Splunk Dev

How to pass the value of the field to the script as a parameter when customizing commands in Python?

pbalbasm
Path Finder

Hi everyone,

I have created a custom command in Python that needs a parameter, which is one of the fields of the search.

The script is as the following:

import splunk.Intersplunk

def foofunct(text):
     output = //Doing something with text
     return output

keywords, options = splunk.Intersplunk.getKeywordsAndOptions()

results,unused1,unused2 = splunk.Intersplunk.getOrganizedResults()

for result in results:
     result["foo"] = foofunct(keywords)
splunk.Intersplunk.outputResults(results)

When I insert the parameter directly in the tests, it works perfectly, but when I put the name of the field, it doesn't take the value of the field, it takes the name of the field as a parameter.

Is there any way to pass the value of the field to the script as a parameter?

Thanks for all.

Regards

Labels (2)
1 Solution

pbalbasm
Path Finder

For me, the solution was to create a Javascript in the view wich launches a search with the correct parameters, so the keywords are values taken directly from the javascript.

View solution in original post

0 Karma

pbalbasm
Path Finder

For me, the solution was to create a Javascript in the view wich launches a search with the correct parameters, so the keywords are values taken directly from the javascript.

0 Karma

hallt3
Path Finder

Been a while, here's what I remember. Import sys. You can send in args via argv. TEXTSTRING = sys.argv[1]

Then when running the custom search command you just put 'em after the command. | script myscript arg1 arg2 ...

0 Karma

alonsocaio
Contributor

How are you using this custom command in your searches?

0 Karma

highsplunker
Contributor

The question is how to pass parameters in and out of custom python script. This script is just an example.

0 Karma

alonsocaio
Contributor

I got it, but you said that when you put the name of the field as a parameter It does not get the field value, but the field name, so I am supposing you tried running this command from Splunk, right? If you tried running it from Splunk, I'd like to know how you used the command.

0 Karma

highsplunker
Contributor

Why doesn't anybody help?

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...