Archive

splunk app python script not running

Engager

$SPLUNK_HOME/etc/apps/cpp_name/bin/script.py
i have a python script that modify the view .

i assume its not running when i checked the same logic in os-python it works well. In command.conf

filename = script.py
retainsevents = true
overrides_timeorder = false
streaming = true

is there anyhting else i need to do .

Also i tried to check the logs in index="_internal" Error fullpath to script , it doesn't show anythin up there.

can some body help.

0 Karma

SplunkTrust
SplunkTrust

Try the following

import splunk.mining.dcutils as dcu

logger = dcu.getLogger()

try:
  Your code
except Exception as e:
  logger.error(str(e))

Then run the script and check index=_internal scriptName.py

If that doesn't work, you've probably got a syntax or indentation error. check the search.log in the job inspector. Search it for scriptName.py.

0 Karma

Engager

I used your comment but i get th ebelow error i am not sure why

utils/bin/script.py

from splunk.Intersplunk import dcu
07-14-2017 16:14:10.376 ERROR ScriptRunner - stderr from '/productos/pentaho/splunk/bin/python /productos/pentaho/splunk/etc/apps/utils/bin/script.py': from ^ splunk.Intersplunk import dcu
07-14-2017 16:14:10.376 ERROR ScriptRunner - stderr from '/productos/pentaho/splunk/bin/python /productos/pentaho/splunk/etc/apps/utils/bin/script.py': SyntaxError: invalid syntax
07-14-2017 16:14:10.376 ERROR ScriptRunner - extern write error: errno=Broken pipe

from splunk.Intersplunk import dcu

I am not sure whats the syntax error in this . Well your answer helped me in debugging i am getting closed to what i want.

0 Karma

SplunkTrust
SplunkTrust

Try enabling show all characters in notepad++ and checking for tabs etc.

0 Karma

SplunkTrust
SplunkTrust

Also can you show me the exact command/search you are using to execute the code?

0 Karma

Engager

index="indexname" | script from the UI

0 Karma

SplunkTrust
SplunkTrust

Can you post the code?

0 Karma

SplunkTrust
SplunkTrust

How does it modify the view?

How are you executing the script within Splunk?

0 Karma

Engager

the logs being monitored is in the form of
label=labelname value=actual value
now the script is intended to convert the above into
labelname=actual value at search time.

the python script is inside the app. My props.conf and transform.conf are working fine and the fields are getting extracted.

when i run this from splunk CLI it gives me error at this line

results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
and makes reference to these two function from splunk python library.
/splunk/lib/python2.7/site-packages/splunk/Intersplunk.py"", line 336, in getOrganizedResults
results = readResults(input_str, settings)
File "splunk/lib/python2.7/site-packages/splunk/Intersplunk.py"", line 265, in readResults
line = input_buf.readline()

0 Karma

SplunkTrust
SplunkTrust

That error from Splunk cli is due to not having any results in the pipeline.

0 Karma

Engager

but i see data being streamed .

How can i fix this ?any idea?

0 Karma

SplunkTrust
SplunkTrust

Did you see my answer below?

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!