In this case ,I have Index "A" with Two fields "Latitude" and "Longitude" ,now I want my python script fetch these two fields from Index"A" and calculated distance (using internal logic) and then indexed this distance field into Index "B".
For this case I have used splunk python sdk to get indexed data ,now I want this script will run by splunk as scripted input to ingest data in index "B" .
Please help me out do complete this task.
@ajitshukla61116 , what is the condition for reading index A and pushing to index B? based on the description seems like this should be a Scheduled Search with to calculate distance between geolocation Alert Action
, then use collect command to insert to a new index. (With option 1 below this all can be done within splunk using SPL, without any need of python coding).
However, you can try one of the following options. If option 1 does not meet your requirement you can create custom command as per option 2.
Option 1: can you refer to the following answer post by @MuS which deals with Distance between two geo-locations: https://answers.splunk.com/answers/317935/calculating-distances-between-points-with-geoip-us.html
This can be done directly via SPL.
Option 2: If this does not help you can read the Custom Command Splunk Dev Example and create your own custom command on similar lines: http://dev.splunk.com/view/python-sdk/SP-CAAAEU2
Option 3: You can use the script command to execute script stored in bin folder of the app. https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Script
Option 4: Custom Alert Action to calculate geolocation and collect to index: https://login.splunk.com/index.php?module=roles&func=showloginform&redirecturl=https://docs.splunk.c...
thanks @niketnilay for these options.
Actually I have one index which have multiple fields like latitude,Longitude ,"FieldA","FieldB","FieldC".Using these fields I have to calculate "distance" and again ingest "distance" filed into same index for every events.
For distance calculation I have to use python script because distance calculation logic can not be implemented on splunk search.
Note:in this case I will get already ingested data .I have calculate distance and add distance filed to same index.
I am trying custom command but I am not able to fetch more than two variable from splunk side .I don't know why I am getting error code 1.
please check my code :
import sys
import splunk.Intersplunk
import json
import requests as req
def calculate_distance(lat,long,fieldA,fieldB,fieldC):
#internal logic will be here
return distance
def collect_events():
results, dummyresults, settings = splunk.Intersplunk.getOrganizedResults()
for result in results:
lat=result["Latitude"]
long=result["Longitude"]
fieldA=result["FieldA"]
fieldB=result["FieldB"]
fieldC=result["FieldC"]
result[distance]=calculate_distance(lat,long,fieldA,fieldB,fieldC)
splunk.Intersplunk.outputResults(results)
collect_events()