Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Python script execution from Splunk GUI

manish_singh_77
Builder
‎04-17-2020 06:20 AM

Hi Team,

We have a python script which runs and executes the results of the knowledge objects of rest apis. We are going to run this script on adhoc basis which will modify and list the permissions. Do we have to use custom search command for that?

If yes then please let us know the approach...

Tags (1)
0 Karma
Reply

manjunathmeti
Champion
‎04-17-2020 07:27 AM

You can create a custom alert action to trigger python script using steps provided here:

https://answers.splunk.com/answers/810829/problem-with-scripted-alert.html#answer-810832

And use sendalert command to trigger script.

<base search> | sendalert scriptcustomalert
0 Karma
Reply

manish_singh_77
Builder
‎04-20-2020 05:48 AM

@manjunathmeti ,

I have a python script, for now I am executing the commands from the server and getting the results.

For example: /opt/splunk/bin/splunk cmd python /home/splunk/test_Script.py list savedsearch --user test_user

This will return the results once executed from the server, how we do the same thing from GUI?

0 Karma
Reply

manjunathmeti
Champion
‎04-20-2020 06:15 AM

If you want to run a script as command and get results in search app then you need to create a custom search command. Check this:

https://dev.splunk.com/enterprise/docs/developapps/customsearchcommands/createcustomsearchcmd

If you listing all saved searches, you can use below search query:

| rest /servicesNS/-/-/saved/searches  | table title,cron_schedule,next_scheduled_time,eai:acl.owner,actions,eai:acl.app
0 Karma
Reply

manish_singh_77
Builder
‎04-21-2020 12:40 AM

@manjunathmeti

Thanks for your reply, slight correction from my end, we can also use curl utility to modify the permissions, right?

0 Karma
Reply

manjunathmeti
Champion
‎04-21-2020 03:29 AM

If you are asking about modifying the splunk objects (like savedsearches, views etc.) permissions using REST API calls using curl utility, then yes you can use that.

Check this link:
https://docs.splunk.com/Documentation/Splunk/8.0.3/RESTTUT/RESTbasicexamples

0 Karma
Reply

manish_singh_77
Builder
‎04-21-2020 04:42 AM

@manjunathmeti

Do you have any sample python script?

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...