Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Getting the error: External search command 'testps' returned error code 1. .

jdhart1312
Loves-to-Learn Everything
‎05-21-2024 05:47 AM

I'm trying to run personal scripts in Splunk from a dashboard. I want the dashboard to call a script by user input and then output the script to a table. I'm testing the ability with a Python script that calls a PowerShell script, returns the data to the Python script, and then returns the data to the Splunk dashboard. This is what I have so far: 

Test_PowerShell.py Python Script: 

 

import splunk.Intersplunk
import sys
import subprocess

results,unused1,unused2 = splunk.Intersplunk.getOrganizedResults()

# Define the path to the PowerShell script
ps_script_path = "./Test.ps1"

# Define the argument to pass to the PowerShell script
argument = sys.argv[1]

# Execute the PowerShell script with the argument
results = subprocess.run(['powershell.exe', '-File', ps_script_path, argument], capture_output=True, text=True)

splunk.Intersplunk.outputResults(results)

 

Page XML: 

 

<form version="1.1" theme="dark">
  <label>Compliance TEST</label>
  <description>TESTING</description>
  <fieldset submitButton="false" autoRun="false"></fieldset>
  <row>
    <panel>
      <title>Input Panel</title>
      <input type="text" token="user_input">
        <label>User Input:</label>
        <default>*</default>
      </input>
    </panel>
  </row>
  <row>
    <panel>
      <title>Script Output</title>
      <table>
        <search>
          <query>| script python testps $user_input$ | table field1</query>
          <earliest>$earliest$</earliest>
          <latest>$latest$</latest>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </table>
    </panel>
  </row>
</form>

 

Test.ps1 PowerShell Script: 

 

Write-Host $args[0]

 

commands.conf:

 

[testps]
filename = Test_PowerShell.py
streaming=true
python.version = python3

 

default.meta

 

[commands/testps]
access = read : [ * ], write : [ admin ]
export = system

[scripts/Test_PowerShell.py]
access = read : [ * ], write : [ admin ]
export = system

 

The error I'm getting is the following: External search command 'testps' returned error code 1. 

Labels (3)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...