Hi, I am trying to index from my python script. I followed the steps in this page to setup my data: http://docs.splunk.com/Documentation/Splunk/latest/Data/Getdatafromscriptedinputs#Add_a_scripted_inp...
I don't know why I tried the followings without it working:
- Placed the python script in these files ($SPLUNKHOME/etc/system/bin and $SPLUNKHOME/etc/apps/search/bin)
- write a stanza in inputs.conf (tried both $SPLUNKHOME/etc/system/local folder and $SPLUNKHOME/etc/apps/search/local folder)
- also wrote a stanza for props.conf in $SPLUNK_HOME/etc/system/local folder
- restart the splunkd
I followed steps in the documentation and also tested the scripts in command line. I still don't know what am i missing here. This is my input.conf stanza:
disabled = 0
host = ABC
index = report
interval = -1
source = reportA
sourcetype = report_json
Thanks for the help!
Here is what i would do:
Here are the contents of
[script://.\bin\myScript.py] interval = -1 # or some other interval # any other settings
An interval of -1 tells Splunk to run the script at start up. Have you restarted?
How are you testing this? Are you running a search on your report index (as specified in your example inputs.conf)?
Also, I'm making assumptions on your Python code. Whatever goes to STDOUT (the screen when run from the command line) should show up in Splunk.
Do you see any errors in your internal index using the following search:
You are right. I could see an error as below:
ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\search\bin\REVAPIviewerreport.py"" python: can't open file 'C:\Program Files\Splunk\etc\apps\search\bin\REVAPIviewerreport.py': [Errno 2] No such file or directory.
I do have my python script in that directory. Why does it state no such file?
I used command line to run the script and I could see the changes in the index. But when I start to put the script in Splunk it doesn't work. Thanks!
I found out where the problem is. I have to remove the . infront of .\bin\myscript.py. But I ran into another problem with ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\system\bin\REVAPIviewerreport.py"" ImportError: No module named splunklib.client.
I tried to play the splunklib packages inside bin but it still dispay the same error. How can I fix this error?
You will need to put any dependencies in your bin directory too. splunklib.client is in the Splunk Python SDK. You can download it here -> http://dev.splunk.com/python. Copy the splunklib folder into your bin folder.