Getting Data In

commands.conf not updating custom search commands

ltakato
Explorer

I have created a custom search command and placed my py file in search/bin and then I have created search/local/commands.conf file and added

[data]
filename = data.py
streaming = false
changes_colorder = false

However when I restart splunk on the web interface the search command doesn't show up. And when I change the name of a command in the default/commands.conf file and restart splunk that doesn't show up either.

I have a test server that I tried everything on first and it all worked fine but as when I made the same changes on a search head we use everyday the search command doesn't show up under custom search commands.

I am using ubuntu and splunk version 4.3.2.

Is there something that is stopping splunk from grabbing the config files?
Any help would be appreciated.

Thanks,
Lucas

1 Solution

kallu
Communicator

Did you check your python script has execution rights and you can run it manually?

I'm not sure if it's the best idea to add custom search commands under search -app. I would package them as separate apps/add-ons in their own directories to make sure nothing gets overwritten in next Splunk upgrade. I wrote an example of plugging legacy scripts as Splunk search commands. I hope that will help you find what you were missing.

View solution in original post

kallu
Communicator

Did you check your python script has execution rights and you can run it manually?

I'm not sure if it's the best idea to add custom search commands under search -app. I would package them as separate apps/add-ons in their own directories to make sure nothing gets overwritten in next Splunk upgrade. I wrote an example of plugging legacy scripts as Splunk search commands. I hope that will help you find what you were missing.

ltakato
Explorer

So it turns out that we use a shared directory that is linked to all of our splunk instances that we use. I didn't know that so I was installing everything to the wrong folder.

Thanks

0 Karma

ltakato
Explorer

I am able to run the scripts on the machine that splunk is installed on, and I have already checked permission and everything looks identical to my test machine. Hopefully the local directory that I created in the search app will not be overridden if we do update but I will look into the separate app.

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...