Developing for Splunk Enterprise

Why am I getting Error code 1 for my python script?

Path Finder

Hi,
I wrote a python script to read the external IP from event logs and pass that as the parameter to the command(script) which is designed to do a CURL lookup . I made sure to include all the splunk libraries within to stream the data, and meet the environment dependencies for CURL on windows.

Just to make sure I tested the python script with an IP passed as an argument out of Splunk framework& it works fine.
But returns Error code 1, when integrated with splunk as follows:

import sys, getopt
import os
import urllib
import urllib2
import csv
import sys,splunk.Intersplunk
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
 results = []
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
for arg in sys.argv:
    print arg
url='https:///%s?' %arg
maxm = os.system('curl -u  "username:password" %s' %url)
result = splunk.Intersplunk.generateErrorResults(None, None, True)
splunk.Intersplunk.outputResults(results)

"External search command 'asd' returned error code 1."

Please let me know what I am missing on and the likely solution for this.

Thanks

0 Karma

SplunkTrust
SplunkTrust

You're calling generateErrorResults() in line 14, that's usually not good if done outside of a conditional statement. Also, I think that takes a single string rather than three arguments.

Check out http://docs.splunk.com/Documentation/Splunk/6.2.0/AdvancedDev/SearchScripts for some docs and an example at the bottom.

0 Karma

Path Finder

Here is my edited script. But I still get the same error.

import sys, getopt
import os
import urllib
import urllib2
import csv
import splunk.Intersplunk
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
results = []
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
for arg in sys.argv:
print arg
url='https://%s' %arg
results = os.system('curl -u "username:password" %s' %url)
results = splunk.Intersplunk.readResults(None, None, True)
splunk.Intersplunk.outputResults(results)

0 Karma

SplunkTrust
SplunkTrust

use the logger function to display what your script is doing; first add a logger function:

def setup_logging(n):
    logger = logging.getLogger(n) # Root-level logger
    if myDebug == "yes":
        logger.setLevel(logging.DEBUG)
    else:
        logger.setLevel(logging.ERROR)
    LOGGING_DEFAULT_CONFIG_FILE = os.path.join(SPLUNK_HOME, 'etc', 'log.cfg')
    LOGGING_LOCAL_CONFIG_FILE = os.path.join(SPLUNK_HOME, 'etc', 'log-local.cfg')
    LOGGING_STANZA_NAME = 'python'
    LOGGING_FILE_NAME = "%s.log" % myScript
    BASE_LOG_PATH = os.path.join('var', 'log', 'splunk')
    LOGGING_FORMAT = "%(asctime)s %(levelname)-s\t%(module)s:%(lineno)d - %(message)s"
    splunk_log_handler = logging.handlers.RotatingFileHandler(os.path.join(SPLUNK_HOME, BASE_LOG_PATH, LOGGING_FILE_NAME), mode='a') 
    splunk_log_handler.setFormatter(logging.Formatter(LOGGING_FORMAT))
    logger.addHandler(splunk_log_handler)
    splunk.setupSplunkLogger(logger, LOGGING_DEFAULT_CONFIG_FILE, LOGGING_LOCAL_CONFIG_FILE, LOGGING_STANZA_NAME)
    return logger

then add for each step in your script a line like this:

if myDebug == "yes": logger.info( "Starting the main task ..." )

your log file will be in $SPLUNK_HOME/var/log/splunk/

Path Finder

it says

The external search command 'asd' did not return events in descending time order, as expected.

0 Karma

SplunkTrust
SplunkTrust

That's not the same error. Previously the search command didn't run, now it's running but isn't returning events in descending time order, as expected.

0 Karma