Hi,
I am trying to write a script in which i can pass arguments from search bar.
My basic script
$cat mytest.sh
print There are $# arguments to $0: $*
echo first argument: $1
echo second argument: $2
echo third argument: $3
echo here they are again: $@
I have also made the required entries in commands.conf and my script is running from UI
|mytest 1 2 3
But its giving "External search command 'mytest' returned error code 1."
In search.log I could find the error "SyntaxError: invalid syntax"
But my script is running fine from backend, so the syntax is fine.
I am not sure now, what the issue is.
Kindly advise.
I guess you're using wrong language for custom search command script. I should be written in Python and here are the links that can get you started.
http://docs.splunk.com/Documentation/Splunk/6.3.3/Search/Aboutcustomsearchcommands
http://dev.splunk.com/view/python-sdk/SP-CAAAEU2
http://docs.splunk.com/Documentation/Splunk/6.2.3/AdvancedDev/Searchscripts
It would be nice to post updated and working links.
Actually I was using python only but got struck with it.So I thought of giving shell a try.
https://answers.splunk.com/answers/385936/unable-to-execute-python-script-could-be-splunk-li.html
In my python script(want to pass 2 arguments from UI) I am able to run the script from backend but from UI. its not working.