Splunk Search

How to get my python script to trigger through a Splunk search?

ektasiwani
Communicator

Hi ,

I want to trigger my python script through a splunk search. Below is my code, but i don't know which files i have to change to make it run. I just changed commands.conf file of app's local directory, but still it's showing me error 1.

Is there any document to explain everything about this? If yes please send me the link.

import sys,splunk.Intersplunk
results = []

 try:
    results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

 ############### YOUR CODE HERE ##############
    import csv

    ifile  = open('/opt/splunk/var/run/splunk/check.csv', "rb")
    reader = csv.reader(ifile)



 ############### DATA MANIPULATION HERE ##############

 except:
    import traceback
    stack =  traceback.format_exc()
    results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))

 splunk.Intersplunk.outputResults( results )
1 Solution

vganjare
Builder

Check the indentation in the code. If the code is not having the proper indentation, then the code will not compile. Use Python Editor (Python IDE) for editing the python files. Using notepad/textpad will not give you proper indentation.

View solution in original post

vganjare
Builder

Check the indentation in the code. If the code is not having the proper indentation, then the code will not compile. Use Python Editor (Python IDE) for editing the python files. Using notepad/textpad will not give you proper indentation.

ektasiwani
Communicator

ya thanks, its working now

0 Karma

asieira
Path Finder

Pro tip: pep8 and autopep8 are your friends.

asieira
Path Finder

What you want to do is to create a custom search command, and here is the applicable documentation:

Slunk SDK for Python "How to create custom search commands" page: http://dev.splunk.com/view/python-sdk/SP-CAAAEU2

Documentation > Splunk Enterprise > Developing Views and Apps for Splunk Web > Custom search commands page: http://docs.splunk.com/Documentation/Splunk/6.2.3/AdvancedDev/Searchscripts

The Python script should reside in your apps bin directory, and you should also edit default/commands.conf to configure the new command.

The spec file for commands.conf can be found here: http://docs.splunk.com/Documentation/Splunk/6.2.3/admin/Commandsconf

Hope this helps.

0 Karma

ektasiwani
Communicator

What is wrong in above code?
why its giving me error code 1?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...