Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to pass arguments in custom search command

kamal_jagga
Contributor
‎03-24-2016 04:52 PM

Hi,

I am trying to write a script in which i can pass arguments from search bar.
My basic script
$cat mytest.sh
print There are $# arguments to $0: $*
echo first argument: $1
echo second argument: $2
echo third argument: $3
echo here they are again: $@

I have also made the required entries in commands.conf and my script is running from UI
|mytest 1 2 3

But its giving "External search command 'mytest' returned error code 1."

In search.log I could find the error "SyntaxError: invalid syntax"
But my script is running fine from backend, so the syntax is fine.

I am not sure now, what the issue is.
Kindly advise.

0 Karma
Reply

somesoni2
Revered Legend
‎03-25-2016 07:55 AM

I guess you're using wrong language for custom search command script. I should be written in Python and here are the links that can get you started.
http://docs.splunk.com/Documentation/Splunk/6.3.3/Search/Aboutcustomsearchcommands
http://dev.splunk.com/view/python-sdk/SP-CAAAEU2
http://docs.splunk.com/Documentation/Splunk/6.2.3/AdvancedDev/Searchscripts

0 Karma
Reply

tomasmoser
Contributor
‎06-13-2020 06:13 AM

It would be nice to post updated and working links. 

Reply

kamal_jagga
Contributor
‎03-25-2016 09:56 AM

Actually I was using python only but got struck with it.So I thought of giving shell a try.

https://answers.splunk.com/answers/385936/unable-to-execute-python-script-could-be-splunk-li.html

In my python script(want to pass 2 arguments from UI) I am able to run the script from backend but from UI. its not working.

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...
li.common.scroll-to.top