Developing for Splunk Enterprise

Custom search command executed multiple times with protocol v2

twesthead
Path Finder

Hi, I thought my custom search command was working fine, until I added some logs.
The logs showed me that for a single call to the command, the code was run multiple (3-4) times.
My command is built using protocol version 2.

I'm aware of this question, but the answer looks like a hack.

Checkout the logs below. Does everything look fine to you? How can I fix it?

Example:

import logging

from splunklib.searchcommands import dispatch, EventingCommand, Configuration

logger = setup_logger(logging.DEBUG)
logger.info("start log")

@Configuration()
class OutputFTP(EventingCommand):

    def transform(self, records):
        logger.info('inside transform')
        for record in records:
            yield record


logger.info("before dispatch")
dispatch(OutputFTP, sys.argv, sys.stdin, sys.stdout, __name__)
logger.info("after dispatch")

Result logs:

2018-10-26 15:49:34,196 INFO start log
2018-10-26 15:49:34,196 INFO before dispatch
2018-10-26 15:49:34,197 INFO inside transform
2018-10-26 15:49:34,198 INFO after dispatch
2018-10-26 15:49:34,262 INFO start log
2018-10-26 15:49:34,263 INFO before dispatch
2018-10-26 15:49:34,264 INFO inside transform
2018-10-26 15:49:34,265 INFO after dispatch
2018-10-26 15:49:34,358 INFO start log
2018-10-26 15:49:34,359 INFO before dispatch
2018-10-26 15:49:34,360 INFO inside transform
2018-10-26 15:49:34,425 INFO start log
2018-10-26 15:49:34,425 INFO before dispatch
2018-10-26 15:49:34,426 INFO inside transform
2018-10-26 15:49:34,429 INFO after dispatch

commands.conf

[my_command]
filename = my_command.py
chunked = true
run_in_preview = false
Labels (1)

seva98
Path Finder

It has been some time since you asked but do you have any idea why it was happening? I have the same issue, my script starts logger +2 times every time and sometimes even fails. I wonder if it is logger related issue or python interpreter issue.

0 Karma

seva98
Path Finder

It has been some time since you asked but do you have any idea why it was happening? I have the same issue, my script starts logger +2 times every time and sometimes even fails. I wonder if it is logger related issue or python interpreter issue.

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

<P style=" text-align: center; "><span class="lia-inline-image-display-wrapper lia-image-align-center" ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

<FONT size="5"><FONT size="5" color="#FF00FF">Get the latest news and updates from the Splunk Community ...