I need to pass to my python custom search command two values: x and y.
I found some examples where it's shown this:
x = Option(require=True, validate=validators.Fieldname())
y = Option(require=True, validate=validators.Fieldname())
Now I simply run my script by simply entering my_script x=50, y=25
Unfortunately I get this errors:
Illegal value: x=50
Illegal value: y=25
Values for these required options are missing: x, y
I cannot find neither the problem nor anyone who is facing this problem.
The code I copied from is an example taken from this url: Create a custom Splunk search commands with Python3 | HoldMyBeer (holdmybeersecurity.com)
Thank you in advance!
I am not an expert on this, but it seems like the way you have it implemented, the code will check if the values for x and y are field names, when you likely want to validate that they are integers.
Can you try changing to this and see if that helps:
x = Option(require=True, validate=validators.Integer())
y = Option(require=True, validate=validators.Integer())
If it does, specifying my_script x="abc" y="def" should throw an error.
As you currently have it, validation would support my_script x=some_event_field y=some_other_event_field
At least that's my understanding on how it works. You can find a list of all implemented validators here.