http://answers.splunk.com/answers/25658/whats-the-point-of-custom-python-scripts.html
This is what I did
Put my custom python script in this folder
/var/sky/splunk/etc/system/bin
import csv
import sys
import splunk.Intersplunk
import string
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
if len(sys.argv) < 2:
splunk.Intersplunk.parseError("No arguments provided to custom script")
results = splunk.Intersplunk.readResults(None, None, True)
splunk.Intersplunk.outputResults(results)
Modify commands.conf file in below folder
/var/sky/splunk/etc/system/local
defaults for all external commands, exceptions are below in individual stanzas
type of script: 'python', 'perl'
TYPE = python
default FILENAME would be .py for python, .pl for perl and otherwise
is command streamable?
STREAMING = true
maximum data that can be passed to command (0 = no limit)
MAXINPUTS = 50000
end defaults
[customtest]
filename = customtest.py
To reload the setting run this URL in your browser (Just in case, if required)
https://SPLUNK_HOSTNAME:PORT/debug/refresh
And this is how we can use custom command in splunk
| customtest GETINFO [Inputparameters]
... View more