how to pass arguments in custom search command

kamal_jagga · ‎03-24-2016

Hi,

I am trying to write a script in which i can pass arguments from search bar.
My basic script
$cat mytest.sh
print There are $# arguments to $0: $*
echo first argument: $1
echo second argument: $2
echo third argument: $3
echo here they are again: $@

I have also made the required entries in commands.conf and my script is running from UI
|mytest 1 2 3

But its giving "External search command 'mytest' returned error code 1."

In search.log I could find the error "SyntaxError: invalid syntax"
But my script is running fine from backend, so the syntax is fine.

I am not sure now, what the issue is.
Kindly advise.

somesoni2 · ‎03-25-2016

I guess you're using wrong language for custom search command script. I should be written in Python and here are the links that can get you started.
http://docs.splunk.com/Documentation/Splunk/6.3.3/Search/Aboutcustomsearchcommands
http://dev.splunk.com/view/python-sdk/SP-CAAAEU2
http://docs.splunk.com/Documentation/Splunk/6.2.3/AdvancedDev/Searchscripts

tomasmoser · ‎06-13-2020

It would be nice to post updated and working links.

kamal_jagga · ‎03-25-2016

Actually I was using python only but got struck with it.So I thought of giving shell a try.

https://answers.splunk.com/answers/385936/unable-to-execute-python-script-could-be-splunk-li.html

In my python script(want to pass 2 arguments from UI) I am able to run the script from backend but from UI. its not working.

how to pass arguments in custom search command

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application