Developing for Splunk Enterprise
Highlighted

Is there a way to schedule a Python Script from Splunk?

Path Finder

I currently have a Python script calling an API and returning the results to Splunk. I can use the |script command in Splunk and the Python script works as expected. I have a dashboard built on the underlying data, which is pretty small in volume.

Is there a way to schedule this script to be called within Splunk? Is the saved search the best way to go about calling the |script command?

0 Karma
Highlighted

Re: Is there a way to schedule a Python Script from Splunk?

SplunkTrust
SplunkTrust

You could turn your script into a scripted input, and run that on a schedule either by interval or cron.

View solution in original post

Highlighted

Re: Is there a way to schedule a Python Script from Splunk?

Path Finder

Do I need to create a .sh file that calls the .py file?

0 Karma
Highlighted

Re: Is there a way to schedule a Python Script from Splunk?

SplunkTrust
SplunkTrust
0 Karma
Highlighted

Re: Is there a way to schedule a Python Script from Splunk?

Path Finder

I tried going down the path of scripted inputs, to pretty bad results. I added the .sh script to inputs.conf, but there is no reference to the script anywhere in the logs. Is there a way to check if the script is being triggered at all?

[script://$SPLUNK_HOME/etc/apps/my_app/bin/jira_wrapper_script.sh]
disabled = false # change to false to start the input, requires restart
host = local
index = jira_test
interval = 240 
source = http-simple
sourcetype = jira

[script://$SPLUNK_HOME/etc/apps/my_app/bin/jira_rest_api.py]
disabled = false # change to false to start the input, requires restart
host = local
index = jira_test
interval = 240
source = http-simple
sourcetype = jira

I am not surprised that the shell script may not work, since I have never written one before. I did expect to see error messages somewhere.

0 Karma
Highlighted

Re: Is there a way to schedule a Python Script from Splunk?

SplunkTrust
SplunkTrust

Search for index=_internal jira_wrapper_script to find infos about the script running.

For a simplified example, try something like this:

test.sh (set x bit with chmod!):

#!/bin/sh
echo Hello

inputs.conf

[script://./bin/test.sh]
interval, index, etc.

This should send an event containing just the word Hello to the index, sourcetype, etc. you specified in the inputs.conf.

0 Karma
Highlighted

Re: Is there a way to schedule a Python Script from Splunk?

Path Finder

Hmmm, it seems my scripting skills are below par. I set up the monitoring of the python script directly through the UI and it worked flawlessly. Shell script didn't turn out as well.

Turns out there was some issue with the actual sh file. The below shell script worked for anyone stumbling upon this page.

shell script

 #!/bin/bash
python "C:/Program Files/Splunk/etc/apps/my_app_name/bin/jira_rest_api.py"

Martin - thank you for your help.

0 Karma