All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to call a python custom search script on click of button?

spyme72
Path Finder
‎07-17-2014 10:58 AM

i want to call a python script on the click of the button.
i have used sideview utils to setup the table and the button but i was not able to successfully call the python script.
I tried to use create a custom search but it returns an error.i want to invoke a search command and create a new event based on the key passed in the search.

search command used : | ack key

error: External search command 'ack' returned error code 1.

python script used

import sys, os, random, json, collections, time
sys.path.insert(0, os.path.join(os.path.dirname(file), "..", ".."))

import splunklib.client as client
from datetime import datetime, timedelta

import splunk.Intersplunk

def post(event):
print "connecting\n"
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)

index = service.indexes['spogops']
index.submit(event, sourcetype='py-event')
    splunk.Intersplunk.outputResults(event)

def acknowledge_e():
result = splunk.Intersplunk.readResults(None, None, false)
a = []
u_event = {}
u_event['key'] = sys.argv[1]
u_event['status'] = "Acknowledged"
u_event['date'] = datetime.utcnow().isoformat()+"Z"
ju_event = json.dumps(u_event)
a.append(ju_event)
post(ju_event)
print 'Posted ', ju_event
return a
acknowledge_e()

0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎07-21-2014 12:52 PM

This problem is purely within your custom script. At least that's what Splunk means by it's "error 1" statement. It means there's just a python syntax error or some exception being thrown purely within your script. What happens if you just run the file directly using splunk cmd python your_script.py ? If there's something as simple as a syntax error, that'll catch it.

But for the other parts, you would just need: 

<module name="Button">
  <param name="allowAutoSubmit">False</param>    

  <module name="Search">
    <param name="search">| ack key</param>

    <module name="CustomBehavior">
      <param name="requiresDispatch">True</param>
    </module>
  </module>
</module>

Also it sounds like a custom controller is a bit better here. You can use a Redirector module under your Button to make a request to an arbitrary URL and you can implement a custom controller to receive that request, and then Redirector or CustomBehavior to hit the corresponding URL when the button is clicked. To get nice user feedback and error handling you might want to use a CustomBehavior instead of a Redirector module. I'll try to add such an example to Sideview Utils.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...