Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to pass parameters in custom search command wi...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to pass parameters in custom search command without field camp?
rmenchio
Engager
10-11-2019
01:06 PM
How can i run a search command passing an argument to python script via sys.argv?
My script:
import requests
import sys
import json
from splunklib.searchcommands import \
dispatch, GeneratingCommand, Configuration, Option, validators
@Configuration()
class GenerateHelloCommand(GeneratingCommand):
id = Option(require=True, validate=validators.Integer())
def generate(self):
site = "https://link/api/link.json?id=" + str(self.id) + "&username=x2&passhash=x"
response = requests.get(site, timeout=10)
filtro = json.loads(response.text)
filt = filtro["sensordata"]["statustext"]
yield {'ID' : str(self.id), 'STATUS' : filt}
dispatch(GenerateHelloCommand, sys.argv, sys.stdin, sys.stdout, __name__)
Currently i run my command like this:
| comando id=11249
and it work, but I would like to run my command like this:
| comando 11249
Such that i get 11249 into the python script like a variable. Example:
ID = arg.sysv[1]
My commands.conf:
[comando]
chunked=true
filename=comando.py
Can someone help me?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tomasmoser
Contributor
06-13-2020
07:30 AM
I am using Python SDK. Watch "self.fieldname" routine. My command will have one argument - existing field from previous search (message_subject). With the code below I was successfull passing value from any field I add as an argument to SPL commmand: e.g. "| mimedecode message_subject"
I got inspiration from:
class decodemimeCommand(StreamingCommand):
def stream(self, records):
# get the argument - fieldname with mime-encoded string
message_subject = self.fieldnames[0]
for record in records:
record['message_subject_decoded'] = main(record[message_subject])
yield record
if __name__ == "__main__":
dispatch(decodemimeCommand, sys.argv, sys.stdin, sys.stdout, __name__)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
10-12-2019
10:09 AM
See my unaccepted answer here:
https://answers.splunk.com/answers/41949/passing-search-results-to-external-python-script.html
UpVotes appreciated.
Get Updates on the Splunk Community!
Splunk Answers Content Calendar, June Edition
Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
What You Read The Most: Splunk Lantern’s Most Popular Articles!
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
See your relevant APM services, dashboards, and alerts in one place with the updated ...
As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
