Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Trying out on custom command search

sarahh
Engager
‎04-01-2013 02:41 AM

Hello,

I've entered "print 'Hello World'" in helloworld.py file for custom command. I also added authorize.conf & commands.conf into $SPLUNK_HOME\etc\system\local\ directory with the stanzas needed and thereafter restarted Splunk. However, when I typed "|helloworld" into the search bar, "Hello World" didnt get printed out onto the screen. What should i do?

Thanks in advance. 🙂

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jonuwz
Influencer
‎04-02-2013 07:01 AM

Take a look in etc/apps/search/bin/gentimes.py for an example of a "generating" custom command.

Just putting "print 'Hello World'" into the file is not going to work.

You need to generate a "results" array containing the field/values for each of the columns, then pass it back.

helloworld.py

import re,sys,time, splunk.Intersplunk

def hello(results, settings):
    results = []
    result = {}
    result['string'] = "Hello World"
    results.append(result)
    return results

results, dummyresults, settings = splunk.Intersplunk.getOrganizedResults()
results = hello(results, settings)
splunk.Intersplunk.outputResults(results)

commands.conf

[helloworld]
filename = helloworld.py
generating = true
supports_rawargs = true

View solution in original post

Reply
Solved! Jump to solution
Solution

jonuwz
Influencer
‎04-02-2013 07:01 AM

Take a look in etc/apps/search/bin/gentimes.py for an example of a "generating" custom command.

Just putting "print 'Hello World'" into the file is not going to work.

You need to generate a "results" array containing the field/values for each of the columns, then pass it back.

helloworld.py

import re,sys,time, splunk.Intersplunk

def hello(results, settings):
    results = []
    result = {}
    result['string'] = "Hello World"
    results.append(result)
    return results

results, dummyresults, settings = splunk.Intersplunk.getOrganizedResults()
results = hello(results, settings)
splunk.Intersplunk.outputResults(results)

commands.conf

[helloworld]
filename = helloworld.py
generating = true
supports_rawargs = true
Reply
Solved! Jump to solution

sarahh
Engager
‎04-04-2013 12:33 AM

i see. thanks!! great help. 🙂

0 Karma
Reply
Solved! Jump to solution

jonuwz
Influencer
‎04-04-2013 12:05 AM

Result is a row, results is all the rows.

Reply
Solved! Jump to solution

sarahh
Engager
‎04-03-2013 06:20 PM

Oh... why is there "result" and "results"?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...