Getting error foe External lookup, Script executio...

abhishekkalokhe · ‎08-26-2020

Hi
I am working on External lookup, below is my code

new.py

import csv
import os,sys
import subprocess
import requests
import sys
import json

infile = sys.stdin
outfile = sys.stdout
r = csv.DictReader(infile)
result = 0
new_fieldnames = ["clientip", "fraud_score", "country_code", "success"] 
w = csv.DictWriter(outfile, fieldnames=new_fieldnames)
w.writeheader()

apiURL = "my-api"
clientip = sys.argv[1]
URL = apiURL + clientip
r = requests.get(URL)
data = r.json()
result = {"clientip":str(data["host"]),"fraud_score": str(data["fraud_score"]), "country_code":str(data["country_code"]), "success":str(data["success"])}
w.writerow(result)

Above code is giving output as below:-

/opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-test/bin/new.py 172.168.0.2
clientip,fraud_score,country_code,success
172.168.0.2,75,US,True

abhishekkalokhe · ‎08-26-2020

I am using below transforms.conf

[new]
allow_caching = 0
case_sensitive_match = 1
external_cmd = new.py clientip
fields_list = clientip,fraud_score,country_code,success

And getting this error - Script execution failed for external search command '/opt/splunk/etc/apps/TA-test/bin/new.py'.

Getting error foe External lookup, Script execution failed for external search command

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x

Are you a member of the Splunk Community?

Getting error foe External lookup, Script execution failed for external search command

Introduction to Splunk AI

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Maximizing the Value of Splunk ES 8.x