I have written a python script whose purpose is to add a line to a file every time the specified command is called in Splunk. I created the script and added the command to the local commands.conf file.
When I go into my Splunk environment, I can see that this command is listed under the "Settings --> All Configurations"; However, when I try to run this command from the app, I get the following message: "Search Factory: Unknown search command 'printlog'."
Python Script (saved in \Splunk\etc\apps\search\bin)
import sys,splunk.Intersplunk
import datetime
results = []
try:
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
now = datetime.datetime.now()
with open('C:/testfile.txt','a') as openfile:
openfile.write(str(now)+'\n')
openfile.close()
except:
import traceback
stack = traceback.format_exc()
results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))
splunk.Intersplunk.outputResults( results )
Commands.conf edit (saved in C:\Splunk\etc\apps\search\local)
[printLog]
filename = printLog.py
type = python
local = True
... View more