Modular input script execution

manudbc · ‎03-16-2018

hello I have a modular input script which estract data from a external source with a interval ejecution this script has an Schema, I wont to use the schema data for a script ejecution in search
Modular input scheme script:

import json
import time
import urllib2

from splunklib.modularinput import *


class MyScript(Script):

    def get_scheme(self):

        scheme = Scheme("x")
        scheme.description = ("x")
        scheme.use_external_validation = True
        scheme.use_single_instance = False

        api_arg = Argument(
            name="api",
            title="API Code",
            data_type=Argument.data_type_string,
            required_on_create=True,
            required_on_edit=True
        )
        scheme.add_argument(api_arg)


        return scheme

    def validate_input(self, definition):
        api = definition.parameters["api"]

    def stream_events(self, inputs, ew):
            api = input_item["api"]
            list=[]
            count=0
            try:
                r = urllib2.Request("URLLLLLLL".format(api))
                t = json.loads(urllib2.urlopen(r).read())

                    logevent = Event()
                    logevent.stanza = input_name
                    logevent.data = json.dumps(t, sort_keys=True, separators=(',',':'))
                    ew.write_event(logevent)

if __name__ == "__main__":
    exitcode = MyScript().run(sys.argv)
    sys.exit(exitcode)

using following search

| script commandname arg1 arg2

my script use api schema data and update or add events to my index
¿any example of my script?

manudbc · ‎03-19-2018

Is there any way to do that??

Modular input script execution

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >