Knowledge Management

How to get a custom search script to work

brettski
Explorer

I am trying to get a custom search script to work following the instructions on this page: http://docs.splunk.com/Documentation/Splunk/4.3/SearchReference/Script .

The instructions say to put the file in, splunk_home/etc/searchscripts, which doesn't exist in my 4.2.2 installation. I found splunk_home/etc/search/scripts, though that does work either. I have also tried creating the folder. Each time I restarted the service, just in case. Will someone please supply the basics on what is needed to get the search script to work?

I am trying to use this script: https://github.com/JustinAzoff/splunk-scripts/blob/master/ua2os.py

Tags (1)
0 Karma
1 Solution

sdaniels
Splunk Employee
Splunk Employee

I assume that python script is a custom search command. Look here in the documentation and this should get you on track.

http://docs.splunk.com/Documentation/Splunk/4.2.2/SearchReference/WriteaPythonsearchcommand

View solution in original post

sdaniels
Splunk Employee
Splunk Employee

I assume that python script is a custom search command. Look here in the documentation and this should get you on track.

http://docs.splunk.com/Documentation/Splunk/4.2.2/SearchReference/WriteaPythonsearchcommand

ten_yard_fight
Path Finder

brettski, did you get this script working? Im at a halt trying to figure how to get it to work. I've tried all links suggested in this post but Splunk is not recognizing this app.

0 Karma

sdaniels
Splunk Employee
Splunk Employee

Once you go through it...just let me know sdaniels@splunk.com. I'll be happy to get the docs changed to make sure they are in sync. Apologies for any confusion there.

brettski
Explorer

I will give you credit for your answer but the Splunk documentatio is not very clear an conflicts with comments in the applications files. I think I will leave well enough alone for now. This should not be this difficult.

0 Karma

sdaniels
Splunk Employee
Splunk Employee

Yes, you can put it under the search app

0 Karma

brettski
Explorer

Strange, I just retried both links with no issues. Yes, it is a custom search command. Based on the link you supplied, I need to create an application to run the custom search command under? Or can the app be 'Search'?

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...