Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to run a Python script after search returns a value?

splunk_user4
Explorer
‎05-29-2020 11:19 AM

I am trying to get a Python script to run after a search returns a username.

The search returns one username after doing a few checks (works great).

The script will add a user to an AD group (works great).

My issue is now that run a script function is deprecated, and I can't find proper documentation about passing the event field into a Python argument to run.

My Python script is saved in $SPLUNK_HOME$/bin/scripts.

Labels (1)
Labels
0 Karma
Reply

chinmoya
Communicator
‎05-29-2020 11:37 AM

Splunk deprecated running scripts with alert actions. You can check that

OR
How about creating your own custom command.
The command can use the output of the search and pass it to the script.
You might need to change your script a bit to take in the input.

Below link can be helpful in creating a custom command
https://dev.splunk.com/enterprise/docs/developapps/customsearchcommands/

0 Karma
Reply

splunk_user4
Explorer
‎06-01-2020 06:47 AM

still not finding what I'm looking for in the custom search command, is what I'm asking usual for splunk to be able to do this?

0 Karma
Reply

cisconate
Engager
‎09-22-2021 07:05 PM

@splunk_user4  It is possible but very difficult by design of splunk.  When I worked for Northrup Grumman, I wrote a dashboard exactly like this that would display results about users and allow the "SOC" administrator to Enable, disable, or delete a user account on the fly.  

I do not recall the specifics of it now, but I will dig and try to find this data because it was certainly a labor of love at the time.   There was one specific scripting part where I had to dump the script output to "null" otherwise the script would hang.  Once I did that, we were able to execute python scripts using winRM to perform account actions.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...