Splunk Search

How to pass parameters in custom search command without field camp?

rmenchio
Engager

How can i run a search command passing an argument to python script via sys.argv?

My script:

import requests
import sys
import json
from splunklib.searchcommands import \
 dispatch, GeneratingCommand, Configuration, Option, validators

@Configuration()
class GenerateHelloCommand(GeneratingCommand):

    id = Option(require=True, validate=validators.Integer())


    def generate(self):



        site = "https://link/api/link.json?id=" + str(self.id) + "&username=x2&passhash=x"
        response = requests.get(site, timeout=10)
        filtro = json.loads(response.text)
        filt = filtro["sensordata"]["statustext"]
        yield {'ID' : str(self.id), 'STATUS' : filt}



dispatch(GenerateHelloCommand, sys.argv, sys.stdin, sys.stdout, __name__)

Currently i run my command like this:

| comando id=11249

and it work, but I would like to run my command like this:

| comando 11249

Such that i get 11249 into the python script like a variable. Example:

ID = arg.sysv[1]

My commands.conf:

[comando]
chunked=true
filename=comando.py

Can someone help me?

0 Karma

tomasmoser
Contributor

I am using Python SDK. Watch "self.fieldname" routine. My command will have one argument - existing field from previous search (message_subject). With the code below I was successfull passing value from any field I add as an argument to SPL commmand: e.g. "| mimedecode message_subject"

I got inspiration from:

 

 

class decodemimeCommand(StreamingCommand):
    def stream(self, records):
    # get the argument - fieldname with mime-encoded string 
    message_subject = self.fieldnames[0]

    for record in records:
        record['message_subject_decoded'] = main(record[message_subject])
        yield record

if __name__ == "__main__":
    dispatch(decodemimeCommand, sys.argv, sys.stdin, sys.stdout, __name__)

 

 

0 Karma

woodcock
Esteemed Legend
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...