Splunk Dev

Creating custom Commands- Splunk [5.0.2]

Stephen93Marsh
Explorer

I'm trying to make a custom Command using python but I'm running into some errors.

"Error in 'script': Getinfo probe failed for external search command 'testscript'"

For the moment I'm just trying to figure out how to get any script to work, which is proving more difficult that I anticipated.

How I created the app and command:

So, I created a test app called "TestCommands" using the sample_app template.
Then, I created a dummy script called "testcommand.py" in the bin folder within that app.

import sys
import csv
import splunk.Intersplunk

while True:
    line = sys.stdin.readline()
    if not line.strip(): break

reader = csv.DictReader( sys.stdin )
headers = reader.fieldnames
writer = csv.DictWriter( sys.stdout, headers )
writer.writer.writerows( headers )

(From what I understand, this should just output the headers back to splunk)

I also have a commands.conf located in the default and local folders of the apps. (The directions were unclear as to which of these i should put it in) Both of those contain the same information:

[testscript]
filename = testcommand.py
streaming = true
supports_getinfo=true
maxinputs = 0

My Search is as follows:

source="pathname\dummydata.csv" | testscript" 

I have checked that the data source isn't the problem.
Thanks for the help.

OL
Communicator

I had this issue when upgrading my python SDK of my app to version 1.3.0 (from 1.2.3). The solution was to add at the beginning of my script the following lines (as it is the case in the new examples):

import sys

from splunklib.searchcommands import \
    dispatch, StreamingCommand, Configuration, Option, validators

Hope it might help others 🙂

0 Karma

Stephen93Marsh
Explorer

I'll try that Chris. If I start basic enough, its bound to work. Thanks

0 Karma

chris
Motivator

Maybe you could start by copying one of the commands in the search app. uniq.py a very basic example.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Your command does not do anything that appears to support getinfo and the error message mentions the same, so I suggest turning that off in commands.conf.

martin_mueller
SplunkTrust
SplunkTrust

Concerning local vs default, put the .conf in default. You're the creator of the app, so you provide the default configuration. The user of your app can then override things in local if he needs to.

0 Karma

Stephen93Marsh
Explorer

After trying this, it just says "Unknown search command" 😞

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...