Splunk Dev

scripted input python variables

caphrim007
Path Finder

Are there any splunk specific variables exposed to scripted inputs that I could use to navigate to files I distribute with my app?

For instance I want to parse a file and use values from it, but don't want to hardcode

/path/to/splunk/app/local/myscript.conf in the python file.

I'm looking for something like a

SPLUNK_HOME + '/etc/apps/' + APPLICATION + '/local/myscript.conf'

Or similar. Is there anything like this?

0 Karma
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

You can count on SPLUNK_HOME, but that's about it, and may not be what you should be using. To get the application path, you can take the relative path from the script's directory. In python, that will be sys.path[0] (in contrast to sys.argv[0], sys.path[0] has the location of the script regardless of how it was invoked), so to get the app base, you could usually do

os.path.join(sys.path[0],"..")

or to get the path to your file:

os.path.join(sys.path[0],"..","local","myscript.conf")

If you just want the app name, then:

os.path.basename(os.path.dirname(os.path.normpath(sys.path[0])))

assuming your script is directly in the app's bin directory.

It important that you calculate your paths relative to the current script location and not SPLUNK_HOME if you expect the script to be run via map-reduce on distributed search nodes, as the replication of the app config puts it into a different location and you can therefore not assume the app base is in $SPLUNK_HOME/etc/apps

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

You can count on SPLUNK_HOME, but that's about it, and may not be what you should be using. To get the application path, you can take the relative path from the script's directory. In python, that will be sys.path[0] (in contrast to sys.argv[0], sys.path[0] has the location of the script regardless of how it was invoked), so to get the app base, you could usually do

os.path.join(sys.path[0],"..")

or to get the path to your file:

os.path.join(sys.path[0],"..","local","myscript.conf")

If you just want the app name, then:

os.path.basename(os.path.dirname(os.path.normpath(sys.path[0])))

assuming your script is directly in the app's bin directory.

It important that you calculate your paths relative to the current script location and not SPLUNK_HOME if you expect the script to be run via map-reduce on distributed search nodes, as the replication of the app config puts it into a different location and you can therefore not assume the app base is in $SPLUNK_HOME/etc/apps

caphrim007
Path Finder

Great. I'll go with this to C.Y.A. Not sure how it could be used in a dist environment, but better safe than sorry.

0 Karma

southeringtonp
Motivator

The environment will typically have $SPLUNK_HOME set to '/opt/splunk' or whatever your local installation path is.

import os

APPNAME     = 'myapp'
FILENAME    = 'myscript.conf'
SPLUNK_HOME = os.environ['SPLUNK_HOME']

filename = os.path.join(SPLUNK_HOME,'etc','apps',APPNAME,'local',CONFIGNAME)

Filename should now contain '/opt/splunk/etc/apps/myapp/local/myscript.conf'.

gkanapathy
Splunk Employee
Splunk Employee

sys.path[0] in python will have the path of the script, whether it's called via scriptrunner or as an argument to python or running directly. Note that it is different in this regard from sys.argv[0].

0 Karma

southeringtonp
Motivator

I wondered about that, but wasn't sure if that approach would have differing results depending on whether the end-user script was called directly or via ScriptRunner. Though IIRC, the latter would only apply to custom search scripts and not scripted inputs.

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

I recommend you compute a path relative to the script location, i.e., sys.path[0], so that it will also correctly under distributed search map-reduce.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...