Hi guys, I'm using splunk 8.0
I want to create a command that can send some infos to another via web or api. I read the Dev page but hard to understand. Do you know some easy script?
Like I have an table after search
a | b | c | Action |
312 | 213 | 13 | 1 |
13 | 123 | 46 | 0 |
When Action=1, the script will send info {a:1,b:213,c:13} to another platform, exp: send message to telegram.
<basesearch>
| where action=1
| sendinfo a,b,c
I'm hoping that you have done part of setting up commands.conf and metadata for your custom command. The error that you are seeing down to the fact that the field records is None type, meaning it contains no values and you cannot iterate over None type. Looks like you are not able to pass the data from your SPL to your custom command. Also, you are doing the get request, when you want to send (post) the data instead. Try the following (off the top of my head. May have some bugs that you can fix):
from __future__ import absolute_import, division, print_function, unicode_literals
import os,sys
import time
from splunklib.searchcommands import dispatch, StreamingCommand, Configuration, Option, validators
import requests
@Configuration()
class GenerateTextCommand(StreamingCommand):
fieldname = Option(
doc='''
**Syntax:** **fieldname=***<fieldname>*
**Description:** Name of the field that will hold the session_key''',
require=True, validate=validators.Fieldname())
def stream(self,records):
for record in records:
fields = self.fieldnames
i = record[fields[0]]
botURL = "https://api.telegram.org/botTOKEN/sendMessage?chat_id=CHAT_ID&text="+str(i)
r = requests.post(botURL)
record[self.fieldname] = r
yield record
dispatch(GenerateTextCommand, sys.argv, sys.stdin, sys.stdout, __name__)
Please make sure that you run your custom command in the search
(This will return the value of r. You may wish to format it once it works):
| yourcustomcommand fieldname=events_sent
Hope this helps,
###If it helps, please consider an upvote/accepting as an answer###
You can watch @techiesid YouTube channel to create your custom command
https://www.youtube.com/watch?v=tTfEv5fLZEs
###If it helps. Kindly consider an upvote/accepting as an answer###
One more question, I just want to out the value of fields, then send it. So which command should i create? (Streaming, Generating, Transforming or something else). Because I'm using Streaming and it return error: TypeError at "/opt/splunk/etc/apps/testCommand/bin/splunklib/searchcommands/internals.py", line 573 : 'NoneType' object is not iterable
This is my command:
from __future__ import absolute_import, division, print_function, unicode_literals
import os,sys
import time
from splunklib.searchcommands import dispatch, StreamingCommand, Configuration, Option, validators
import requests
@Configuration()
class GenerateTextCommand(StreamingCommand):
def stream(self,records):
for record in records:
fields = self.fieldnames
i = record[fields[0]]
botURL = "https://api.telegram.org/botTOKEN/sendMessage?chat_id=CHAT_ID&text="+str(i)
r = requests.get(botURL)
dispatch(GenerateTextCommand, sys.argv, sys.stdin, sys.stdout, __name__)
I'm hoping that you have done part of setting up commands.conf and metadata for your custom command. The error that you are seeing down to the fact that the field records is None type, meaning it contains no values and you cannot iterate over None type. Looks like you are not able to pass the data from your SPL to your custom command. Also, you are doing the get request, when you want to send (post) the data instead. Try the following (off the top of my head. May have some bugs that you can fix):
from __future__ import absolute_import, division, print_function, unicode_literals
import os,sys
import time
from splunklib.searchcommands import dispatch, StreamingCommand, Configuration, Option, validators
import requests
@Configuration()
class GenerateTextCommand(StreamingCommand):
fieldname = Option(
doc='''
**Syntax:** **fieldname=***<fieldname>*
**Description:** Name of the field that will hold the session_key''',
require=True, validate=validators.Fieldname())
def stream(self,records):
for record in records:
fields = self.fieldnames
i = record[fields[0]]
botURL = "https://api.telegram.org/botTOKEN/sendMessage?chat_id=CHAT_ID&text="+str(i)
r = requests.post(botURL)
record[self.fieldname] = r
yield record
dispatch(GenerateTextCommand, sys.argv, sys.stdin, sys.stdout, __name__)
Please make sure that you run your custom command in the search
(This will return the value of r. You may wish to format it once it works):
| yourcustomcommand fieldname=events_sent
Hope this helps,
###If it helps, please consider an upvote/accepting as an answer###
Thank you, because it's streaming command, so i need to but things back to the result. And I found the way 😄 thanks.