Developing for Splunk Enterprise
Highlighted

Whats the point of Custom Python scripts?

Builder

Whats the point of creating a custom script in python for Splunk?
I read that you can use it to handle your Splunk search results, but you can already do that via the browser Interface, What else can you do?

If this is beneficial, where can I find tutorials to help write python scripts for Splunk?
by the way, I already know how to program in python.

0 Karma
Highlighted

Re: Whats the point of Custom Python scripts?

Communicator

Hi,

If you are talking about python scripts at index time, this is a great feature when Splunk are not able to get the data such as database or application API. You can find lots of information about this on http://www.splunk.com/base/Documentation/4.2.1/Developer/ScriptSetup (replace the 4.2.1 with the latest release version or the one you are using)

If you are talking about the python search command, an idea could be that you could use it when creating a python scripted input and you want to change the input data according to the data already indexed in Splunk. For more information about python search command, have a look at: http://www.splunk.com/base/Documentation/4.2.1/SearchReference/WriteaPythonsearchcommand

You want to search into Splunk using Python and integrate the result in your third-party application, I would suggest to have a look at the REST API that you will find in teh documentation section.

Hope it helps.

Regards,
Olivier

Highlighted

Re: Whats the point of Custom Python scripts?

Builder

Thanks, but Do I really need to have a key file and a Wrapper Script?, What files are Mandatory needed? I am currently trying to run the google.py which is a default script I found in the Search/bin Directory, in order to output the results in an output-file to search it via Splunk, My question is after adding the details to the input.conf and commands.conf, How do you actually run the Script?

0 Karma
Highlighted

Re: Whats the point of Custom Python scripts?

SplunkTrust
SplunkTrust

you run the script by piping your search results to the google command. eg "foo host=bar | google"

0 Karma
Highlighted

Re: Whats the point of Custom Python scripts?

Builder

We're talking about 2 different cases where you could write a script. The first, when you need to gather data from somewhere that doesn't have a logfile, you use a "scripted input". That scripted input would be run on an interval, as specified in inputs.conf (i.e. the script provides "input"/data to Splunk).

# inputs.conf
[script://./bin/myscript.sh]
interval = 300
source = myscript
sourcetype = myscript

With that definition, myscript.sh will run every 5 minutes, and whatever data it prints out will be indexed within Splunk -- as OL said, it's nice for getting data from databases and APIs, etc.

Now, the second case is when you find that you need an extra feature within the search language that doesn't exist already (e.g. I want to add geolocation data to my events), or is possibly too challenging using standard search commands. You create a script (these scripts must make calls to Splunk APIs) and a corresponding commands.conf entry:

[geoip]
filename = geoipcmd.py
streaming = true
supports_getinfo=true
maxinputs = 0

This new command is then available in your searches:

sourcetype=firewall src_ip=* | geoip src_ip

View solution in original post

Highlighted

Re: Whats the point of Custom Python scripts?

Builder

-Thanks a Bunch mw, but after Iv added my script to the input.cong file How do I search for it?

My Script is a MySql Query script from a Solaris Host, do I have to add this to the input.conf or am I good to go?

-So your saying that Python and Perl Scripts are only used if I were to add a new Search feature to Splunk?

-Does Splunk support Python 3.1?

0 Karma