Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to pass arguments in custom search command

kamal_jagga
Contributor
‎03-24-2016 04:52 PM

Hi,

I am trying to write a script in which i can pass arguments from search bar.
My basic script
$cat mytest.sh
print There are $# arguments to $0: $*
echo first argument: $1
echo second argument: $2
echo third argument: $3
echo here they are again: $@

I have also made the required entries in commands.conf and my script is running from UI
|mytest 1 2 3

But its giving "External search command 'mytest' returned error code 1."

In search.log I could find the error "SyntaxError: invalid syntax"
But my script is running fine from backend, so the syntax is fine.

I am not sure now, what the issue is.
Kindly advise.

0 Karma
Reply

somesoni2
Revered Legend
‎03-25-2016 07:55 AM

I guess you're using wrong language for custom search command script. I should be written in Python and here are the links that can get you started.
http://docs.splunk.com/Documentation/Splunk/6.3.3/Search/Aboutcustomsearchcommands
http://dev.splunk.com/view/python-sdk/SP-CAAAEU2
http://docs.splunk.com/Documentation/Splunk/6.2.3/AdvancedDev/Searchscripts

0 Karma
Reply

tomasmoser
Contributor
‎06-13-2020 06:13 AM

It would be nice to post updated and working links. 

Reply

kamal_jagga
Contributor
‎03-25-2016 09:56 AM

Actually I was using python only but got struck with it.So I thought of giving shell a try.

https://answers.splunk.com/answers/385936/unable-to-execute-python-script-could-be-splunk-li.html

In my python script(want to pass 2 arguments from UI) I am able to run the script from backend but from UI. its not working.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...
Top