Splunk Dev

How do I run my custom v2 search command script directly from my command prompt?

matutter4
Explorer

I've taken the "generatetext.py" example from the SDK and I'd like to run it directly from my terminal. However, I get the exception below whenever Splunk lib enters _process_protocol_v2 and calls self._read_chunk which in turn returns None when it fails to get the "header".

How do I get around this obstacle in running my custom command script by hand?

The error:

Traceback (most recent call last):
  File "/usr/lib64/python2.7/logging/handlers.py", line 76, in emit
    if self.shouldRollover(record):
  File "/usr/lib64/python2.7/logging/handlers.py", line 155, in shouldRollover
    self.stream.seek(0, 2)  #due to non-posix-compliant Windows feature
  File "/usr/lib64/python2.7/codecs.py", line 703, in seek
    self.stream.seek(offset, whence)
IOError: [Errno 29] Illegal seek
Logged from file search_command.py, line 971
chunked 1.0,239,0
{"inspector":{"messages":[["ERROR","TypeError at \"/home/mat/splunk-sdk-python/examples/searchcommands_app/package/bin/packages/splunklib/searchcommands/search_command.py\", line 650 : 'NoneType' object is not iterable"]]},"finished":true}
0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

Here's how I do it:

/opt/splunk/bin/splunk cmd python /path/to/command.py

View solution in original post

spunk_enthusias
Path Finder

I wouldn't consider this problem solved. It remains annoyingly hard to run custom search commands from the command line because the protocol is entirely undocumented and no tooling is available.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Here's how I do it:

/opt/splunk/bin/splunk cmd python /path/to/command.py

shuklaji97
Loves-to-Learn Lots

is there any alreantive to this for windows?

 

0 Karma

jkat54
SplunkTrust
SplunkTrust

Wait when you say run from your terminal... Do you mean from command prompt or bash using a curl command to post the searh to the Splunk api?

0 Karma

matutter4
Explorer

Yes I do mean calling the script like splunk cmd python myscript.py But it just hangs waiting on STDIN. I assume it's looking for headers & metadata.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Ok so it's a generating search command yes?

In this case the only way to test it on command line is with a curl or search cli.

./splunk search "|generatetext.py"

For that to work, you must put the command in the /bin folder of at least one app, and make sure that app mentions it properly in the commands.conf

Here is a link to docs on executing searches via cli:
http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/CLIsearchsyntax

Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...