Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to run a Shell Script run from a search co...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am trying to run a shell script from a search command. So I have created a shell script under $SPLUNK_HOME/etc/apps/myapp/bin/ and a specific commands.conf file with the below content:
[MYSCRIPT]
type = shell
file = ./myscript.sh
Running the following command on the search bar:
| script MYSCRIPT
I got an error message which is:
The type 'shell' for command 'MYSCRIPT' in commands.conf is invalid.
As per the doc, if I understand well, we can only use python or perl?
filename = "string"
* Name of script file for command.
* <script-name>.pl for perl.
* <script-name>.py for python.
Thanks for your answer.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's finally not possible, I did Perl or Python and it works fine, so no shell. We will manage without 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's finally not possible, I did Perl or Python and it works fine, so no shell. We will manage without 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please click Accept to close the question.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to change file = ./myscript.sh to filename = ./myscript.sh.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correcting that I still got the same error message.
Checking the Splunk help:
| script
Makes calls to external Perl or Python programs
So I assume it is not possible to run shell script ? Anyone can confirm ?
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The documentation is a bit vague so I am unsure. I always do perl and that works so you could always create a perl wrapper script to check.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can create a python for call to os.system
shelllauncher.py
import os
os.system('./yourscript.sh')
commands.conf
[shelllauncher]
chunked=false
type=python
filename = shelllauncher.py
yourscript.sh
#!/bin/bash
ps aux
on splunk search:
| shelllauncher | table *
you might see "ps aux" linux command on results
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
