Splunk Search

Search result value as an argument to perl script

disha
Contributor

Hi,
I am invoking perl script with script command in search, which needs to take search result field as an argument to the script.
|inputcsv model.txt|table str
this is giving
name=ABC,input=5,output=6
I need to pass this value as string parameter to script as
script perl tcpclient name=ABC,input=5,output=6

so i am executing
|inputcsv model.txt|table str|script perl tcpclient str

but I am getting as "str" not the value.
if i hard code it like
|inputcsv model.txt|table str|script perl tcpclient name=ABC,input=5,output=6
I am getting it properly.
Can you please help me how I can use the value of "str" other than "str" as I cannot hardcode it. I need to read csv and need to pass the value of str as an argument to perl script.
Please suggest. This is very urgent.:(
Thanks,
Disha

Tags (1)
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You could register your python script as a custom command, and use splunk.Intersplunk to retrieve search results.

0 Karma

disha
Contributor

Yes Vincesesto,
I have tried just "name" also inplace of str and also try the python script instead of Perl.Till now it seems like script can only invoke the perl/python script with hardcoded input arguments. Please suggest.
Thanks,
Disha

0 Karma

vincesesto
Communicator

Hi disha, probably a silly question, but have you tried to separate each of the fields instead of including them in one string, eg; instead of str, have the fields name, input, output...just a suggestion

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...