Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I run a python script from a dashboard?

guimilare
Communicator
‎01-29-2018 07:49 AM

Hello Splunkers.

Can a dashboard run a python script?

My scenario is: the user have a text input field to write a 12 digit number.
The last digit is a check-digit, and it assures that the user will perform a search on a valid 12 digit number.

However, the only way I can check the number is by a python script.
The script receives the number, does so maths to garantee that the number is correct and returns True or False.

So, what I need is: when the user inserts the number in the text input field and click on "Submit", the python script receives the number and return True or False so I can work with the number in the searches.

Is it feasible?

Thanks in advance.
Regards, GMA

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

elliotproebstel
Champion
‎01-29-2018 08:38 AM

Absolutely. I'd do this with an external lookup, as documented here:
http://docs.splunk.com/Documentation/Splunk/7.0.1/Knowledge/Configureexternallookups

This will allow you to use your python script in any Splunk search with access to the lookup. Let's say you name the lookup validate_number, and you name the token for the text input field input_number. Then your search would be something like:

| makeresults
| eval input_number=$input_number$
| lookup validate_number number AS input_number OUTPUT validation_result
| fields - _time

That should return a table of input_number values and their validation_result values.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎01-31-2018 08:33 AM

@guimilare if your requirement is to validate 12 digit number as valid text input you can use JavaScript Regex for the same in SimpleXML itself using <eval> tag inside text box <change> event handler to match() required regex.

    <change>
      <eval token="validationResult">if(match(value, &quot;^[0-9]+$&quot;) AND len($value$)=12, &quot;TRUE&quot;, &quot;FALSE&quot;)</eval>
    </change>

alt text

Following is the run anywhere dashboard code for attached screenshot:

<form>
  <label>Text Numeric Value Validation</label>
    <fieldset submitButton="false">
     <input type="text" token="selText">
       <label>Enter Only Digits</label>
       <change>
         <eval token="validationResult">if(match(value, &quot;^[0-9]+$&quot;) AND len($value$)=12, &quot;TRUE&quot;, &quot;FALSE&quot;)</eval>
       </change>
     </input>
   </fieldset>
   <row>
     <panel>
       <table>
         <search>
           <query>| makeresults
  | eval InputText="$selText$"
  | eval InputLength=len("$selText$")
  | eval ValidationResult="$validationResult$" 
  | table InputText InputLength ValidationResult</query>
           <sampleRatio>1</sampleRatio>
         </search>
         <option name="count">20</option>
         <option name="dataOverlayMode">none</option>
         <option name="drilldown">cell</option>
         <option name="percentagesRow">false</option>
         <option name="rowNumbers">false</option>
         <option name="totalsRow">false</option>
         <option name="wrap">true</option>
       </table>
     </panel>
   </row>
 </form>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Preview file
1 KB
Reply
Solved! Jump to solution

guimilare
Communicator
‎01-31-2018 10:42 AM

Thanks niketnilay.

What I needed was to verify the last digit based on the 11 digits before.
However, this is a great solution to validate numbers.

0 Karma
Reply
Solved! Jump to solution
Solution

elliotproebstel
Champion
‎01-29-2018 08:38 AM

Absolutely. I'd do this with an external lookup, as documented here:
http://docs.splunk.com/Documentation/Splunk/7.0.1/Knowledge/Configureexternallookups

This will allow you to use your python script in any Splunk search with access to the lookup. Let's say you name the lookup validate_number, and you name the token for the text input field input_number. Then your search would be something like:

| makeresults
| eval input_number=$input_number$
| lookup validate_number number AS input_number OUTPUT validation_result
| fields - _time

That should return a table of input_number values and their validation_result values.

0 Karma
Reply
Solved! Jump to solution

guimilare
Communicator
‎01-31-2018 08:06 AM

Hi elliotproebstel,

I'm trying to do as sugested (and it really seems the right direction), but was unable to do so.
I wrote a script in python to receive the number and return the validation.

In CLI, it works:

/opt/splunk/bin/python ver_check_digit.py 1644432
cardid,status
1644432,False

However, when I run the search in SH, I get the following error:

Script for lookup table 'ver_check_digit' returned error code 1. Results my be incorrect.

Here is my python script:

#!/usr/bin/env python

import csv
import sys
import socket

def ver_check_digit(value):
    int_value = int(value)
    str_value = str(int_value)
    count = 1
    total_sum = 0

    while count < len(str_value):
        count = count + 1
        extracted_digit = str_value[-count]
        extracted_digit = int(extracted_digit)

        if count % 2 == 0:
            extracted_digit = extracted_digit * 2
            if extracted_digit > 9:
                extracted_digit = extracted_digit - 9

        total_sum = total_sum + extracted_digit

    check_digit = (total_sum * 9) % 10

    if str(check_digit) == str_value[-1]:
        return True
    else:
        return False


def main():

    cardidfield = sys.argv[1]
    status = ver_check_digit(cardidfield)
    myList = [cardidfield,status]
    myString = ",".join(map(str, myList))
    print "cardid,status"
    print myString


main()

Any ideas why this is happening?

0 Karma
Reply
Solved! Jump to solution

felipesewaybric
Contributor
‎01-31-2018 11:10 AM

You can create a new command in splunk, is really easy, http://docs.splunk.com/Documentation/Splunk/7.0.2/Search/Writeasearchcommand

0 Karma
Reply
Solved! Jump to solution

elliotproebstel
Champion
‎01-31-2018 08:11 AM

Yes, the issue here is how Splunk passes data to/from external lookups. Splunk is going to format the data going into the script as a CSV file, and it expects the data being passed back to it to also be formatted as a CSV file. I'd recommend reading through that link above again and also digging into the dnslookup script for an example of how to use the python csv library to read the input and write the output back to Splunk.

0 Karma
Reply
Solved! Jump to solution

guimilare
Communicator
‎01-31-2018 10:43 AM

Thanks elliotproebstel!

There was an error in my python script.
Everything is working now!

0 Karma
Reply
Solved! Jump to solution

493669
Super Champion
‎01-31-2018 10:57 AM

it will be great if you share what error you have fixed in script
Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...