Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I run my custom v2 search command script directly from my command prompt?

matutter4
Explorer
‎10-30-2016 06:37 PM

I've taken the "generatetext.py" example from the SDK and I'd like to run it directly from my terminal. However, I get the exception below whenever Splunk lib enters _process_protocol_v2 and calls self._read_chunk which in turn returns None when it fails to get the "header".

How do I get around this obstacle in running my custom command script by hand?

The error:

Traceback (most recent call last):
  File "/usr/lib64/python2.7/logging/handlers.py", line 76, in emit
    if self.shouldRollover(record):
  File "/usr/lib64/python2.7/logging/handlers.py", line 155, in shouldRollover
    self.stream.seek(0, 2)  #due to non-posix-compliant Windows feature
  File "/usr/lib64/python2.7/codecs.py", line 703, in seek
    self.stream.seek(offset, whence)
IOError: [Errno 29] Illegal seek
Logged from file search_command.py, line 971
chunked 1.0,239,0
{"inspector":{"messages":[["ERROR","TypeError at \"/home/mat/splunk-sdk-python/examples/searchcommands_app/package/bin/packages/splunklib/searchcommands/search_command.py\", line 650 : 'NoneType' object is not iterable"]]},"finished":true}
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎10-30-2016 07:07 PM

Here's how I do it:

/opt/splunk/bin/splunk cmd python /path/to/command.py

View solution in original post

Reply
Solved! Jump to solution

spunk_enthusias
Path Finder
‎01-05-2023 04:34 PM

I wouldn't consider this problem solved. It remains annoyingly hard to run custom search commands from the command line because the protocol is entirely undocumented and no tooling is available.

0 Karma
Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎10-30-2016 07:07 PM

Here's how I do it:

/opt/splunk/bin/splunk cmd python /path/to/command.py

Reply
Solved! Jump to solution

shuklaji97
Loves-to-Learn Lots
‎08-31-2021 04:41 AM

is there any alreantive to this for windows?

 

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎10-30-2016 07:09 PM

Wait when you say run from your terminal... Do you mean from command prompt or bash using a curl command to post the searh to the Splunk api?

0 Karma
Reply
Solved! Jump to solution

matutter4
Explorer
‎10-30-2016 07:42 PM

Yes I do mean calling the script like splunk cmd python myscript.py But it just hangs waiting on STDIN. I assume it's looking for headers & metadata.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎10-31-2016 05:00 AM

Ok so it's a generating search command yes?

In this case the only way to test it on command line is with a curl or search cli.

./splunk search "|generatetext.py"

For that to work, you must put the command in the /bin folder of at least one app, and make sure that app mentions it properly in the commands.conf

Here is a link to docs on executing searches via cli:
http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/CLIsearchsyntax

Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...