Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Python Script Not working via search command

harshal_chakran
Builder
‎07-23-2014 05:44 AM

Hi,

I have written a python script which runs perfectly when opened directly, but when i run it via search |script python prediction then it returns error code 1.

While more deep debugging i found that i am using below R library at which the code doesn't works and gives me error. When i comment the below line, the script works until it reaches the dependency of the below library.

from rpy2.robjects.packages

Now point is since this python script works perfectly when run from that same app folder, so python is able to have access to the rpy2, but when i run it via Splunk search it is not able to reach to rpy2 library.

Can any one help me how do make it run? Is there any specific steps to be taken to install rpy2 so python for splunk?

Also i had copied rpy2 folder in the bin directory of the app, but still it didnt worked via search.

Can anyone please help me any workaround to make this script run via splunk search

0 Karma
Reply

psobisch
Path Finder
‎07-23-2014 06:05 AM

Splunk 6.1.x seems to have a problem executing custom commands (e.g. python scripts) which are using relative paths for example to access a file inside of app directory.

In earlier versions (6.0.x) the script was started with current directory pointing to the app/bin directory, in 6.1.2 we faced a problem that the current dírectory is now a temporary search directory.

To do a workaround we had to put:

os.chdir(os.path.dirname(__file__))

at the beginning of every python script. Maybe it is similar problem at your side.

Edit: if you are using Linux: there is a linux own Python installation, splunk uses it own. So if you have a lib inside your linux installation it is not automatically available inside of splunk-python scripts.

Reply

harshal_chakran
Builder
‎07-24-2014 05:02 AM

I tried running the same code in Splunk 6.0, but it didnt worked yet! Also i tried your solution in both 6.0 & 6.1 but it didn't helped.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...