I am starting with the custom commands in python and have some basic questions I guess. The python version is 2.7, which I find a bit awkward as it does not even have the pip or easy_install to get the splunk-sdk installed. What we did was to install the python 3 under the /usr/local/bin/python3, then we got the splunk-sdk. We relinked the python to python3. The custom commands work fine now ... but the whole rest not really. I get issues with some of my alerts and when restarting, the splunk itself does not come up.
So, my questions would be: - Is it possible to get other version of python (3.5 instead of 2.7) running with Splunk? - If not, what would be the easiest way to install the splunk-sdk for python under the 2.7? ... not having the easy_install nor pip unfortunately so the hints from the docu cannot be really followed - And, why can't the splunk-sdk be just installed by default when installing Splunk ...
It was an issue with our python 2.7 installation, where we were not able to get pip neither easy_install running so we could not implement the splunk-sdk.
We workarounded it by pointing in the custom command / python script to the python 3.5 splunk-sdk module.
Please see below the example code of the simple sleep60 command.
from splunklib.searchcommands import dispatch, StreamingCommand, Configuration
for record in records:
if __name__ == "__main__":
dispatch(MyCommand, sys.argv, sys.stdin, sys.stdout, __name__)