Solved: Scripted input not creating last event file

wyattfg · ‎03-11-2019

I'm trying to create a script within a custom add-on that runs daily to pull data from an API endpoint. One of the arguments of the request is "from" which is a %Y-%m-%d string. My script is running successfully (the correct events exist after it runs), but the file for tracking the last event isn't being created. I've ran the script manually from the command line of my Splunk host and the file is created then, so I know that it should work. The python file has 555 permissions and is owned by splunk:splunk. Are there any steps that aren't obvious that I could be missing?

Here is the segment that should create the file:

with open(last_date_path, 'w') as file:
    file.write(str(date.today() - timedelta(days=1)))

wyattfg · ‎03-13-2019

Think I found the solution. last_date_path should include the entire directory structure like this: os.path.join(os.environ["SPLUNK_HOME"], "etc", "apps", "<APP_NAME>", "bin", <LAST_DATE_FILENAME>).

View solution in original post

wyattfg · ‎03-13-2019

Think I found the solution. last_date_path should include the entire directory structure like this: os.path.join(os.environ["SPLUNK_HOME"], "etc", "apps", "<APP_NAME>", "bin", <LAST_DATE_FILENAME>).

Scripted input not creating last event file

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

.conf26 Registration is Live: Secure Your Early Bird Pass Now

Mile High Learning with Splunk University, Denver, Colorado

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

Join the Conversation