Splunk Search
Highlighted

custom command logging error

Explorer

I've followed this tutorial:
http://blogs.splunk.com/2014/04/14/building-custom-search-commands-in-python-part-i-a-simple-generat...

Downloaded this respository:
https://github.com/splunk/splunk-sdk-python
and build it using python setup.py install and just followed the instructions on the tutoiral.

When I got to testing the command outside of splunk section of the tutorial, I tried it:
python generatehello.py __EXECUTE count=5

and I got errors that my logging.conf is not valid because I lack of handlers,
and I fixed the conf by the errors, one by one.

Here's my logging.conf:
http://pastebin.com/KwN37JYe

and now I have this error:
http://pastebin.com/HjS9km3L

How do I fix this?
Why do I have all this errors? I've just downloaded it and followed the instructions.
I have windows 10. Splunk 6.5.0 running as localhost on my pc.

0 Karma
Highlighted

Re: custom command logging error

SplunkTrust
SplunkTrust

Hi tombog0,

what happens if you run the script like this:

  $SPLUNK_HOME/bin/splunk cmd python generatehello.py __EXECUTE count=5

cheers, MuS

Highlighted

Re: custom command logging error

Explorer

"D:\Program Files\Splunk\bin\splunk.exe" cmd python generatehello.py _EXECUTE count=5
Do you mean like that?

It opens a cmd and closes it right away, I can't see what is written on it.

I've also tried to run it from splunk
| generatehello count=5
and got this error:
External search command 'generatehello' returned error code 1.

0 Karma
Highlighted

Re: custom command logging error

SplunkTrust
SplunkTrust

Open a CMD and cd into "D:\Program Files\Splunk\bin". Run the command like this:

splunk.exe cmd python generatehello.py __EXECUTE count=5
Highlighted

Re: custom command logging error

Contributor

You need to open command prompt in administrator mode in order to see the output. Thats why the window pops up and disappears again.

Highlighted

Re: custom command logging error

Explorer

generatehello.py was originally positioned at one of my apps btw.
I copied it to the splunk/bin.

After running it on splunk as administrator as you said,
I get this errors:
Traceback (most recent call last):
File "generatehello.py", line 4, in
from splunklib.searchcommands import \
ImportError: No module named splunklib.searchcommands

I found this guy had the same problem:
https://answers.splunk.com/answers/243498/getinfo-probe-failed-for-external-search-command-a.html
He said that he just downloaded a newer splunk-sdk-python and it fixed it, but I already have the newest from their master git, so it's not my case.

Any ideas?

Thanks for your help 🙂

0 Karma
Highlighted

Re: custom command logging error

Contributor

Can you find the splunklib directory on your system?

Highlighted

Re: custom command logging error

Explorer

Yes. found it, I've wrote pip install splunk-sdk and it wrote that it's already up to date and wrote where it is.

It's here:
C:\python27\lib\site-packages\splunk_sdk-1.6.0-py2.7.egg\splunklib

0 Karma
Highlighted

Re: custom command logging error

Contributor

This might be the wrong way to do it ... but I think I've had to make a copy of the splunklib directory before and paste it into the bin directory of the app that I'm running my search command from. I think this happened to me a while ago and this was my quick fix!

Highlighted

Re: custom command logging error

Explorer

Now it complains about my "default/commands.conf"
that does not exist.
I guess it's because I've copied generatehello.py to the bin without its config.
Is there a way to run it on my app?
I've tried
splunk.exe cmd python "D:\ProgramFiles\Splunk\etc\apps\generatehelloapp\bin\generatehello.py" _EXECUTE count=5
and got the same error I got on the beggining of the thread of the logging.

0 Karma