Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I run my custom v2 search command script directly from my command prompt?

matutter4
Explorer
‎10-30-2016 06:37 PM

I've taken the "generatetext.py" example from the SDK and I'd like to run it directly from my terminal. However, I get the exception below whenever Splunk lib enters _process_protocol_v2 and calls self._read_chunk which in turn returns None when it fails to get the "header".

How do I get around this obstacle in running my custom command script by hand?

The error:

Traceback (most recent call last):
  File "/usr/lib64/python2.7/logging/handlers.py", line 76, in emit
    if self.shouldRollover(record):
  File "/usr/lib64/python2.7/logging/handlers.py", line 155, in shouldRollover
    self.stream.seek(0, 2)  #due to non-posix-compliant Windows feature
  File "/usr/lib64/python2.7/codecs.py", line 703, in seek
    self.stream.seek(offset, whence)
IOError: [Errno 29] Illegal seek
Logged from file search_command.py, line 971
chunked 1.0,239,0
{"inspector":{"messages":[["ERROR","TypeError at \"/home/mat/splunk-sdk-python/examples/searchcommands_app/package/bin/packages/splunklib/searchcommands/search_command.py\", line 650 : 'NoneType' object is not iterable"]]},"finished":true}
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎10-30-2016 07:07 PM

Here's how I do it:

/opt/splunk/bin/splunk cmd python /path/to/command.py

View solution in original post

Reply
Solved! Jump to solution

spunk_enthusias
Path Finder
‎01-05-2023 04:34 PM

I wouldn't consider this problem solved. It remains annoyingly hard to run custom search commands from the command line because the protocol is entirely undocumented and no tooling is available.

0 Karma
Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎10-30-2016 07:07 PM

Here's how I do it:

/opt/splunk/bin/splunk cmd python /path/to/command.py

Reply
Solved! Jump to solution

shuklaji97
Loves-to-Learn Lots
‎08-31-2021 04:41 AM

is there any alreantive to this for windows?

 

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎10-30-2016 07:09 PM

Wait when you say run from your terminal... Do you mean from command prompt or bash using a curl command to post the searh to the Splunk api?

0 Karma
Reply
Solved! Jump to solution

matutter4
Explorer
‎10-30-2016 07:42 PM

Yes I do mean calling the script like splunk cmd python myscript.py But it just hangs waiting on STDIN. I assume it's looking for headers & metadata.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎10-31-2016 05:00 AM

Ok so it's a generating search command yes?

In this case the only way to test it on command line is with a curl or search cli.

./splunk search "|generatetext.py"

For that to work, you must put the command in the /bin folder of at least one app, and make sure that app mentions it properly in the commands.conf

Here is a link to docs on executing searches via cli:
http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/CLIsearchsyntax

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...