Splunk Dev

How to write a file into the app folder through a python script

RiccardoV
Communicator

Hi,
I have to schedule a script execution in my splunk app with Splunk 6.1.
I think to do that with a scheduled query, something like

| script python my_script

adding in my commands.conf file:

[my_script]
filename = my_script.py
stderr_dest = message

here is my_script.py:

with open('example.txt', 'wb') as handle:
    handle.write("this is a test")

I tried to launch manually the query. It returns no errors but I can't find example.txt file. What am I doing wrong?

0 Karma
1 Solution

RiccardoV
Communicator

Finally I understand why it didn't working 🙂

I have to use absolute path:

import os
filepath = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP_NAME, TARGET_DIR, "test.txt")

with open(filepath, 'wb') as handle:
  handle.write("test")

and it works like a charm 🙂

View solution in original post

RiccardoV
Communicator

Finally I understand why it didn't working 🙂

I have to use absolute path:

import os
filepath = os.path.join(os.environ['SPLUNK_HOME'], 'etc', 'apps', APP_NAME, TARGET_DIR, "test.txt")

with open(filepath, 'wb') as handle:
  handle.write("test")

and it works like a charm 🙂

jhupka
Path Finder

Look into what is called a Scripted Input, defined in the inputs.conf of your app. Running a search to execute a script is a bit "heavy." The scripted input can be set to execute however often you want, and splunkd will execute it for you on that schedule. Also, the Std Out of your script would get indexed as well, so make sure you configure the index, source, sourcetype for it to show where you want that data to go. The script itself could do anything - write your file, run a unix command (that's how the unix app stuff works in Splunk), fetch data from an external source for indexing, etc.

Also, what you did in commands.conf above would be for creating a custom search command in Splunk. E.g. you want to make a new command called my_script:

 ... | eval foo="bar" | my_script | head 10
0 Karma

RiccardoV
Communicator

Thanks for your reply, but I still don't understand how to write a file from a python script. Where can I find my script's output?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...