Developing for Splunk Enterprise

Doing my first scripted lookup, trying a basic hello world ... where do I start?

Builder

All,

Trying to make a basic scripted python lookup. The examples and tutorials were just way over my head. So trying to do something simpler. I coped the example file and tried to simplify the problem a little. What I am aiming to do here is pass a field called 'mystring' and get back a field called 'myoutput'.

I am passing hello as the field value for mystring and expecting world as the value in the new field myoutput.

When I execute this I get the following

index=*
| head 1
| eval mystring = "hello"
| lookup mylookup mystring

I get" Script execution failed for external search command '/opt/splunk/etc/apps/TA-myapp/bin/mylookup.py'."

here is my python.

#!/usr/bin/env python

import csv
import sys


def main():

    if len(sys.argv) != 3:
        print("Usage: python mylookup.py [mystring] [myoutput]")
        sys.exit(1)

    # always passing hello as a eval mystring = "hello"
    mystring = sys.argv[1]
    myoutput = sys.argv[2]

    infile = sys.stdin
    outfile = sys.stdout

    r = csv.DictReader(infile)
    header = r.fieldnames

    w = csv.DictWriter(outfile, fieldnames=r.fieldnames)
    w.writeheader()

    for result in r:
            result[mystring] = "hello"
            result[myoutput] = "world"
            w.writerow(result)

main()
Labels (1)
0 Karma

SplunkTrust
SplunkTrust

Hi,

Have you configured transforms.conf for external lookup ?

Like

[mylookup]
external_cmd = mylookup.py mystring
fields_list = mystring,myoutput
0 Karma