All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to call a python custom search script on click of button?

spyme72
Path Finder
‎07-17-2014 10:58 AM

i want to call a python script on the click of the button.
i have used sideview utils to setup the table and the button but i was not able to successfully call the python script.
I tried to use create a custom search but it returns an error.i want to invoke a search command and create a new event based on the key passed in the search.

search command used : | ack key

error: External search command 'ack' returned error code 1.

python script used

import sys, os, random, json, collections, time
sys.path.insert(0, os.path.join(os.path.dirname(file), "..", ".."))

import splunklib.client as client
from datetime import datetime, timedelta

import splunk.Intersplunk

def post(event):
print "connecting\n"
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)

index = service.indexes['spogops']
index.submit(event, sourcetype='py-event')
    splunk.Intersplunk.outputResults(event)

def acknowledge_e():
result = splunk.Intersplunk.readResults(None, None, false)
a = []
u_event = {}
u_event['key'] = sys.argv[1]
u_event['status'] = "Acknowledged"
u_event['date'] = datetime.utcnow().isoformat()+"Z"
ju_event = json.dumps(u_event)
a.append(ju_event)
post(ju_event)
print 'Posted ', ju_event
return a
acknowledge_e()

0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎07-21-2014 12:52 PM

This problem is purely within your custom script. At least that's what Splunk means by it's "error 1" statement. It means there's just a python syntax error or some exception being thrown purely within your script. What happens if you just run the file directly using splunk cmd python your_script.py ? If there's something as simple as a syntax error, that'll catch it.

But for the other parts, you would just need: 

<module name="Button">
  <param name="allowAutoSubmit">False</param>    

  <module name="Search">
    <param name="search">| ack key</param>

    <module name="CustomBehavior">
      <param name="requiresDispatch">True</param>
    </module>
  </module>
</module>

Also it sounds like a custom controller is a bit better here. You can use a Redirector module under your Button to make a request to an arbitrary URL and you can implement a custom controller to receive that request, and then Redirector or CustomBehavior to hit the corresponding URL when the button is clicked. To get nice user feedback and error handling you might want to use a CustomBehavior instead of a Redirector module. I'll try to add such an example to Sideview Utils.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...