Splunk Search

Why am I getting error "No module named splunklib.searchcommands" trying to run a custom search command?

Hey Everyone,

Been struggling with this for hours now, when trying to run a custom search command I get:

'import site' failed; use -v for traceback
Traceback (most recent call last):
  File "generatehello.py", line 2, in <module>
    from splunklib.searchcommands import \
ImportError: No module named splunklib.searchcommands

I tried to make sure I had the Python SDK installed which I thought I did, but upon attempting that I get:

Traceback (most recent call last):
  File "setup.py", line 17, in <module>
    from setuptools import setup, Command

So really confused at this point how to set this thing up. I have seem all sorts of stuff about PYTHONPATH and setting that up, but it's been pretty unclear. To run Splunks bundled Python, I have been using the command:

"/apps/splunk/bin/splunk cmd python <pythonfile.py>"

Not sure if that is correct either. Could really use some guidance. Everything has been pretty confusing so far. I have had my $SPLUNK_HOME set to /apps/splunk as well.

I had gotten it running on 2.6, but unfortunately, the search command contains some method that was not added until 2.7 so I wasn't able to use it.

Motivator

@joseph_caraccio are you using v1 or v2 of the custom search command API? See description of the options here: About Custom Search Commands. You should use v2.

If you are using the Splunk-bundled interpreter, then you don't have to ship the SDK. If you use a system or other interpreter, you must use a .path file to call it correctly. A shebang won't work. And if going this route, you also must also install the Splunk SDK system-wide or package it in your app's folder like any Python module.

Lastly, "splunk cmd python" is a great troubleshooting tool, but only works if using the embedded Python.

0 Karma

Ultra Champion

Did you throw the splunklib folder under the app's bin dir? Also, did you put the proper import splunklib.client as client in your file? Lastly, do you have the corresponding config for the new command in place?

Communicator

Did you throw the splunklib folder under the app's bin dir? - Where can I find the splunklib folder and is there cmd execution for it or the copy paste suffice?

0 Karma

Communicator

i downloaded Python splunk sdk using PIP and setup tools. then I added the path to Pythonpah as well and copied the files to app-> bin folder
But the problem is still there

0 Karma

Ultra Champion

This is nearly two years old and the SDK likely has come along way since then. I would recommend starting a new question post and point out the dev.splunk.com instructions you followed and where it failed. That way an answer can be provided that caters to the place you got stuck using the version of the SDK available today. Feel free to cross post the link to the new thread here.

0 Karma

Champion

Yeah, the example for creating custom commands is very dated, and needs to be updated - badly. Could use some help here...

0 Karma

Motivator

Thread has been started with @sloshburch and our docs team. Hopefully we'll get this cleaned up in short order, but I think this whole dev section is getting a major revamp, so changes may not be pushed out until next major release.

0 Karma

Ultra Champion

Which example are you referring to? If you throw me a link I can ask to have that updated in parallel to this.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!