Hi,
I am trying to run a shell script from a search command. So I have created a shell script under $SPLUNK_HOME/etc/apps/myapp/bin/
and a specific commands.conf file with the below content:
[MYSCRIPT]
type = shell
file = ./myscript.sh
Running the following command on the search bar:
| script MYSCRIPT
I got an error message which is:
The type 'shell' for command 'MYSCRIPT' in commands.conf is invalid.
As per the doc, if I understand well, we can only use python or perl?
filename = "string"
* Name of script file for command.
* <script-name>.pl for perl.
* <script-name>.py for python.
Thanks for your answer.
It's finally not possible, I did Perl or Python and it works fine, so no shell. We will manage without 🙂
It's finally not possible, I did Perl or Python and it works fine, so no shell. We will manage without 🙂
Please click Accept
to close the question.
You need to change file = ./myscript.sh
to filename = ./myscript.sh
.
Correcting that I still got the same error message.
Checking the Splunk help:
| script
Makes calls to external Perl or Python programs
So I assume it is not possible to run shell script ? Anyone can confirm ?
Thanks!
The documentation is a bit vague so I am unsure. I always do perl and that works so you could always create a perl wrapper script to check.
you can create a python for call to os.system
shelllauncher.py
import os
os.system('./yourscript.sh')
commands.conf
[shelllauncher]
chunked=false
type=python
filename = shelllauncher.py
yourscript.sh
#!/bin/bash
ps aux
on splunk search:
| shelllauncher | table *
you might see "ps aux" linux command on results