line
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
and makes reference to these two function from splunk python library.
/splunk/lib/python2.7/site-packages/splunk/Intersplunk.py"", line 336, in getOrganizedResults
results = readResults(input_str, settings)
File "splunk/lib/python2.7/site-packages/splunk/Intersplunk.py"", line 265, in readResults
line = input_buf.readline()
That error from Splunk cli is due to not having any results in the pipeline.
but i see data being streamed .
How can i fix this ?any idea?
Did you see my answer below?