Hi,
I am trying to run a python script. The script works fine in lower environment and i am trying to move it to higher. I am able to execute other python scripts normally in both env.
I was able to run the script in lower env by specifying the splunk path in front of it.
/opt/splunk/bin/splunk cmd python command_test.py
So, while i am trying to execute it in higher using the same way. Its giving error.
Traceback (most recent call last):
File "command_test.py", line 4, in
from splunklib.searchcommands import \
ImportError: No module named splunklib.searchcommands
Now someone in my team has told me that splunk lib path might have been set in lower environment.
Would anyone be able to advise on where and what to set the path. Or any other way to fix the issue.
Hello, I was the same problem with Mysql module that I was install on my Centos server
Splunk didn't work with this library, because splunk has they own python library...then you can fix it only added on the begin your script all libraries of python and also you must to add the python Centos library too... as this way
[root@xxxx]#find / -name site-packages
/usr/lib/python2.7/site-packages
/usr/lib64/python2.7/site-packages
/opt/splunk/etc/apps/Splunk_SA_Scientific_Python_linux_x86_64/bin/linux_x86_64/lib/python2.7/site-packages
/opt/splunk/lib/python2.7/site-packages
[root@xxxx]# whereis python
python: /usr/bin/python2.7 /usr/bin/python /usr/lib/python2.7 /usr/lib64/python2.7 /etc/python /usr/include/python2.7 /opt/splunk/bin/python /opt/splunk/bin/python2.7 /usr/share/man/man1/python.1.gz
include all at begin your script
import sys
sys.path.append('/usr/bin/python2.7')
sys.path.append('/usr/lib/python2.7/site-packages')
sys.path.append('/usr/lib64/python2.7/site-packages')
And that's it , you can run mysql module without any problem and create your alerts with this module.
import mysql.connector
I hope that this fix will help you
Joel Urtubia Ugarte
Try something like this
command_test.py
import sys, splunk.Intersplunk, csv, urllib2, base64
keywords, argvals = splunk.Intersplunk.getKeywordsAndOptions()
file1 = argvals.get("file1", None)
file2 = argvals.get("file2", "csv")
if not file1:
splunk.Intersplunk.parseError("'file1' argument not provided.")
if not file2:
splunk.Intersplunk.parseError("'file2' argument not provided.")
results = []
try:
results.append('Hello ')
results.append('File1 passed is %s ' % ( file1 ))
results.append('File2 passed is %s ' % ( file2 ))
except Exception, e:
splunk.Intersplunk.parseError(e)
results = [{'search' : disjuncts}]
splunk.Intersplunk.outputResults(results)
commands.conf
[generatehello]
filename = command_test.py
generating = true
local = true
supports_rawargs = false
Usage
splunk~/bin]$ /opt/splunk/bin/splunk cmd python command_test file1=file1 file2=file2
In search
| generatehello file1=file1 file2=file2
Hey,
Thanks a lot for replying and apologies for the late reply.
I am getting an error and wasn't able to research much on the below issue.
Error:
Traceback (most recent call last):
File "command_test1.py", line 20, in
results = [{'search' : disjuncts}]
NameError: name 'disjuncts' is not defined
@somesoni2 : Kindly advise.
Same issue this isn't working
I wonder if you are missing the PYTHONPATH environment variable in your higher environment. This is what it is set to for me:
PYTHONPATH=C:\Program Files\Splunk\bin;C:\Program Files\Splunk\Python-2.7\Lib\site-packages\win32;C:\Program Files\Splunk\Python-2.7\Lib\site-packages;C:\Program Files\Splunk\Python-2.7\Lib;C:\Program Files\Splunk\etc\apps\framework\contrib\splunk-sdk-python
Take a look at this answer https://answers.splunk.com/answers/243498/getinfo-probe-failed-for-external-search-command-a.html
cheers, MuS
I checked the answer, for higher environment we don't have the required files. So, i think that's why we are not able to run it. But in lower env, we have the required files (init.py & init.pyc) in the splunklib/searchcommands
Interestingly splunk is also not able to run the script in lower environment.
I am able to run the command as:
/opt/splunk_1/bin/splunk cmd python command_test
But not as
python command_test
So, I need a way to splunk execute the script as "/opt/splunk_1/bin/splunk cmd python command_test " rather than "python command_test ".
Kindly advise.
I had a same problem.First Check your Splunk and Python Path .secondly check on which port python is running .Or some other application is running on the same port.
Can you provide the script code, if it doesn't contain anything sensitive?
Hey. PFB the code. I just want to pass the two arguments received from Search bar to my python script.
import sys, time
import getopt
from splunklib.searchcommands import \
dispatch, GeneratingCommand, Configuration, Option, validators
def main(argv):
print("hello")
opts, args = getopt.getopt(argv,["ifile=","ofile="])
for arg in args :
print (arg)
main(sys.argv[1:])
And in my commands.conf. i have
[generatehello]
filename = command_test
supports_getinfo = true
supports_rawargs = true
outputheader = true
Command line Output :
splunk~/bin]$ /opt/splunk/bin/splunk cmd python command_test file1 file2
hello
file1
file2