Splunk Search

how to pass arguments in custom search command

kamal_jagga
Contributor

Hi,

I am trying to write a script in which i can pass arguments from search bar.
My basic script
$cat mytest.sh
print There are $# arguments to $0: $*
echo first argument: $1
echo second argument: $2
echo third argument: $3
echo here they are again: $@

I have also made the required entries in commands.conf and my script is running from UI
|mytest 1 2 3

But its giving "External search command 'mytest' returned error code 1."

In search.log I could find the error "SyntaxError: invalid syntax"
But my script is running fine from backend, so the syntax is fine.

I am not sure now, what the issue is.
Kindly advise.

0 Karma

somesoni2
Revered Legend

I guess you're using wrong language for custom search command script. I should be written in Python and here are the links that can get you started.
http://docs.splunk.com/Documentation/Splunk/6.3.3/Search/Aboutcustomsearchcommands
http://dev.splunk.com/view/python-sdk/SP-CAAAEU2
http://docs.splunk.com/Documentation/Splunk/6.2.3/AdvancedDev/Searchscripts

0 Karma

tomasmoser
Contributor

It would be nice to post updated and working links. 

kamal_jagga
Contributor

Actually I was using python only but got struck with it.So I thought of giving shell a try.

https://answers.splunk.com/answers/385936/unable-to-execute-python-script-could-be-splunk-li.html

In my python script(want to pass 2 arguments from UI) I am able to run the script from backend but from UI. its not working.

0 Karma
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...