Building for the Splunk Platform

How to pass the value of the field to the script as a parameter when customizing commands in Python?

pbalbasm
Path Finder

Hi everyone,

I have created a custom command in Python that needs a parameter, which is one of the fields of the search.

The script is as the following:

import splunk.Intersplunk

def foofunct(text):
     output = //Doing something with text
     return output

keywords, options = splunk.Intersplunk.getKeywordsAndOptions()

results,unused1,unused2 = splunk.Intersplunk.getOrganizedResults()

for result in results:
     result["foo"] = foofunct(keywords)
splunk.Intersplunk.outputResults(results)

When I insert the parameter directly in the tests, it works perfectly, but when I put the name of the field, it doesn't take the value of the field, it takes the name of the field as a parameter.

Is there any way to pass the value of the field to the script as a parameter?

Thanks for all.

Regards

Labels (2)
1 Solution

pbalbasm
Path Finder

For me, the solution was to create a Javascript in the view wich launches a search with the correct parameters, so the keywords are values taken directly from the javascript.

View solution in original post

0 Karma

pbalbasm
Path Finder

For me, the solution was to create a Javascript in the view wich launches a search with the correct parameters, so the keywords are values taken directly from the javascript.

0 Karma

hallt3
Path Finder

Been a while, here's what I remember. Import sys. You can send in args via argv. TEXTSTRING = sys.argv[1]

Then when running the custom search command you just put 'em after the command. | script myscript arg1 arg2 ...

0 Karma

alonsocaio
Contributor

How are you using this custom command in your searches?

0 Karma

highsplunker
Contributor

The question is how to pass parameters in and out of custom python script. This script is just an example.

0 Karma

alonsocaio
Contributor

I got it, but you said that when you put the name of the field as a parameter It does not get the field value, but the field name, so I am supposing you tried running this command from Splunk, right? If you tried running it from Splunk, I'd like to know how you used the command.

0 Karma

highsplunker
Contributor

Why doesn't anybody help?

0 Karma
Get Updates on the Splunk Community!

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...