Solved: Scripted input not creating last event file

wyattfg · ‎03-11-2019

I'm trying to create a script within a custom add-on that runs daily to pull data from an API endpoint. One of the arguments of the request is "from" which is a %Y-%m-%d string. My script is running successfully (the correct events exist after it runs), but the file for tracking the last event isn't being created. I've ran the script manually from the command line of my Splunk host and the file is created then, so I know that it should work. The python file has 555 permissions and is owned by splunk:splunk. Are there any steps that aren't obvious that I could be missing?

Here is the segment that should create the file:

with open(last_date_path, 'w') as file:
    file.write(str(date.today() - timedelta(days=1)))

wyattfg · ‎03-13-2019

Think I found the solution. last_date_path should include the entire directory structure like this: os.path.join(os.environ["SPLUNK_HOME"], "etc", "apps", "<APP_NAME>", "bin", <LAST_DATE_FILENAME>).

View solution in original post

wyattfg · ‎03-13-2019

Think I found the solution. last_date_path should include the entire directory structure like this: os.path.join(os.environ["SPLUNK_HOME"], "etc", "apps", "<APP_NAME>", "bin", <LAST_DATE_FILENAME>).

Scripted input not creating last event file

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!