Installation

Getting error foe External lookup, Script execution failed for external search command

abhishekkalokhe
Explorer

Hi 
I am working on External lookup, below is my code

new.py

import csv
import os,sys
import subprocess
import requests
import sys
import json

infile = sys.stdin
outfile = sys.stdout
r = csv.DictReader(infile)
result = 0
new_fieldnames = ["clientip", "fraud_score", "country_code", "success"] 
w = csv.DictWriter(outfile, fieldnames=new_fieldnames)
w.writeheader()

apiURL = "my-api"
clientip = sys.argv[1]
URL = apiURL + clientip
r = requests.get(URL)
data = r.json()
result = {"clientip":str(data["host"]),"fraud_score": str(data["fraud_score"]), "country_code":str(data["country_code"]), "success":str(data["success"])}
w.writerow(result)

Above code is giving output as below:-

/opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-test/bin/new.py 172.168.0.2
clientip,fraud_score,country_code,success
172.168.0.2,75,US,True


0 Karma

abhishekkalokhe
Explorer

I am using below transforms.conf

[new]
allow_caching = 0
case_sensitive_match = 1
external_cmd = new.py clientip
fields_list = clientip,fraud_score,country_code,success

And getting this error - Script execution failed for external search command '/opt/splunk/etc/apps/TA-test/bin/new.py'.

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>