Hi
I am working on External lookup, below is my code
new.py
import csv
import os,sys
import subprocess
import requests
import sys
import json
infile = sys.stdin
outfile = sys.stdout
r = csv.DictReader(infile)
result = 0
new_fieldnames = ["clientip", "fraud_score", "country_code", "success"]
w = csv.DictWriter(outfile, fieldnames=new_fieldnames)
w.writeheader()
apiURL = "my-api"
clientip = sys.argv[1]
URL = apiURL + clientip
r = requests.get(URL)
data = r.json()
result = {"clientip":str(data["host"]),"fraud_score": str(data["fraud_score"]), "country_code":str(data["country_code"]), "success":str(data["success"])}
w.writerow(result)
Above code is giving output as below:-
/opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-test/bin/new.py 172.168.0.2
clientip,fraud_score,country_code,success
172.168.0.2,75,US,True
I am using below transforms.conf
[new]
allow_caching = 0
case_sensitive_match = 1
external_cmd = new.py clientip
fields_list = clientip,fraud_score,country_code,success
And getting this error - Script execution failed for external search command '/opt/splunk/etc/apps/TA-test/bin/new.py'.