- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Lookup Script doesn't return search results
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Lookup Script doesn't return search results
Below is the props.conf at $SPLUNK_HOME/etc/system/local:
[SPLUNK_SERVICE_Log]
lookup_table = namelookup Id OUTPUT Name
Below is the transforms.conf at $SPLUNK_HOME/etc/system/local:
[namelookup]
external_cmd = namelookup.py Id Name
external_type = python
fields_list = Id, Name
Script location :
$SPLUNK_HOME/etc/system/bin/namelookup.py
# File namelookup.py
# ------------------------------
import os,csv
#import pyodbc
import sys
import logging
import logging.config
def main():
#if len(sys.argv) != 3:
#print "Usage: python name_lookup.py [id field] [name field]"
#sys.exit(0)
logging.config.fileConfig("logging.conf")
# create logger
logger = logging.getLogger("namelookup")
# "application" code
logger.debug("====Inside Main=====")
idf = sys.argv[1]
namef = sys.argv[2]
r = csv.reader(sys.stdin)
w = None
header = []
first = True
d1 = {}
# Add items
d1["006981166"] = "John"
d1["007094117"] = "Mike"
d1["007094118"] = "Scott"
for line in r:
if first:
header = line
print "Header:", header
if idf not in header or namef not in header:
print "Id and Name fields must exist in CSV data"
sys.exit(0)
csv.writer(sys.stdout).writerow(header)
w = csv.DictWriter(sys.stdout, header)
first = False
continue
# Read the result
result = {}
i = 0
while i < len(header):
if i < len(line):
result[header[i]] = line[i]
else:
result[header[i]] = ''
i += 1
# Perform the lookup
if len(result[idf]) and len(result[namef]) :
w.writerow(result)
elif len(result[idf]):
result[namef] = lookup(result[idf], d1)
if len(result[namef]):
w.writerow(result)
# Given a Id, find its Name
def lookup(id, d1):
try:
for key in d1.keys():
if key == id:
#print "Value=", d1[key]
return d1[key]
except:
return []
main()
However, when I run the below search, It doesn't return any search results under name
source="Test_Log.txt" | xmlkv entry | lookup namelookup Id OUTPUT Name | table Id, name
Please let me know where i am going wrong in the script or where exactly is the script failing. Is their a way to debug the script using Komodo Edit IDE . I want debugger to launch the moment you hit enter in the Splunk Web Interface because i am not even sure the script is invoked by Splunk. So i would like to see atleast the first print statement in the script is printed onto console.
When i tried to run as standlone program using the command
splunk cmd namelookup.py 123
it opens a command prompt and immediately closes it. So not sure whats going on with this script
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
