Hi Splunkers,
My external lookup working just fine and the results are proper.
As mentioned in the below screenshot my_test_lookup.py is available in my /etc/apps/[my_app]/bin/my_test_lookup.py.
I don't have any issue with the external lookup with python script.
Is there any way to send a custom message from python script to splunk GUI whenever the search event matches the custom limit number(1000).
This limit is not from the splunk configs. this limit has been provided in my external lookup python script.
r = csv.DictReader(infile)
header = r.fieldnames
w = csv.DictWriter(outfile, fieldnames=r.fieldnames)
w.writeheader()
event_count = 0
search_limit = 1000
for result in r:
if result[group_field]:
result[field1] = "test1"
result[field2] = "testfiedl2"
w.writerow(result)
event_count += 1
if event_count == search_limit:
reach_limit_msg = "Reached Limit %d" % event_count
send_message(reach_limit_msg)
print("Reached Limit %d" % event_count)
logger.warning("Reached Limit %d" % event_count)
sys.exit(0)
It may be a kind of popup saying your search limit 1000 exceeded or something like below mentioned screenshot.
FYI: I have already tried bulletin message by referencing this url . It worked like charm, but it sends a bulletin message to all the users who logged in, but i would like to send a message to only the person who fired the SPL query.
Please help, Thanks in advance _/_.
... View more