Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Why I get "error code 1" ?

cycheng
Path Finder
‎08-15-2013 10:11 PM

I created a custom search command called my_formula.py. When I run the script in my command prompt, everything works fine. Then I run it in Splunk search bar, it shows "External search command 'my_formula' returned error code 1".

I tried to check what is the exact error with below command:
index=_internal sourcetype=splunkd ExecProcessor

But I just get nothing. Does anybody know how to view the stdout or stdin message in Splunk? Please help.

Tags (1)
Reply

cycheng
Path Finder
‎08-15-2013 11:59 PM

I get my answer from http://answers.splunk.com/answers/62473/how-to-execute-external-script-to-manipulate-file-from-searc...

try:
  :
except:
   import traceback
   stack =  traceback.format_exc()
   results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))
0 Karma
Reply

sbrant_splunk
Splunk Employee
Splunk Employee
‎08-15-2013 10:34 PM

Are you utilizing python that comes with the OS or the one that comes with Splunk? Try running your script like this:

$SPLUNK_HOME/bin/splunk cmd python my_formula.py

This should run it with the Splunk python distribution.

Reply

cycheng
Path Finder
‎08-15-2013 11:44 PM

Thanks for your answer. My first line of script is
results,unused1,unused2 = splunk.Intersplunk.getOrganizedResults()

The script should get the search results before proceed:
index=my_index | my_formula

May I know how can I pass the search results through command above? I tried below command and it is not working also:
splunk search "index=my_index | my_formula"

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...