Splunk Dev

Why am I getting Error code 1 for my python script?

RichaSingh
Path Finder

Hi,
I wrote a python script to read the external IP from event logs and pass that as the parameter to the command(script) which is designed to do a CURL lookup . I made sure to include all the splunk libraries within to stream the data, and meet the environment dependencies for CURL on windows.

Just to make sure I tested the python script with an IP passed as an argument out of Splunk framework& it works fine.
But returns Error code 1, when integrated with splunk as follows:

import sys, getopt
import os
import urllib
import urllib2
import csv
import sys,splunk.Intersplunk
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
 results = []
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
for arg in sys.argv:
    print arg
url='https:///%s?' %arg
maxm = os.system('curl -u  "username:password" %s' %url)
result = splunk.Intersplunk.generateErrorResults(None, None, True)
splunk.Intersplunk.outputResults(results)

"External search command 'asd' returned error code 1."

Please let me know what I am missing on and the likely solution for this.

Thanks

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You're calling generateErrorResults() in line 14, that's usually not good if done outside of a conditional statement. Also, I think that takes a single string rather than three arguments.

Check out http://docs.splunk.com/Documentation/Splunk/6.2.0/AdvancedDev/SearchScripts for some docs and an example at the bottom.

0 Karma

RichaSingh
Path Finder

Here is my edited script. But I still get the same error.

import sys, getopt
import os
import urllib
import urllib2
import csv
import splunk.Intersplunk
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
results = []
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
for arg in sys.argv:
print arg
url='https://%s' %arg
results = os.system('curl -u "username:password" %s' %url)
results = splunk.Intersplunk.readResults(None, None, True)
splunk.Intersplunk.outputResults(results)

0 Karma

MuS
Legend

use the logger function to display what your script is doing; first add a logger function:

def setup_logging(n):
    logger = logging.getLogger(n) # Root-level logger
    if myDebug == "yes":
        logger.setLevel(logging.DEBUG)
    else:
        logger.setLevel(logging.ERROR)
    LOGGING_DEFAULT_CONFIG_FILE = os.path.join(SPLUNK_HOME, 'etc', 'log.cfg')
    LOGGING_LOCAL_CONFIG_FILE = os.path.join(SPLUNK_HOME, 'etc', 'log-local.cfg')
    LOGGING_STANZA_NAME = 'python'
    LOGGING_FILE_NAME = "%s.log" % myScript
    BASE_LOG_PATH = os.path.join('var', 'log', 'splunk')
    LOGGING_FORMAT = "%(asctime)s %(levelname)-s\t%(module)s:%(lineno)d - %(message)s"
    splunk_log_handler = logging.handlers.RotatingFileHandler(os.path.join(SPLUNK_HOME, BASE_LOG_PATH, LOGGING_FILE_NAME), mode='a') 
    splunk_log_handler.setFormatter(logging.Formatter(LOGGING_FORMAT))
    logger.addHandler(splunk_log_handler)
    splunk.setupSplunkLogger(logger, LOGGING_DEFAULT_CONFIG_FILE, LOGGING_LOCAL_CONFIG_FILE, LOGGING_STANZA_NAME)
    return logger

then add for each step in your script a line like this:

if myDebug == "yes": logger.info( "Starting the main task ..." )

your log file will be in $SPLUNK_HOME/var/log/splunk/

RichaSingh
Path Finder

it says

The external search command 'asd' did not return events in descending time order, as expected.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

That's not the same error. Previously the search command didn't run, now it's running but isn't returning events in descending time order, as expected.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...