Splunk Search

how to pass arguments in custom search command

Contributor

Hi,

I am trying to write a script in which i can pass arguments from search bar.
My basic script
$cat mytest.sh
print There are $# arguments to $0: $*
echo first argument: $1
echo second argument: $2
echo third argument: $3
echo here they are again: $@

I have also made the required entries in commands.conf and my script is running from UI
|mytest 1 2 3

But its giving "External search command 'mytest' returned error code 1."

In search.log I could find the error "SyntaxError: invalid syntax"
But my script is running fine from backend, so the syntax is fine.

I am not sure now, what the issue is.
Kindly advise.

0 Karma

SplunkTrust
SplunkTrust

I guess you're using wrong language for custom search command script. I should be written in Python and here are the links that can get you started.
http://docs.splunk.com/Documentation/Splunk/6.3.3/Search/Aboutcustomsearchcommands
http://dev.splunk.com/view/python-sdk/SP-CAAAEU2
http://docs.splunk.com/Documentation/Splunk/6.2.3/AdvancedDev/Searchscripts

0 Karma

Contributor

It would be nice to post updated and working links. 

Contributor

Actually I was using python only but got struck with it.So I thought of giving shell a try.

https://answers.splunk.com/answers/385936/unable-to-execute-python-script-could-be-splunk-li.html

In my python script(want to pass 2 arguments from UI) I am able to run the script from backend but from UI. its not working.

0 Karma