I've followed this tutorial:
http://blogs.splunk.com/2014/04/14/building-custom-search-commands-in-python-part-i-a-simple-generat...
Downloaded this respository:
https://github.com/splunk/splunk-sdk-python
and build it using python setup.py install and just followed the instructions on the tutoiral.
When I got to testing the command outside of splunk section of the tutorial, I tried it:
python generatehello.py __EXECUTE count=5
and I got errors that my logging.conf is not valid because I lack of handlers,
and I fixed the conf by the errors, one by one.
Here's my logging.conf:
http://pastebin.com/KwN37JYe
and now I have this error:
http://pastebin.com/HjS9km3L
How do I fix this?
Why do I have all this errors? I've just downloaded it and followed the instructions.
I have windows 10. Splunk 6.5.0 running as localhost on my pc.
I've never done it this way... instead i do this:
import splunk.mining.dcutils as dcu
logger = dcu.getLogger()
logger.info("string to log to index=_internal as Log_Level=info")
logger.warn("string to log to index=_internal as Log_Level=warn")
logger.error("string to log to index=_internal as Log_Level=error")
Not sure if that helps you but thought it was worth the mention. Should be fully compatible with the SDK, etc.
Hi tombog0,
what happens if you run the script like this:
$SPLUNK_HOME/bin/splunk cmd python generatehello.py __EXECUTE count=5
cheers, MuS
"D:\Program Files\Splunk\bin\splunk.exe" cmd python generatehello.py _EXECUTE count=5
Do you mean like that?
It opens a cmd and closes it right away, I can't see what is written on it.
I've also tried to run it from splunk
| generatehello count=5
and got this error:
External search command 'generatehello' returned error code 1.
Open a CMD and cd into "D:\Program Files\Splunk\bin". Run the command like this:
splunk.exe cmd python generatehello.py __EXECUTE count=5
You need to open command prompt in administrator mode in order to see the output. Thats why the window pops up and disappears again.
I'm not able to run it from Splunk UI.
I dont think my app is scope global. How do I check?
Anyway it doesnt even work on its own scope.
generatehello.py was originally positioned at one of my apps btw.
I copied it to the splunk/bin.
After running it on splunk as administrator as you said,
I get this errors:
Traceback (most recent call last):
File "generatehello.py", line 4, in
from splunklib.searchcommands import \
ImportError: No module named splunklib.searchcommands
I found this guy had the same problem:
https://answers.splunk.com/answers/243498/getinfo-probe-failed-for-external-search-command-a.html
He said that he just downloaded a newer splunk-sdk-python and it fixed it, but I already have the newest from their master git, so it's not my case.
Any ideas?
Thanks for your help 🙂
Can you find the splunklib directory on your system?
Yes. found it, I've wrote pip install splunk-sdk and it wrote that it's already up to date and wrote where it is.
It's here:
C:\python27\lib\site-packages\splunk_sdk-1.6.0-py2.7.egg\splunklib
This might be the wrong way to do it ... but I think I've had to make a copy of the splunklib directory before and paste it into the bin directory of the app that I'm running my search command from. I think this happened to me a while ago and this was my quick fix!
Now it complains about my "default/commands.conf"
that does not exist.
I guess it's because I've copied generatehello.py to the bin without its config.
Is there a way to run it on my app?
I've tried
splunk.exe cmd python "D:\ProgramFiles\Splunk\etc\apps\generatehello_app\bin\generatehello.py" __EXECUTE count=5
and got the same error I got on the beggining of the thread of the logging.
Are you able to run it from Splunk UI? With the splunklib directory and generatehello.py in you app/bin directory. Is your app scope global?
I'm not able to run it from Splunk UI.
I dont think my app is scope global. How do I check?
Anyway it doesnt even work on its own scope.
I'm not able to run it from the splunk ui.
I don't think my app is global scope.
How do I check it?
Anyway, it doesn't even work on it own scope.
I'm not able to run it from the splunk ui.
I don't think my app is global scope.
How do I check it?
Anyway, it doesn't even work on its own scope.
I'm not able to run it from splunk UI with the splunklib in app/bin.
I don't think it's scope global, how do I check?
Anyway it also doesn't work on the app scope itself.