Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

unable to execute python script thro inputs.conf

DataOrg
Builder
‎03-30-2021 06:46 AM

unable to execute python script , below is the inputs.conf and py script.

if i run the script from python interpreter , it gives output but not thro inputs.conf

@kamlesh_vaghela 

 

[script:///$SPLUNK_HOME/etc/apps/search/bin/dockesd.py]
disabled = false
host = host1
index = indx
interval = 30
source = Perform
sourcetype = Memory

 

 Script:

 

import os
os.system('docker container ls --format="{{json .}}"')

 

Labels (2)
Labels
0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎03-31-2021 06:55 AM

@DataOrg 

 

Can you please check your script by executing below command? Does it gives you expected OP or any error.

 

 

./splunk cmd python /opt/splunk/etc/apps/search/bin/dockesd.py

 

0 Karma
Reply

DataOrg
Builder
‎03-31-2021 08:24 AM

@kamlesh_vaghela  @richgalloway 

after executing ./splunk cmd.

i am getting below warning message with output.

/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py:47: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
from cryptography import x509
IMAGE,CONTAINER ID,COMMAND,CREATED AT,STATUS,PORTS,NAMES
thomsch98/kafdrop:latest,8c0e092b6815,"/usr/local/bin/mvn-…",2021-03-26 18:29:56 -0400 EDT,Up 4 days,,PAServices_kafdrop.1.yen4hgju18kkfgq9bvud7e1w8
143.22.167.109:5000/help-documentation-app:0.1.13,93201914aec5,"httpd-foreground",2021-03-25 15:39:55 -0400 EDT,Up 5 days,80/tcp,PAContainer_helpservice.1.r3b5796b5jm8x5sxu4iec1br6

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-30-2021 09:40 AM

What does "unable to execute mean"?  What errors does Splunk log for the input?

Does os.system write to stdout?  If not, then Splunk will not index anything.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

DataOrg
Builder
‎03-30-2021 07:25 PM

@richgalloway even after printing output. i dont see ouput indexing into splunk. if i use plain shell script its indexing data

import commands
output = commands.getstatusoutput('docker ps --format "table {{ .Image }},{{.ID}},{{.Command}},{{.CreatedAt }},{{.Status }},{{.Ports }},{{.Names}}"')
print(output)

  

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-31-2021 06:42 AM

Again I ask what error(s) is Splunk reporting?

Please tell us how you told Splunk to run this script.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...