Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why I get "error code 1" ?

cycheng
Path Finder
‎08-15-2013 10:11 PM

I created a custom search command called my_formula.py. When I run the script in my command prompt, everything works fine. Then I run it in Splunk search bar, it shows "External search command 'my_formula' returned error code 1".

I tried to check what is the exact error with below command:
index=_internal sourcetype=splunkd ExecProcessor

But I just get nothing. Does anybody know how to view the stdout or stdin message in Splunk? Please help.

Tags (1)
Reply

cycheng
Path Finder
‎08-15-2013 11:59 PM

I get my answer from http://answers.splunk.com/answers/62473/how-to-execute-external-script-to-manipulate-file-from-searc...

try:
  :
except:
   import traceback
   stack =  traceback.format_exc()
   results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))
0 Karma
Reply

sbrant_splunk
Splunk Employee
Splunk Employee
‎08-15-2013 10:34 PM

Are you utilizing python that comes with the OS or the one that comes with Splunk? Try running your script like this:

$SPLUNK_HOME/bin/splunk cmd python my_formula.py

This should run it with the Splunk python distribution.

Reply

cycheng
Path Finder
‎08-15-2013 11:44 PM

Thanks for your answer. My first line of script is
results,unused1,unused2 = splunk.Intersplunk.getOrganizedResults()

The script should get the search results before proceed:
index=my_index | my_formula

May I know how can I pass the search results through command above? I tried below command and it is not working also:
splunk search "index=my_index | my_formula"

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...