I have created a custom command in Python that needs a parameter, which is one of the fields of the search.
The script is as the following:
import splunk.Intersplunk def foofunct(text): output = //Doing something with text return output keywords, options = splunk.Intersplunk.getKeywordsAndOptions() results,unused1,unused2 = splunk.Intersplunk.getOrganizedResults() for result in results: result["foo"] = foofunct(keywords) splunk.Intersplunk.outputResults(results)
When I insert the parameter directly in the tests, it works perfectly, but when I put the name of the field, it doesn't take the value of the field, it takes the name of the field as a parameter.
Is there any way to pass the value of the field to the script as a parameter?
Thanks for all.
I got it, but you said that when you put the name of the field as a parameter It does not get the field value, but the field name, so I am supposing you tried running this command from Splunk, right? If you tried running it from Splunk, I'd like to know how you used the command.
Been a while, here's what I remember.
Import sys. You can send in args via argv.
TEXTSTRING = sys.argv
Then when running the custom search command you just put 'em after the command.
| script myscript arg1 arg2 ...