Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How do I run my custom v2 search command script directly from my command prompt?

matutter4
Explorer
‎10-30-2016 06:37 PM

I've taken the "generatetext.py" example from the SDK and I'd like to run it directly from my terminal. However, I get the exception below whenever Splunk lib enters _process_protocol_v2 and calls self._read_chunk which in turn returns None when it fails to get the "header".

How do I get around this obstacle in running my custom command script by hand?

The error:

Traceback (most recent call last):
  File "/usr/lib64/python2.7/logging/handlers.py", line 76, in emit
    if self.shouldRollover(record):
  File "/usr/lib64/python2.7/logging/handlers.py", line 155, in shouldRollover
    self.stream.seek(0, 2)  #due to non-posix-compliant Windows feature
  File "/usr/lib64/python2.7/codecs.py", line 703, in seek
    self.stream.seek(offset, whence)
IOError: [Errno 29] Illegal seek
Logged from file search_command.py, line 971
chunked 1.0,239,0
{"inspector":{"messages":[["ERROR","TypeError at \"/home/mat/splunk-sdk-python/examples/searchcommands_app/package/bin/packages/splunklib/searchcommands/search_command.py\", line 650 : 'NoneType' object is not iterable"]]},"finished":true}
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎10-30-2016 07:07 PM

Here's how I do it:

/opt/splunk/bin/splunk cmd python /path/to/command.py

View solution in original post

Reply
Solved! Jump to solution

spunk_enthusias
Path Finder
‎01-05-2023 04:34 PM

I wouldn't consider this problem solved. It remains annoyingly hard to run custom search commands from the command line because the protocol is entirely undocumented and no tooling is available.

0 Karma
Reply
Solved! Jump to solution
Solution

jkat54
SplunkTrust
SplunkTrust
‎10-30-2016 07:07 PM

Here's how I do it:

/opt/splunk/bin/splunk cmd python /path/to/command.py

Reply
Solved! Jump to solution

shuklaji97
Loves-to-Learn Lots
‎08-31-2021 04:41 AM

is there any alreantive to this for windows?

 

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎10-30-2016 07:09 PM

Wait when you say run from your terminal... Do you mean from command prompt or bash using a curl command to post the searh to the Splunk api?

0 Karma
Reply
Solved! Jump to solution

matutter4
Explorer
‎10-30-2016 07:42 PM

Yes I do mean calling the script like splunk cmd python myscript.py But it just hangs waiting on STDIN. I assume it's looking for headers & metadata.

0 Karma
Reply
Solved! Jump to solution

jkat54
SplunkTrust
SplunkTrust
‎10-31-2016 05:00 AM

Ok so it's a generating search command yes?

In this case the only way to test it on command line is with a curl or search cli.

./splunk search "|generatetext.py"

For that to work, you must put the command in the /bin folder of at least one app, and make sure that app mentions it properly in the commands.conf

Here is a link to docs on executing searches via cli:
http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/CLIsearchsyntax

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...