- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to run a Shell Script run from a search co...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am trying to run a shell script from a search command. So I have created a shell script under $SPLUNK_HOME/etc/apps/myapp/bin/ and a specific commands.conf file with the below content:
[MYSCRIPT]
type = shell
file = ./myscript.sh
Running the following command on the search bar:
| script MYSCRIPT
I got an error message which is:
The type 'shell' for command 'MYSCRIPT' in commands.conf is invalid.
As per the doc, if I understand well, we can only use python or perl?
filename = "string"
* Name of script file for command.
* <script-name>.pl for perl.
* <script-name>.py for python.
Thanks for your answer.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's finally not possible, I did Perl or Python and it works fine, so no shell. We will manage without 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's finally not possible, I did Perl or Python and it works fine, so no shell. We will manage without 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please click Accept to close the question.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to change file = ./myscript.sh to filename = ./myscript.sh.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correcting that I still got the same error message.
Checking the Splunk help:
| script
Makes calls to external Perl or Python programs
So I assume it is not possible to run shell script ? Anyone can confirm ?
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The documentation is a bit vague so I am unsure. I always do perl and that works so you could always create a perl wrapper script to check.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can create a python for call to os.system
shelllauncher.py
import os
os.system('./yourscript.sh')
commands.conf
[shelllauncher]
chunked=false
type=python
filename = shelllauncher.py
yourscript.sh
#!/bin/bash
ps aux
on splunk search:
| shelllauncher | table *
you might see "ps aux" linux command on results
New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...
Improve Data Pipelines Using Splunk Data Management
3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?
