Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

commands.conf not updating custom search commands

ltakato
Explorer
‎08-01-2012 09:58 AM

I have created a custom search command and placed my py file in search/bin and then I have created search/local/commands.conf file and added

[data]
filename = data.py
streaming = false
changes_colorder = false

However when I restart splunk on the web interface the search command doesn't show up. And when I change the name of a command in the default/commands.conf file and restart splunk that doesn't show up either.

I have a test server that I tried everything on first and it all worked fine but as when I made the same changes on a search head we use everyday the search command doesn't show up under custom search commands.

I am using ubuntu and splunk version 4.3.2.

Is there something that is stopping splunk from grabbing the config files?
Any help would be appreciated.

Thanks,
Lucas

Reply
1 Solution
Solved! Jump to solution
Solution

kallu
Communicator
‎08-02-2012 04:26 AM

Did you check your python script has execution rights and you can run it manually?

I'm not sure if it's the best idea to add custom search commands under search -app. I would package them as separate apps/add-ons in their own directories to make sure nothing gets overwritten in next Splunk upgrade. I wrote an example of plugging legacy scripts as Splunk search commands. I hope that will help you find what you were missing.

View solution in original post

Reply
Solved! Jump to solution
Solution

kallu
Communicator
‎08-02-2012 04:26 AM

Did you check your python script has execution rights and you can run it manually?

I'm not sure if it's the best idea to add custom search commands under search -app. I would package them as separate apps/add-ons in their own directories to make sure nothing gets overwritten in next Splunk upgrade. I wrote an example of plugging legacy scripts as Splunk search commands. I hope that will help you find what you were missing.

Reply
Solved! Jump to solution

ltakato
Explorer
‎08-02-2012 09:04 AM

So it turns out that we use a shared directory that is linked to all of our splunk instances that we use. I didn't know that so I was installing everything to the wrong folder.

Thanks

0 Karma
Reply
Solved! Jump to solution

ltakato
Explorer
‎08-02-2012 08:29 AM

I am able to run the scripts on the machine that splunk is installed on, and I have already checked permission and everything looks identical to my test machine. Hopefully the local directory that I created in the search app will not be overridden if we do update but I will look into the separate app.

0 Karma
Reply
Get Updates on the Splunk Community!

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

This month, we’re delivering several platform, infrastructure, application and digital experience monitoring ...
Top