Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to get my python script to trigger through a Splunk search?

ektasiwani
Communicator
‎05-20-2015 10:42 AM

Hi ,

I want to trigger my python script through a splunk search. Below is my code, but i don't know which files i have to change to make it run. I just changed commands.conf file of app's local directory, but still it's showing me error 1.

Is there any document to explain everything about this? If yes please send me the link.

import sys,splunk.Intersplunk
results = []

 try:
    results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

 ############### YOUR CODE HERE ##############
    import csv

    ifile  = open('/opt/splunk/var/run/splunk/check.csv', "rb")
    reader = csv.reader(ifile)



 ############### DATA MANIPULATION HERE ##############

 except:
    import traceback
    stack =  traceback.format_exc()
    results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))

 splunk.Intersplunk.outputResults( results )
Reply
1 Solution
Solved! Jump to solution
Solution

vganjare
Builder
‎05-21-2015 03:54 AM

Check the indentation in the code. If the code is not having the proper indentation, then the code will not compile. Use Python Editor (Python IDE) for editing the python files. Using notepad/textpad will not give you proper indentation.

View solution in original post

Reply
Solved! Jump to solution
Solution

vganjare
Builder
‎05-21-2015 03:54 AM

Check the indentation in the code. If the code is not having the proper indentation, then the code will not compile. Use Python Editor (Python IDE) for editing the python files. Using notepad/textpad will not give you proper indentation.

Reply
Solved! Jump to solution

ektasiwani
Communicator
‎05-21-2015 04:06 AM

ya thanks, its working now

0 Karma
Reply
Solved! Jump to solution

asieira
Path Finder
‎05-21-2015 01:30 PM

Pro tip: pep8 and autopep8 are your friends.

Reply
Solved! Jump to solution

asieira
Path Finder
‎05-20-2015 01:29 PM

What you want to do is to create a custom search command, and here is the applicable documentation:

Slunk SDK for Python "How to create custom search commands" page: http://dev.splunk.com/view/python-sdk/SP-CAAAEU2

Documentation > Splunk Enterprise > Developing Views and Apps for Splunk Web > Custom search commands page: http://docs.splunk.com/Documentation/Splunk/6.2.3/AdvancedDev/Searchscripts

The Python script should reside in your apps bin directory, and you should also edit default/commands.conf to configure the new command.

The spec file for commands.conf can be found here: http://docs.splunk.com/Documentation/Splunk/6.2.3/admin/Commandsconf

Hope this helps.

0 Karma
Reply
Solved! Jump to solution

ektasiwani
Communicator
‎05-21-2015 03:46 AM

What is wrong in above code?
why its giving me error code 1?

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...