Splunk Search

How to pass parameters in custom search command without field camp?

rmenchio
Engager

How can i run a search command passing an argument to python script via sys.argv?

My script:

import requests
import sys
import json
from splunklib.searchcommands import \
 dispatch, GeneratingCommand, Configuration, Option, validators

@Configuration()
class GenerateHelloCommand(GeneratingCommand):

    id = Option(require=True, validate=validators.Integer())


    def generate(self):



        site = "https://link/api/link.json?id=" + str(self.id) + "&username=x2&passhash=x"
        response = requests.get(site, timeout=10)
        filtro = json.loads(response.text)
        filt = filtro["sensordata"]["statustext"]
        yield {'ID' : str(self.id), 'STATUS' : filt}



dispatch(GenerateHelloCommand, sys.argv, sys.stdin, sys.stdout, __name__)

Currently i run my command like this:

| comando id=11249

and it work, but I would like to run my command like this:

| comando 11249

Such that i get 11249 into the python script like a variable. Example:

ID = arg.sysv[1]

My commands.conf:

[comando]
chunked=true
filename=comando.py

Can someone help me?

0 Karma

tomasmoser
Contributor

I am using Python SDK. Watch "self.fieldname" routine. My command will have one argument - existing field from previous search (message_subject). With the code below I was successfull passing value from any field I add as an argument to SPL commmand: e.g. "| mimedecode message_subject"

I got inspiration from:

 

 

class decodemimeCommand(StreamingCommand):
    def stream(self, records):
    # get the argument - fieldname with mime-encoded string 
    message_subject = self.fieldnames[0]

    for record in records:
        record['message_subject_decoded'] = main(record[message_subject])
        yield record

if __name__ == "__main__":
    dispatch(decodemimeCommand, sys.argv, sys.stdin, sys.stdout, __name__)

 

 

0 Karma

woodcock
Esteemed Legend
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...