Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create custom command in python to write result SPL to CSV file?

raindad85
New Member
‎03-18-2020 07:42 AM

Hi splunker,

I would like to create a python custom commands to write results of SPL commands in a CSV file.

this is an example of what i want to have:
1 - in Splunk ( version 8.0.2):

...( some spl commands)
| table fields1, fields2, fields3

2 - I would then take the table results of the SPL commands, and write the results in a CSV file in an append mode:
=> if one line exists in the file, do not do anything, else, write the lew line in the file (that is the main goal*)

this is the python code I wrote:

#!/usr/bin/env python3

import sys, csv
from splunklib.searchcommands import dispatch, StreamingCommand, Configuration, Option, validators


@Configuration()
class mycommandCommand(StreamingCommand):
    """ %(synopsis)
    ##Syntax
    %(syntax)
    ##Description
    %(description)
    """

    def stream(self, events):
       # Put your event transformation code here
       mycv = {}
       for event in events:

           mycv['field1'] = event["field1"]
           mycv['field2'] = event["field2"]
           mycv['field3'] = event["field3"]

           csv_file = "tmp/Names.csv"
           csv_columns = ['field1','field2','field3']
           try:
               with open(csv_file, 'a') as csvfile:
                   writer = csv.DictWriter(csvfile, fieldnames=csv_columns, delimiter=";")
                   writer.writeheader()
                   for data in mycv.items():
                       writer.writerows(data)
           except IOError:
               print("I/O error")

           yield event

dispatch(mycommandCommand, sys.argv, sys.stdin, sys.stdout, __name__)

this is the commands.conf:

[mycommand]
filename=mycommand.py
enableheader = true
outputheader = true
requires_srinfo = true
stderr_dest = message
supports_getinfo = true
supports_rawargs = true
supports_multivalues = true
streaming = true

some help ???

I thank in advance,

0 Karma
Reply

splunkettes
Path Finder
‎07-08-2020 01:59 PM

This is pretty close to what I'm trying to do as well. Curious if you got it to work?

0 Karma
Reply
Get Updates on the Splunk Community!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...
Top