Solved: Script command : Error in 'script' command: The ex...

koshyk · ‎12-17-2013

Hi

I'm having issues while running script command within the search. I've tried running something like ..

| savedsearch UsersCount_byDomain_Pie | script python SavedSearch.py

I've updated "commands.conf" in $SPLUNK_HOME/etc/apps/myApp/local (also tried $SPLUNK_HOME/etc/apps/myApp ) and have restarted splunk

cat commands.conf
[samplePython]
FILENAME = SavedSearch.py

I've kept the script under $SPLUNK_HOME/etc/apps/myApp/bin

Error Shown

Error in 'script' command: The external search command 'SavedSearch.py' does not exist in commands.conf.

I've checked the Saved Search and the python Script individually and it works.

i'm confused if I need to provide absolute path (the example shown in Splunk docs is not sufficient) in the search string?

(My confusion is "where would you keep the commands.conf and the script ?" I'm not convinced if splunk recognizes the myApp/bin directory correctly)

faguilar · ‎01-16-2019

Hi,

I know this is an old question, but I got the same issue and this is how I solved it:

First, you have to create the file authorize.conf on /detault (or /local folders), having this content:

> [capability::run_script_samplePython]
> 
> [role_admin]
> run_script_samplePython=enabled

Then, you can execute the command | samplePython, but be shure you are working within the search of your app. If you want to execute the command with global permissions, you'll need to change the permissions of your app (since the app access is not allowed for global execution by default).

Hope it helps.

View solution in original post

faguilar · ‎01-16-2019

Hi,

I know this is an old question, but I got the same issue and this is how I solved it:

First, you have to create the file authorize.conf on /detault (or /local folders), having this content:

> [capability::run_script_samplePython]
> 
> [role_admin]
> run_script_samplePython=enabled

Then, you can execute the command | samplePython, but be shure you are working within the search of your app. If you want to execute the command with global permissions, you'll need to change the permissions of your app (since the app access is not allowed for global execution by default).

Hope it helps.

koshyk · ‎01-31-2019

thanks mate.

nivedita_viswan · ‎06-25-2015

I had the same problem - adding the stanza to commands.conf in the SPLUNK_HOME/etc/apps/myApp/default folder (and not local folder) calls the script correctly.

ss026381 · ‎07-19-2019

Thanks,
For me putting the configurations in default folder worked.
Just fyi if you put the script in system\bin and configurations in system\local it will work as well.

koshyk · ‎12-17-2013

I saw a comment in Thread http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Script to use same name for script and stanza. Hence I tried using samplePython.py and stanza to be: samplePython . Still not working !!

dart · ‎12-17-2013

Your commands.conf should look like this:

[samplePython]
filename = SavedSearch.py

Then you can call it like so:

| savedsearch UsersCount_byDomain_Pie | samplePython

koshyk · ‎12-17-2013

Hmm.. not working. Without script it says
Unknown search command 'samplepython'.

Script command : Error in 'script' command: The external search command Error

Get More Out of Your Security Practice With a SIEM

New This Month - SLO Capabilities, APM Advanced Filtering & Usage Analytics Plus ...

Enterprise Security Content Update (ESCU) | New Releases