Developing for Splunk Enterprise
Highlighted

Custom Python script not working for splunk eventsI

New Member

I have implemented a python script and it is working fine from command prompt and giving output as "200,0.548236". But when I am running my search from splunk dashboard its not showing any results.

Search command: source="Catalog_Ext-Akamai" earliest=-5m|stats last(StatusCode) as value | rangemap field=value low=200-200 default=severer|script catalog rel02

My commands.conf file and inputs.conf file here:

commands.conf file:
[catalog]
filename = test.py
type = python

inputs.conf file:
[script://$SPLUNKHOME/etc/apps/search/bin/CatalogExt-Akamai.sh] #here we are not passing any args as script running from commands.conf
disabled = 0
index = kohlssynthetic
interval = 300.0
sourcetype = synthetic
source = Catalog
Ext-Akamai
host =

Can someone help me on this.

Thanks.
splunk

Tags (3)
0 Karma
Highlighted

Re: Custom Python script not working for splunk eventsI

New Member

My Python script just call my shell script which will run actual code and provide the output.

0 Karma
Highlighted

Re: Custom Python script not working for splunk eventsI

SplunkTrust
SplunkTrust

If python script test.py is calling $SPLUNK_HOME/etc/apps/search/bin/Catalog_Ext-Akamai.sh then why it's added as scripted input ?

0 Karma
Highlighted

Re: Custom Python script not working for splunk eventsI

New Member

Hi,
We are passing a parameter to shell script and we are unable to pass arguments to inputs.conf file. So implemented a python script to call shell script with arguments. But when we check events, script still picking from inputs.conf instead commands.conf.

Thanks.

0 Karma
Highlighted

Re: Custom Python script not working for splunk eventsI

SplunkTrust
SplunkTrust

I am confused, what you want to achieve ? Do you want to run script, based on output generated by splunk query OR Do you want to run scripted input (Scripted input runs at defined interval and index data in Splunk) ?

If you want to process/send splunk query output then you can use custom command. To create custom command please refer documentation https://docs.splunk.com/Documentation/Splunk/7.2.3/Search/Aboutcustomsearchcommands , Have a look at sample custom command script on this answer https://answers.splunk.com/answers/601523/custom-command-arguments.html so you will get better idea.

0 Karma
Highlighted

Re: Custom Python script not working for splunk eventsI

New Member

My requirement is simple..
I have a dashboard and I want to use the same for multiple environments. So created a dropdown token and passing env as parameter to my shell script.

I am unable to pass my parameter to shell script which is configured in inputs.conf, so the reason created custom python script in commands.conf and calling shell script using python script.

Now python script is working fine and giving the output. but when we query through splunk dashboard its not showing any results as events are still looking for script in inputs.conf.

0 Karma
Highlighted

Re: Custom Python script not working for splunk eventsI

New Member

"200,0.373956" this is my python script's output.
Now I want to run my python script and with arguments and configure 200 as statuscode and 0.373956 as Responsetime and search for the same in search query.
please find my props.conf here.
[synthetic]
EXTRACT-StatusCode = ^(?P\d+)
EXTRACT-ResponseTime = ^\d+:(?P.+)
EXTRACT-ResponseTime2,Node = ^\d+,(?P[^ ]+) Node="(?P\d+)
EXTRACT-StoreNum = ^(?:[^ \n]* ){5}(?P.+)
EXTRACT-ResponseTime2 = ^\d+,(?P[^ ]+)
EXTRACT-MemHealth = ^\s+"\w+"\s+:\s+\w+,\s+"\w+"\s+:\s+\w+\s+"\w+"\s+:\s+\w+,\s+"\w+"\s+:\s+\w+,\s+"\w+"\s+:\s+(?P\w+)
EXTRACT-CurrentMem = ^\s+"\w+"\s+:\s+"\w+:\s+\w+.\s+\w+:\s+\w+"\s+"\w+"\s+:\s+"\w+\s+\w+"\s+"\w+"\s+:\s+"\w+\s+\w+\s+\d+\s+\w+.\s+\w+\s+\w+\s+(?P[^ ]+)
EXTRACT-ResponseTime3 = ^\d+,(?P\d+.\d+)

0 Karma
Highlighted

Re: Custom Python script not working for splunk eventsI

Path Finder

In your screenshot you have a time range of all time, but in the actual search you include the clause earliest=-5m.

What is returned if you keep the time range as all time, but change your search to

index=kohls_synthetic source="Catalog_Ext-Akamai"

Dave

0 Karma
Highlighted

Re: Custom Python script not working for splunk eventsI

New Member

If we remove script tag from search query its going to inputs.conf file and giving events.

0 Karma
Highlighted

Re: Custom Python script not working for splunk eventsI

New Member

how can we avoid script to go inputs.conf and should go to commands.conf always.
In my case for events it is picking the script from inputs.conf instead of commands.conf

Thanks.

0 Karma