Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to run a linux command on remote machine via splunk GUI, on demand only?

smitapatankarso
Explorer
‎01-20-2020 11:44 PM

I have splunk instance running on one linux server.
I have python code on another linux server, which I run manually something like:

(console script command given in setup.py) (arguments)
Is it possible to run this via Splunk GUI? If so, how?

Note:
This is to be run on demand and not in a scheduled way i.e. whenever user searches say a username from splunk GUI, python script from remote server needs to run, fetch some details and send back as results for the search.

0 Karma
Reply

mdsnmss
SplunkTrust
SplunkTrust
‎01-21-2020 07:47 AM

Sounds like you need a custom search command or external lookup. These links should get you started:

External Lookups: https://docs.splunk.com/Documentation/Splunk/8.0.1/Knowledge/Configureexternallookups
Custom Search Command Docs: https://docs.splunk.com/Documentation/Splunk/8.0.1/Search/Writeasearchcommand
Custom Search Command Dev: https://dev.splunk.com/enterprise/docs/developapps/customsearchcommands/

What kind of details does the script return? What does the script do? An example of an external search command is in Splunk Supporting Add-on for Active (https://splunkbase.splunk.com/app/1151/). Given different arguments it will return LDAP user/object results to supplement results or create lookup tables.

More details are likely needed to determine the best way to do this. There isn't really a simple "out of the box" way to do this.

Reply

smitapatankarso
Explorer
‎01-23-2020 04:20 AM

Thanks I will go through the provided information.

The script needs to take a username as input (via splunk GUI).
It then needs to form a list of all the groups the user is a part of recursively, by communicating with Redis server which has raw information of users and groups.
It needs to return that list of groups to be displayed as splunk search result.

splunk(splunk server)<-->server that has script<-->redis server

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...