Splunk Search

How to get my python script to trigger through a Splunk search?

Communicator

Hi ,

I want to trigger my python script through a splunk search. Below is my code, but i don't know which files i have to change to make it run. I just changed commands.conf file of app's local directory, but still it's showing me error 1.

Is there any document to explain everything about this? If yes please send me the link.

import sys,splunk.Intersplunk
results = []

 try:
    results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

 ############### YOUR CODE HERE ##############
    import csv

    ifile  = open('/opt/splunk/var/run/splunk/check.csv', "rb")
    reader = csv.reader(ifile)



 ############### DATA MANIPULATION HERE ##############

 except:
    import traceback
    stack =  traceback.format_exc()
    results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))

 splunk.Intersplunk.outputResults( results )
1 Solution

Builder

Check the indentation in the code. If the code is not having the proper indentation, then the code will not compile. Use Python Editor (Python IDE) for editing the python files. Using notepad/textpad will not give you proper indentation.

View solution in original post

Builder

Check the indentation in the code. If the code is not having the proper indentation, then the code will not compile. Use Python Editor (Python IDE) for editing the python files. Using notepad/textpad will not give you proper indentation.

View solution in original post

Communicator

ya thanks, its working now

0 Karma

Path Finder

Pro tip: pep8 and autopep8 are your friends.

Path Finder

What you want to do is to create a custom search command, and here is the applicable documentation:

Slunk SDK for Python "How to create custom search commands" page: http://dev.splunk.com/view/python-sdk/SP-CAAAEU2

Documentation > Splunk Enterprise > Developing Views and Apps for Splunk Web > Custom search commands page: http://docs.splunk.com/Documentation/Splunk/6.2.3/AdvancedDev/Searchscripts

The Python script should reside in your apps bin directory, and you should also edit default/commands.conf to configure the new command.

The spec file for commands.conf can be found here: http://docs.splunk.com/Documentation/Splunk/6.2.3/admin/Commandsconf

Hope this helps.

0 Karma

Communicator

What is wrong in above code?
why its giving me error code 1?

0 Karma