All,
I ran into an issue with my python alert script after trying to import pyodbc into my script. I read elsewhere that it might be due to Splunk's version of python not being able to import pyodbc. So, I created a wrapper python script as described here: http://answers.splunk.com/answers/10839/scripted-lookup-script-doesnt-work-with-splunk-python-versio....
When I run
splunk cmd python "path/to/python/wrapper"everything works fine. I see the output and it sends an email as I expected. However, when the alert gets triggered by Splunk, the script fails. I see the following error in splunkd.log:
02-11-2014 20:04:05.573 -0500 WARN script - Maxinputs must be at least 10000, command name="runshellscript"
Any ideas on how to fix this? Thanks!
There were two versions of python on the machine. This led to a conflict that was masked by a hard to decipher error message in Splunk.
There were two versions of python on the machine. This led to a conflict that was masked by a hard to decipher error message in Splunk.
Oh, and just to be clear, the script runs fine if I remove the reference to pyodbc and skip my table lookup (ultimately, though, I need to make this call).