Hi all, I am trying to develop a custom command. The custom command works as expected and now I am working to setup proper logging, but I can't seem to be able to make the python script log anyt...
See more...
Hi all, I am trying to develop a custom command. The custom command works as expected and now I am working to setup proper logging, but I can't seem to be able to make the python script log anything or I'm looking in the wrong place. I built it following what's written here: Create a custom search command | Documentation | Splunk Developer Program Here's a quick python code example: #!/usr/bin/env python
# coding=utf-8
#
# Copyright © 2011-2015 Splunk, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"): you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os, sys, requests, json
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib"))
from splunklib.searchcommands import dispatch, StreamingCommand, Configuration, Option, validators, splunklib_logger as logger
@Configuration()
class TestCustomCMD(StreamingCommand):
def getFieldValue(self, field_name, record):
return record[field_name] if field_name in record else ""
def writeFieldValue(self, field_name, field_value, record):
record[field_name] = field_value
def stream(self, records):
for record in records:
self.writeFieldValue("TEST FIELD", "TEST CUSTOM COMMAND", record)
logger.fatal("FATAL logging example")
logger.error("ERROR logging example")
logger.warning("WARNING logging example")
logger.info("INFO logging example")
yield record
dispatch(TestCustomCMD, sys.argv, sys.stdin, sys.stdout, __name__) command.conf: [testcustcmd]
filename = test_custom_command.py
python.version = python3
chunked = true and search to test: | makeresults count=2
| testcustcmd The search completes correctly and returns this: However, I don't find the logged lines anywhere. On my Splunk server I ran this: grep -rni "logging example" "/opt/splunk/var/log/splunk/" But the result is empty. Can you help me understand what I am doing wrong here? Thank you in advance, Tommaso