Developing for Splunk Enterprise

Unable to execute python script - could be splunk lib path issue

kamal_jagga
Contributor

Hi,

I am trying to run a python script. The script works fine in lower environment and i am trying to move it to higher. I am able to execute other python scripts normally in both env.

I was able to run the script in lower env by specifying the splunk path in front of it.

/opt/splunk/bin/splunk cmd python command_test.py

So, while i am trying to execute it in higher using the same way. Its giving error.

Traceback (most recent call last):
File "command_test.py", line 4, in
from splunklib.searchcommands import \
ImportError: No module named splunklib.searchcommands

Now someone in my team has told me that splunk lib path might have been set in lower environment.

Would anyone be able to advise on where and what to set the path. Or any other way to fix the issue.

Tags (2)
0 Karma

joelurtubia
Explorer

Hello, I was the same problem with Mysql module that I was install on my Centos server

Splunk didn't work with this library, because splunk has they own python library...then you can fix it only added on the begin your script all libraries of python and also you must to add the python Centos library too... as this way

Find python packages

[root@xxxx]#find / -name site-packages
/usr/lib/python2.7/site-packages
/usr/lib64/python2.7/site-packages
/opt/splunk/etc/apps/Splunk_SA_Scientific_Python_linux_x86_64/bin/linux_x86_64/lib/python2.7/site-packages
/opt/splunk/lib/python2.7/site-packages

Find python binary

[root@xxxx]# whereis python
python: /usr/bin/python2.7 /usr/bin/python /usr/lib/python2.7 /usr/lib64/python2.7 /etc/python /usr/include/python2.7 /opt/splunk/bin/python /opt/splunk/bin/python2.7 /usr/share/man/man1/python.1.gz

include all at begin your script

import sys
sys.path.append('/usr/bin/python2.7')
sys.path.append('/usr/lib/python2.7/site-packages')
sys.path.append('/usr/lib64/python2.7/site-packages')

And that's it , you can run mysql module without any problem and create your alerts with this module.

Mysql Connection

import mysql.connector

I hope that this fix will help you
Joel Urtubia Ugarte

0 Karma

somesoni2
Revered Legend

Try something like this

command_test.py

import sys, splunk.Intersplunk, csv, urllib2, base64

keywords, argvals = splunk.Intersplunk.getKeywordsAndOptions()
file1 = argvals.get("file1", None)
file2 = argvals.get("file2", "csv")

if not file1:
   splunk.Intersplunk.parseError("'file1' argument not provided.")
if not file2:
   splunk.Intersplunk.parseError("'file2' argument not provided.")

results = []    
try:
    results.append('Hello ')
    results.append('File1 passed is %s ' % ( file1 ))
    results.append('File2 passed is %s ' % ( file2 ))
except Exception, e:
   splunk.Intersplunk.parseError(e)

results = [{'search' : disjuncts}]
splunk.Intersplunk.outputResults(results)

commands.conf

[generatehello]
filename = command_test.py
generating = true
local = true
supports_rawargs = false

Usage

splunk~/bin]$ /opt/splunk/bin/splunk cmd python command_test file1=file1 file2=file2

In search

| generatehello file1=file1 file2=file2
0 Karma

kamal_jagga
Contributor

Hey,

Thanks a lot for replying and apologies for the late reply.

I am getting an error and wasn't able to research much on the below issue.
Error:
Traceback (most recent call last):
File "command_test1.py", line 20, in
results = [{'search' : disjuncts}]
NameError: name 'disjuncts' is not defined

0 Karma

kamal_jagga
Contributor

@somesoni2 : Kindly advise.

0 Karma

ryanoconnor
Builder

Same issue this isn't working

0 Karma

kbarker302
Communicator

I wonder if you are missing the PYTHONPATH environment variable in your higher environment. This is what it is set to for me:

PYTHONPATH=C:\Program Files\Splunk\bin;C:\Program Files\Splunk\Python-2.7\Lib\site-packages\win32;C:\Program Files\Splunk\Python-2.7\Lib\site-packages;C:\Program Files\Splunk\Python-2.7\Lib;C:\Program Files\Splunk\etc\apps\framework\contrib\splunk-sdk-python
0 Karma

MuS
SplunkTrust
SplunkTrust
0 Karma

kamal_jagga
Contributor

I checked the answer, for higher environment we don't have the required files. So, i think that's why we are not able to run it. But in lower env, we have the required files (init.py & init.pyc) in the splunklib/searchcommands

Interestingly splunk is also not able to run the script in lower environment.

I am able to run the command as:
/opt/splunk_1/bin/splunk cmd python command_test

But not as
python command_test

So, I need a way to splunk execute the script as "/opt/splunk_1/bin/splunk cmd python command_test " rather than "python command_test ".

Kindly advise.

0 Karma

kartik13
Communicator

I had a same problem.First Check your Splunk and Python Path .secondly check on which port python is running .Or some other application is running on the same port.

0 Karma

somesoni2
Revered Legend

Can you provide the script code, if it doesn't contain anything sensitive?

0 Karma

kamal_jagga
Contributor

Hey. PFB the code. I just want to pass the two arguments received from Search bar to my python script.

!/opt/splunk/bin/python2.7

import sys, time

import splunk.Intersplunk

import getopt
from splunklib.searchcommands import \
dispatch, GeneratingCommand, Configuration, Option, validators
def main(argv):

print("hello")
opts, args = getopt.getopt(argv,["ifile=","ofile="])
for arg in args :
print (arg)
main(sys.argv[1:])

And in my commands.conf. i have
[generatehello]
filename = command_test
supports_getinfo = true
supports_rawargs = true
outputheader = true

Command line Output :
splunk~/bin]$ /opt/splunk/bin/splunk cmd python command_test file1 file2
hello
file1
file2

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!