Developing for Splunk Enterprise

Looking for an example generating custom script that execute OS command



I am looking for a simple example of custom generating search command that
executes OS command and show the result of execution.

I don't have much knowledge of Python SDK, but I want to start from an simple example.

Thank you, and any commend would be appreciated.

0 Karma


Its better if you do this in a separate/new app.

In local directory of app, create commands.conf (if it is already not there).

In bin directory of app create
import os,re,csv
import sys
os.system("data \" +%c\" ")
command = 'vmstat -s'

Restart searchhead and give proper permissions.

In SH get the results by searching |cachecheck.