How to pass parameters in custom search command?

rajacybermak · ‎04-19-2018

I am trying out custom search command.
I have in commands.conf the below

[createrecord1]
chunked = true
filename = myjava.path
command.arg.1 = -jar
command.arg.2 = splunkcreaterecord1.jar

I would like to know how to pass argument values from search
eg if I type |createrecord1 **100**
it execute " java -jar splunkcreaterecord.jar" without the parameter

I would like the jar file to be executed as java -jar splunkcreaterecord.jar **100**

Kindly assist

woodcock · ‎04-22-2018

Define it like this:

 [createrecord1]
 chunked = true
 filename = myjava.path
 command.arg.1 = jar

Then use it like this:

... | createrecord1 jar "splunkcreaterecord1.jar"

p_gurav · ‎04-19-2018

Can you try to pass argument in double quotes ""?

rajacybermak · ‎04-20-2018

Thanks Gaurav for the reply.
Could you kindly elaborate

How to pass parameters in custom search command?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation

How to pass parameters in custom search command?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A