Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to pass values (dynamically derived from event) to a Python script as command line arguments?

nikkkc
Path Finder
‎02-18-2016 03:43 AM

Can I pass values (dynamically derived from event) to a Python script as command line arguments, do some magic in the script, and pass the new values back to Splunk? isp.outputResults(results)?

I tried this, but in the script, the argument is interpreted like a string. I mean the script knows just the name of the string, not the value!

0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎02-18-2016 12:34 PM

Hi nikkkc,

take a look at the docs http://docs.splunk.com/Documentation/Splunk/6.2.8/AdvancedDev/SearchScripts#Build_your_search_comman... to learn more about this topic. The important part is to import splunk.Intersplunk in your Python script, so the script can receive the results of the Splunk search and process them.

Here is an example of a script I use:

myresults,dummyresults,settings = splunk.Intersplunk.getOrganizedResults() # getting search results form Splunk
for r in myresults: # loop the results
    for k, v in r.items(): # get key value pairs for each result
        if k == "server": # get key
            section_name = v # set value

This will check the results passed by Splunk for a field called server and if found it uses its value.
At the end of the script it will return the output back to Splunk using this line:

 splunk.Intersplunk.outputResults(results) # print the result into Splunk UI

Hope this helps ...

cheers, MuS

0 Karma
Reply

aab5272
Engager
‎07-13-2017 06:10 PM

@MuS I used the same
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
to grab the events from search results but it doesnt work ?

any ideas ?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Mile High Learning with Splunk University, Denver, Colorado

If Denver is known for its mile-high elevation, Splunk University is about to raise the bar on technical ...

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

We are excited to announce the June release of Splunk IT Service Intelligence (ITSI) 5.0. This update ...

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...