Developing for Splunk Enterprise

How do I run my custom v2 search command script directly from my command prompt?

Explorer

I've taken the "generatetext.py" example from the SDK and I'd like to run it directly from my terminal. However, I get the exception below whenever Splunk lib enters _process_protocol_v2 and calls self._read_chunk which in turn returns None when it fails to get the "header".

How do I get around this obstacle in running my custom command script by hand?

The error:

Traceback (most recent call last):
  File "/usr/lib64/python2.7/logging/handlers.py", line 76, in emit
    if self.shouldRollover(record):
  File "/usr/lib64/python2.7/logging/handlers.py", line 155, in shouldRollover
    self.stream.seek(0, 2)  #due to non-posix-compliant Windows feature
  File "/usr/lib64/python2.7/codecs.py", line 703, in seek
    self.stream.seek(offset, whence)
IOError: [Errno 29] Illegal seek
Logged from file search_command.py, line 971
chunked 1.0,239,0
{"inspector":{"messages":[["ERROR","TypeError at \"/home/mat/splunk-sdk-python/examples/searchcommands_app/package/bin/packages/splunklib/searchcommands/search_command.py\", line 650 : 'NoneType' object is not iterable"]]},"finished":true}
0 Karma
1 Solution

SplunkTrust
SplunkTrust

Here's how I do it:

/opt/splunk/bin/splunk cmd python /path/to/command.py

View solution in original post

SplunkTrust
SplunkTrust

Here's how I do it:

/opt/splunk/bin/splunk cmd python /path/to/command.py

View solution in original post

SplunkTrust
SplunkTrust

Wait when you say run from your terminal... Do you mean from command prompt or bash using a curl command to post the searh to the Splunk api?

0 Karma

Explorer

Yes I do mean calling the script like splunk cmd python myscript.py But it just hangs waiting on STDIN. I assume it's looking for headers & metadata.

0 Karma

SplunkTrust
SplunkTrust

Ok so it's a generating search command yes?

In this case the only way to test it on command line is with a curl or search cli.

./splunk search "|generatetext.py"

For that to work, you must put the command in the /bin folder of at least one app, and make sure that app mentions it properly in the commands.conf

Here is a link to docs on executing searches via cli:
http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/CLIsearchsyntax

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!