Getting error foe External lookup, Script executio...

abhishekkalokhe · ‎08-26-2020

Hi
I am working on External lookup, below is my code

new.py

import csv
import os,sys
import subprocess
import requests
import sys
import json

infile = sys.stdin
outfile = sys.stdout
r = csv.DictReader(infile)
result = 0
new_fieldnames = ["clientip", "fraud_score", "country_code", "success"] 
w = csv.DictWriter(outfile, fieldnames=new_fieldnames)
w.writeheader()

apiURL = "my-api"
clientip = sys.argv[1]
URL = apiURL + clientip
r = requests.get(URL)
data = r.json()
result = {"clientip":str(data["host"]),"fraud_score": str(data["fraud_score"]), "country_code":str(data["country_code"]), "success":str(data["success"])}
w.writerow(result)

Above code is giving output as below:-

/opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA-test/bin/new.py 172.168.0.2
clientip,fraud_score,country_code,success
172.168.0.2,75,US,True

abhishekkalokhe · ‎08-26-2020

I am using below transforms.conf

[new]
allow_caching = 0
case_sensitive_match = 1
external_cmd = new.py clientip
fields_list = clientip,fraud_score,country_code,success

And getting this error - Script execution failed for external search command '/opt/splunk/etc/apps/TA-test/bin/new.py'.

Getting error foe External lookup, Script execution failed for external search command

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Join the Conversation