Splunk Search

Splunk Custom Search Commands: How can I write the generator.py script so that it calls the script.py?

siu
Loves-to-Learn Everything

Hi everyone,

I have a script.py which requires one argument to run normally, for eg. script.py D:\Downloads\12-Dec-2022\1234\

I am intending to create a custom search command so that I can have a Splunk Dashboard GUI which allows the user to input the file path i.e D:\Downloads\12-Dec-2022\1234\ and then it will run in the backend this --> script.py D:\Downloads\12-Dec-2022\1234\ and generate a csv file in which I will use the splunk search command to format the data. 

My question would be how can I write the generator.py script so that it calls the script.py 

I have a template I found:

 

 

 

 

#!/usr/bin/env python

import sys
import os

sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib"))
from splunklib.searchcommands import \
    dispatch, GeneratingCommand, Configuration, Option, validators

@Configuration()
class %(command.title())Command(GeneratingCommand):
    """ %(synopsis)

    ##Syntax

    %(syntax)

    ##Description

    %(description)

    """
    def generate(self):
       # Put your event  code here

       # To connect with Splunk, use the instantiated service object which is created using the server-uri and
       # other meta details and can be accessed as shown below
       # Example:-
       #    service = self.service

       pass

dispatch(%(command.title())Command, sys.argv, sys.stdin, sys.stdout, __name__)

 

 

 

 

 

However, I am not sure like how to write it such that this command will accept an argument (eg. file path inputted by the user)

So how I Forsee it is I have 3 things

1. Custom search command named mycommand
2. my own script.py which accepts one argument (a file path) use to run and generate stats 
3. Splunk search command


So once I have the custom search command mycommand

I can use it in splunk search 
| mycommand <user input> 

something like that..however writing the custom search command am not sure how to make it accept an argument inputted for the user in the splunk gui. can anyone help please?

Labels (1)
0 Karma

siu
Loves-to-Learn Everything

Hi @PaulPanther  any updates?

0 Karma

siu
Loves-to-Learn Everything

is there anything else to change/add?

0 Karma

PaulPanther
Motivator

Just declare the field in the class like

filename = Option(require=True)

 

and then assign the user input as a variable to a new variable e.g.

filename = self.filename

sample code:

#!/usr/bin/env python

import sys
import os

sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib"))
from splunklib.searchcommands import \
    dispatch, GeneratingCommand, Configuration, Option, validators

@Configuration()
class %(command.title())Command(GeneratingCommand):
    filename = Option(require=True)

    def generate(self):
       filename = self.filename
       # Put your event  code here

       # To connect with Splunk, use the instantiated service object which is created using the server-uri and
       # other meta details and can be accessed as shown below
       # Example:-
       #    service = self.service

       pass

dispatch(%(command.title())Command, sys.argv, sys.stdin, sys.stdout, __name__)

 

0 Karma

siu
Loves-to-Learn Everything
# Import the necessary modules
import splunklib.searchcommands as searchcommands
import subprocess

# Define a custom search command class
class MyCustomCommand(searchcommands.GeneratingCommand):

    # Define any options for your custom command
    filepath = searchcommands.Option(
        doc='''
        **Syntax:** **filepath=***<filepath>*
        **Description:** Path to the file to be processed by the Python script''',
        require=True, validate=validators.Fieldname())

    # Define the fields that your command will output
    @staticmethod
    def output_schema():
        return {'_time': searchcommands.DateTimeField(), 'output_field_1': searchcommands.StringField()}

    # Define the logic for your custom command
    def generate(self):
        # Call the Python script with the specified filepath as an argument
        result = subprocess.run(["python", "path/to/your/script.py", self.filepath], stdout=subprocess.PIPE)

        # Parse the output of the Python script
        output = result.stdout.decode().strip()

        # Create a new output record with the output of the Python script and the current timestamp
        output_record = {'_time': self._time, 'output_field_1': output}

        # Yield the output record to Splunk
        yield output_record

# Register the custom command with Splunk
dispatch(MyCustomCommand, sys.argv, sys.stdin, sys.stdout, __name__)


Thanks for your reply @PaulPanther 

From your code I inspired to generate this code above

0 Karma

siu
Loves-to-Learn Everything

Hi @PaulPanther , with the inspired code above it still doesn't work, any help is much appreciated 🙂

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...