Re: How to set python script to run automatically ...

splunkbot22 · ‎07-20-2018

Hello guys, I am new to Splunk. I need help in letting the python script i have created to run automatically every month. My python script is able to get API JSON output and create a lookup file or update existing one. Now i need it to run it automatically in the APPS/bin folder i have already configured the inputs.conf file but the script is not or creating the csv lookup file!

ashikuma · ‎09-29-2018

Can we have some python script which will create inputs.conf stanza by pulling log file location from word\csv file.
Note- Index will be same for all , only sourcetype will be changed which will be name of log file.

ddrillic · ‎09-29-2018

Makes perfect sense @ashikuma.

For example, I use a python a base script like this to build pieces of my ever changing serverclass.conf -

import sys


input_file       = "<location>/<file>.txt"

i = 0
f = open(input_file)
for line in f:
    # strip the new line character
    line = line[:-1]
    parts = line.split("$")


    print 'whitelist.' + str(i) + ' = ' + line + '<domain>'
    i = i + 1


f.close()

jkat54 · ‎09-29-2018

Yes you can do many things with python.

jkat54 · ‎07-22-2018

Scripted inputs will index everything on stdout from the execution of the script.

So you could just print your csv to the screen

import csv
with open('eggs.csv', 'rb') as csvfile:
      Reader = csv.reader(csvfile, delimiter=',', quote-char='”’)
      for row in Reader:
            print(row)

jkat54 · ‎07-22-2018

You can create a modular input:
http://dev.splunk.com/view/python-sdk/SP-CAAAER3

Or you can make your script write the csv to a location that you also monitor in inputs.conf.

markuxProof · ‎07-20-2018

Hi, splunkbot22.

you can use the interval property with the crontab syntax:

interval = [<number>|<cron schedule>]

Ex:
[script:// ./bin/script_name ]
interval = 30 12 * */12 * #[ At 12:30 in every 12th month. ]
index = index_name
source = source_name
sourcetype = sourcetype_name

As for the output of the script, you do not need to generate a csv, just make an impression of the data in the standard output that Splunk will collect this data.

If you have any questions about the syntax of crontab, you can use this site as a reference: Crontab.guru

splunkbot22 · ‎07-22-2018

Hello,
Thanks for the reply, I had already set the interval crontab syntax in the inputs.conf file. However can you elaborate more how i can make an impression of the data? And how i can update the existing lookups file with it?

splunkbot22 · ‎07-22-2018

Hi,

Thank you for the reply, i have already add the script and interval properties in the inputs.conf under the default directory on my app. However can you further elaborate how do i make an impression of the data in the standard output? Or append he api response into the csv file?

thambisetty · ‎07-20-2018

Hi,

Please paste here your inputs.conf and the location of python file.

————————————
If this helps, give a like below.

splunkbot22 · ‎07-22-2018

Hi,
the location of my python file is under /app/bin and the location of the inputs.conf file is in the /apps/default directory of my app .

Content of my inputs.conf is
[script://opt/splunk/etc/apps/School/bin/retreivefromthreatcrowd.py]
interval=60
disabled=false
source=script://./bin/retreivefromthreadcrowd.py

How to set python script to run automatically on a custom app.

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services