Re: splunk app python script not running

aab5272 · ‎07-13-2017

$SPLUNK_HOME/etc/apps/cpp_name/bin/script.py
i have a python script that modify the view .

i assume its not running when i checked the same logic in os-python it works well. In command.conf

filename = script.py
retainsevents = true
overrides_timeorder = false
streaming = true

is there anyhting else i need to do .

Also i tried to check the logs in index="_internal" Error fullpath to script , it doesn't show anythin up there.

can some body help.

jkat54 · ‎07-13-2017

Try the following

import splunk.mining.dcutils as dcu

logger = dcu.getLogger()

try:
  Your code
except Exception as e:
  logger.error(str(e))

Then run the script and check index=_internal scriptName.py

If that doesn't work, you've probably got a syntax or indentation error. check the search.log in the job inspector. Search it for scriptName.py.

aab5272 · ‎07-14-2017

I used your comment but i get th ebelow error i am not sure why

utils/bin/script.py

from splunk.Intersplunk import dcu
07-14-2017 16:14:10.376 ERROR ScriptRunner - stderr from '/productos/pentaho/splunk/bin/python /productos/pentaho/splunk/etc/apps/utils/bin/script.py': from ^ splunk.Intersplunk import dcu
07-14-2017 16:14:10.376 ERROR ScriptRunner - stderr from '/productos/pentaho/splunk/bin/python /productos/pentaho/splunk/etc/apps/utils/bin/script.py': SyntaxError: invalid syntax
07-14-2017 16:14:10.376 ERROR ScriptRunner - extern write error: errno=Broken pipe

from splunk.Intersplunk import dcu

I am not sure whats the syntax error in this . Well your answer helped me in debugging i am getting closed to what i want.

jkat54 · ‎07-14-2017

Try enabling show all characters in notepad++ and checking for tabs etc.

jkat54 · ‎07-14-2017

Also can you show me the exact command/search you are using to execute the code?

aab5272 · ‎07-14-2017

index="indexname" | script from the UI

jkat54 · ‎07-14-2017

Can you post the code?

jkat54 · ‎07-13-2017

How does it modify the view?

How are you executing the script within Splunk?

aab5272 · ‎07-13-2017

the logs being monitored is in the form of
label=labelname value=actual value
now the script is intended to convert the above into
labelname=actual value at search time.

the python script is inside the app. My props.conf and transform.conf are working fine and the fields are getting extracted.

when i run this from splunk CLI it gives me error at this line

results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
and makes reference to these two function from splunk python library.
/splunk/lib/python2.7/site-packages/splunk/Intersplunk.py"", line 336, in getOrganizedResults
results = readResults(input_str, settings)
File "splunk/lib/python2.7/site-packages/splunk/Intersplunk.py"", line 265, in readResults
line = input_buf.readline()

jkat54 · ‎07-13-2017

That error from Splunk cli is due to not having any results in the pipeline.

aab5272 · ‎07-13-2017

but i see data being streamed .

How can i fix this ?any idea?

jkat54 · ‎07-13-2017

Did you see my answer below?

splunk app python script not running

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor