Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I add python modules to the Splunk environment?

Simeon
Splunk Employee
Splunk Employee
‎11-06-2009 05:21 PM

How can I add a python module that is not included in the Splunk python bundle? Specifically, I would like to use the pymssql module from within Splunk to run a scripted input.

Labels (1)
Labels
Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

amrit
Splunk Employee
Splunk Employee
‎11-12-2009 07:06 PM

There's also a more upgrade-friendly way to accomplish this. Some of our users setup whichever script they've configured in Splunk as a pass-through to a script that runs using their system Python (with whichever custom modules they've installed).

The steps are roughly:

  • configure your script in splunk (search script, scripted input, whatever)

  • this script should:

    • unset PYTHONPATH (in os.environ)

    • perhaps unset LD_LIBRARY_PATH, depending on your environment (also in os.environ)

    • create a process to run /usr/bin/python (via subprocess)

    • redirect stdin, stdout, stderr to/from script2

script2 can then load any arbitrary python module installed in your system's python installation.

View solution in original post

Reply
Solved! Jump to solution

Dark_Ichigo
Builder
‎10-04-2011 12:27 AM

Is there a step by step tutorial to accomplish this on a Linux environment?

Reply
Solved! Jump to solution

bmacias84
Champion
‎07-07-2015 10:25 AM

As another option I would checkout this post on how to add egg file or source files while still using Splunk python rather than system. http://answers.splunk.com/answers/220196/import-non-native-python-libraries-into-splunk.html#answer-...

0 Karma
Reply
Solved! Jump to solution

Johnvey
Contributor
‎11-06-2009 10:23 PM

Users are free to install any python module they desire. The caveats are, 1) upgrading Splunk may break them, 2) installing newer versions of packages that come with Splunk may produce unknown interaction problems.

To install a python package in splunk:

$ splunk cmd <python_install_command>

So if the package uses the setup.py method:

$ cd path_to_package_setup
$ splunk cmd python setup.py install

Or if it's an egg,

$ splunk cmd ./my-python-installer.egg

The final location of the installed modules would be:

$SPLUNK_HOME/lib/python2.6/site-packages
Reply
Solved! Jump to solution

wollinet
Path Finder
‎01-28-2011 04:21 PM

Is that still supported with 4.1 ? I tried both ways, first one prouced errors, second one didn't produce any output and nothing was installed.

0 Karma
Reply
Solved! Jump to solution

igor
Splunk Employee
Splunk Employee
‎11-06-2009 08:37 PM

Just use the standard way of installing modules (make sure that splunk and python are in path):
Untar pymssql-1.0.2.tar.gz
cd pymssql-1.0.2
splunk cmd python setup.py install

Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...