Splunk Search

Is it possible to create a custom script that is a search command that can take in the search's results?

klim
Path Finder

Is it possible to create a custom script that is a search command that can take in the search's results, do something, and then return the new results to splunk in a different language than python?

Labels (1)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

Yes, you can. You can create custom search commands with languages other than Python.

https://dev.splunk.com/enterprise/docs/devtools/customsearchcommands/nonpythonscscs

klim
Path Finder

Are the non custom search commands able to get the results from splunk, manipulate them and create new fields and then send them back to splunk or can I only do logging or send an alert that the search is done?

I was trying to create a script with golang but it keeps saying my command can't find the go.path file which I was copying from the java example that you linked.

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Custom search command are to be used within search pipeline. Typical use case is performing an "external lookup" (for example, calling a whois database).

What you're referring to as sending an alert message is not a custom search command but custom alert action and that's something different.

Did you put the go.path file in the bin directory of your app?

0 Karma

klim
Path Finder

I actually want to use it in the search pipeline for a lookup like your example a whois call. The go.path is in the bin directory of my app.

0 Karma

Stefanie
Builder

Maybe BASH could work?

#!/bin/bash
/opt/splunk/bin/splunk cmd search [object][-parameter <value>]

 https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchReference/CLIsearchsyntax

 

Then add to the script whatever commands you're looking to do something with.

 

0 Karma

klim
Path Finder

That is running everything from the custom script. I need to be able to call the script from the search in splunk instead.

Edit: But I could just wrap the other script inside a python/bash file. 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...