Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Custom Search Commands: How can I write the generator.py script so that it calls the script.py?

siu
Loves-to-Learn Everything
‎02-16-2023 07:29 AM

Hi everyone,

I have a script.py which requires one argument to run normally, for eg. script.py D:\Downloads\12-Dec-2022\1234\

I am intending to create a custom search command so that I can have a Splunk Dashboard GUI which allows the user to input the file path i.e D:\Downloads\12-Dec-2022\1234\ and then it will run in the backend this --> script.py D:\Downloads\12-Dec-2022\1234\ and generate a csv file in which I will use the splunk search command to format the data. 

My question would be how can I write the generator.py script so that it calls the script.py 

I have a template I found:

 

 

 

 

#!/usr/bin/env python

import sys
import os

sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib"))
from splunklib.searchcommands import \
    dispatch, GeneratingCommand, Configuration, Option, validators

@Configuration()
class %(command.title())Command(GeneratingCommand):
    """ %(synopsis)

    ##Syntax

    %(syntax)

    ##Description

    %(description)

    """
    def generate(self):
       # Put your event  code here

       # To connect with Splunk, use the instantiated service object which is created using the server-uri and
       # other meta details and can be accessed as shown below
       # Example:-
       #    service = self.service

       pass

dispatch(%(command.title())Command, sys.argv, sys.stdin, sys.stdout, __name__)

 

 

 

 

 

However, I am not sure like how to write it such that this command will accept an argument (eg. file path inputted by the user)

So how I Forsee it is I have 3 things

1. Custom search command named mycommand
2. my own script.py which accepts one argument (a file path) use to run and generate stats 
3. Splunk search command


So once I have the custom search command mycommand

I can use it in splunk search 
| mycommand <user input> 

something like that..however writing the custom search command am not sure how to make it accept an argument inputted for the user in the splunk gui. can anyone help please?

Labels (1)
Labels
0 Karma
Reply

siu
Loves-to-Learn Everything
‎04-28-2023 05:09 AM

Hi @PaulPanther  any updates?

0 Karma
Reply

siu
Loves-to-Learn Everything
‎03-27-2023 02:20 AM

is there anything else to change/add?

0 Karma
Reply

PaulPanther
Motivator
‎02-20-2023 12:30 AM

Just declare the field in the class like

filename = Option(require=True)

 

and then assign the user input as a variable to a new variable e.g.

filename = self.filename

sample code:

#!/usr/bin/env python

import sys
import os

sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib"))
from splunklib.searchcommands import \
    dispatch, GeneratingCommand, Configuration, Option, validators

@Configuration()
class %(command.title())Command(GeneratingCommand):
    filename = Option(require=True)

    def generate(self):
       filename = self.filename
       # Put your event  code here

       # To connect with Splunk, use the instantiated service object which is created using the server-uri and
       # other meta details and can be accessed as shown below
       # Example:-
       #    service = self.service

       pass

dispatch(%(command.title())Command, sys.argv, sys.stdin, sys.stdout, __name__)

 

0 Karma
Reply

siu
Loves-to-Learn Everything
‎02-22-2023 07:22 AM 
# Import the necessary modules
import splunklib.searchcommands as searchcommands
import subprocess

# Define a custom search command class
class MyCustomCommand(searchcommands.GeneratingCommand):

    # Define any options for your custom command
    filepath = searchcommands.Option(
        doc='''
        **Syntax:** **filepath=***<filepath>*
        **Description:** Path to the file to be processed by the Python script''',
        require=True, validate=validators.Fieldname())

    # Define the fields that your command will output
    @staticmethod
    def output_schema():
        return {'_time': searchcommands.DateTimeField(), 'output_field_1': searchcommands.StringField()}

    # Define the logic for your custom command
    def generate(self):
        # Call the Python script with the specified filepath as an argument
        result = subprocess.run(["python", "path/to/your/script.py", self.filepath], stdout=subprocess.PIPE)

        # Parse the output of the Python script
        output = result.stdout.decode().strip()

        # Create a new output record with the output of the Python script and the current timestamp
        output_record = {'_time': self._time, 'output_field_1': output}

        # Yield the output record to Splunk
        yield output_record

# Register the custom command with Splunk
dispatch(MyCustomCommand, sys.argv, sys.stdin, sys.stdout, __name__)


Thanks for your reply @PaulPanther 

From your code I inspired to generate this code above

0 Karma
Reply

siu
Loves-to-Learn Everything
‎03-17-2023 07:19 PM

Hi @PaulPanther , with the inspired code above it still doesn't work, any help is much appreciated 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...

Buttercup Games: Further Dashboarding Techniques (Part 6)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...
Top