Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Custom search command executed multiple times with...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Custom search command executed multiple times with protocol v2
Hi, I thought my custom search command was working fine, until I added some logs.
The logs showed me that for a single call to the command, the code was run multiple (3-4) times.
My command is built using protocol version 2.
I'm aware of this question, but the answer looks like a hack.
Checkout the logs below. Does everything look fine to you? How can I fix it?
Example:
import logging
from splunklib.searchcommands import dispatch, EventingCommand, Configuration
logger = setup_logger(logging.DEBUG)
logger.info("start log")
@Configuration()
class OutputFTP(EventingCommand):
def transform(self, records):
logger.info('inside transform')
for record in records:
yield record
logger.info("before dispatch")
dispatch(OutputFTP, sys.argv, sys.stdin, sys.stdout, __name__)
logger.info("after dispatch")
Result logs:
2018-10-26 15:49:34,196 INFO start log
2018-10-26 15:49:34,196 INFO before dispatch
2018-10-26 15:49:34,197 INFO inside transform
2018-10-26 15:49:34,198 INFO after dispatch
2018-10-26 15:49:34,262 INFO start log
2018-10-26 15:49:34,263 INFO before dispatch
2018-10-26 15:49:34,264 INFO inside transform
2018-10-26 15:49:34,265 INFO after dispatch
2018-10-26 15:49:34,358 INFO start log
2018-10-26 15:49:34,359 INFO before dispatch
2018-10-26 15:49:34,360 INFO inside transform
2018-10-26 15:49:34,425 INFO start log
2018-10-26 15:49:34,425 INFO before dispatch
2018-10-26 15:49:34,426 INFO inside transform
2018-10-26 15:49:34,429 INFO after dispatch
commands.conf
[my_command]
filename = my_command.py
chunked = true
run_in_preview = false
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It has been some time since you asked but do you have any idea why it was happening? I have the same issue, my script starts logger +2 times every time and sometimes even fails. I wonder if it is logger related issue or python interpreter issue.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It has been some time since you asked but do you have any idea why it was happening? I have the same issue, my script starts logger +2 times every time and sometimes even fails. I wonder if it is logger related issue or python interpreter issue.
Unlock Database Monitoring with Splunk Observability Cloud
Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All
[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk
