Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to get a custom search script to work

brettski
Explorer
‎04-20-2012 08:56 AM

I am trying to get a custom search script to work following the instructions on this page: http://docs.splunk.com/Documentation/Splunk/4.3/SearchReference/Script .

The instructions say to put the file in, splunk_home/etc/searchscripts, which doesn't exist in my 4.2.2 installation. I found splunk_home/etc/search/scripts, though that does work either. I have also tried creating the folder. Each time I restarted the service, just in case. Will someone please supply the basics on what is needed to get the search script to work?

I am trying to use this script: https://github.com/JustinAzoff/splunk-scripts/blob/master/ua2os.py

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎04-20-2012 11:13 AM

I assume that python script is a custom search command. Look here in the documentation and this should get you on track.

http://docs.splunk.com/Documentation/Splunk/4.2.2/SearchReference/WriteaPythonsearchcommand

View solution in original post

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎04-20-2012 11:13 AM

I assume that python script is a custom search command. Look here in the documentation and this should get you on track.

http://docs.splunk.com/Documentation/Splunk/4.2.2/SearchReference/WriteaPythonsearchcommand

Reply
Solved! Jump to solution

ten_yard_fight
Path Finder
‎11-14-2012 12:03 PM

brettski, did you get this script working? Im at a halt trying to figure how to get it to work. I've tried all links suggested in this post but Splunk is not recognizing this app.

0 Karma
Reply
Solved! Jump to solution

sdaniels
Splunk Employee
Splunk Employee
‎04-20-2012 12:29 PM

Once you go through it...just let me know sdaniels@splunk.com. I'll be happy to get the docs changed to make sure they are in sync. Apologies for any confusion there.

Reply
Solved! Jump to solution

brettski
Explorer
‎04-20-2012 12:27 PM

I will give you credit for your answer but the Splunk documentatio is not very clear an conflicts with comments in the applications files. I think I will leave well enough alone for now. This should not be this difficult.

0 Karma
Reply
Solved! Jump to solution

sdaniels
Splunk Employee
Splunk Employee
‎04-20-2012 12:19 PM

Yes, you can put it under the search app

0 Karma
Reply
Solved! Jump to solution

brettski
Explorer
‎04-20-2012 12:17 PM

Strange, I just retried both links with no issues. Yes, it is a custom search command. Based on the link you supplied, I need to create an application to run the custom search command under? Or can the app be 'Search'?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...