Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Server Side Execution

lwalhoefer
Engager
‎03-03-2011 02:27 PM

Hi,

does Splunk has a possibility to run server side scripts (python, ruby) based on a splunk search result? The search output should be the input (e.g. a number or list of numbers) for the server side script.

Something like this: ... | fields X | my_server_script X

Thanks!

Reply
2 Solutions
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎03-03-2011 02:33 PM

This should be possible by defining a custom search command. Your new search command extends the Splunk search language, and Splunk uses your new command by calling the script that implements it. Some of the existing commands in Splunk (iplocation) are implemented using this facility. These scripts are currently expected to be python scripts. A "runshellscript" command exists in my $SPLUNK_HOME/etc/apps/search/default/commands.conf that looks somewhat interesting.

Your command would receive a stdin dump of the current search results, which you could do as you please with.

Docs at http://www.splunk.com/base/Documentation/latest/SearchReference/Aboutcustomsearchcommands

View solution in original post

Reply
Solved! Jump to solution
Solution

piebob
Splunk Employee
Splunk Employee
‎03-03-2011 03:51 PM

you could also define a scripted alert that fires off a script using search results when a set condition is met:

http://www.splunk.com/base/Documentation/latest/Admin/Configurescriptedalerts

View solution in original post

Reply
Solved! Jump to solution
Solution

piebob
Splunk Employee
Splunk Employee
‎03-03-2011 03:51 PM

you could also define a scripted alert that fires off a script using search results when a set condition is met:

http://www.splunk.com/base/Documentation/latest/Admin/Configurescriptedalerts

Reply
Solved! Jump to solution
Solution

dwaddle
SplunkTrust
SplunkTrust
‎03-03-2011 02:33 PM

This should be possible by defining a custom search command. Your new search command extends the Splunk search language, and Splunk uses your new command by calling the script that implements it. Some of the existing commands in Splunk (iplocation) are implemented using this facility. These scripts are currently expected to be python scripts. A "runshellscript" command exists in my $SPLUNK_HOME/etc/apps/search/default/commands.conf that looks somewhat interesting.

Your command would receive a stdin dump of the current search results, which you could do as you please with.

Docs at http://www.splunk.com/base/Documentation/latest/SearchReference/Aboutcustomsearchcommands

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...