Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About wesleya
wesleya
Explorer
Member since:
05-02-2019
01-20-2021
Community Statistics
| Posts | 4 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 05-02-2019 |
Activity Feed
- Posted Custom streaming search command app inspect dependency under bin folder warning on Splunk Dev. 01-19-2021 01:42 PM
- Tagged Custom streaming search command app inspect dependency under bin folder warning on Splunk Dev. 01-19-2021 01:42 PM
- Tagged Custom streaming search command app inspect dependency under bin folder warning on Splunk Dev. 01-19-2021 01:42 PM
- Posted Re: Can't use stats with custom streaming searchcommand on Splunk Search. 11-05-2020 09:10 AM
- Posted Can't use stats with custom streaming searchcommand on Splunk Search. 11-04-2020 09:49 AM
- Posted When to use KV Store vs Index? on Knowledge Management. 10-16-2019 08:53 AM
- Tagged When to use KV Store vs Index? on Knowledge Management. 10-16-2019 08:53 AM
- Tagged When to use KV Store vs Index? on Knowledge Management. 10-16-2019 08:53 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
01-19-2021
01:42 PM
We have a custom streaming search command written in python that works fine on a single instance, but ran into the following error in our cluster environment: ImportError: No module named {a python python package we depend on} We narrowed down the cause to the same problem described in this post: Custom streaming search command error We implemented the suggested fix of moving all of our dependencies to the /bin directory so it would be available when our command is run across indexers. Everything now seems to work as expected in our cluster environment, however appinspect now gives us this warning: check_splunklib_dependency_under_bin_folder
WARNING: splunklib is found under bin folder, this may cause some dependency management errors with other apps, and it is not recommended. Please follow examples in Splunk documentation to include splunklib. You can find more details here: https://dev.splunk.com/view/SP-CAAAEU2 and https://dev.splunk.com/view/SP-CAAAER3 Has anyone else run into something similar to the original problem I described? Are there any suggestions that would solve both the original problem and our new warning?
... View more
Labels
- Labels:
-
python
11-05-2020
09:10 AM
Thank you for the help! This led me to figure out I was only looking at the logs for the search head. The search was streamed to indexers when using the stats command, and those indexer search.log files can be found through the job inspector under the Search Job Properties link. The script errors found there (ImportError: No module named {mylib}) led me to this answer which explains the problem nicely: https://community.splunk.com/t5/Developing-for-Splunk-Enterprise/Custom-streaming-search-command-error/m-p/523794#M4556
... View more
11-04-2020
09:49 AM
I have a custom search command that extracts a domain name from a url string field you specify into a new "domain" field. This works fine on a dev cluster we have setup (3 search heads, 2 indexers). For example this returns expected results: index=main
| table _time url
| mycustomcommand field_in=url but adding stats command at the end of the search causes the search to fail with the following error: index=main
| table _time url
| mycustomcommmand field_in=url
| stats count by domain
2 errors occurred while the search was executing. Therefore, search results might be incomplete. Hide errors.
[ip-{indexer_1_ip}] Streamed search execute failed because: Error in 'mycustomcommmand' command: External search command exited unexpectedly with non-zero error code 1..
[ip-{indexer_2_ip}] Streamed search execute failed because: Error in 'mycustomcommmand' command: External search command exited unexpectedly with non-zero error code 1.. Running the search directly on the indexer returns 0 results, because we don't have the url field extraction there. But there are no errors. My questions are Where can I find the reason for the failure? I can't seem to find what the actual error is anywhere in the search.log. Any ideas about what's going on here, or documentation that may help?
... View more
Labels
- Labels:
-
stats
10-16-2019
08:53 AM
I'm working on a TA that pulls new domains from an API once per day and stores them in a KV store. I use this KV store in searches to monitor network logs for any events with domains that match domains from the KV Store.
Would it make sense to use an index to store these domains instead of a KV Store? Why or why not? what are the benefits/drawbacks of each?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-20-2021
07:57 AM
|
