All Apps and Add-ons

How to call a python custom search script on click of button?

spyme72
Path Finder

i want to call a python script on the click of the button.
i have used sideview utils to setup the table and the button but i was not able to successfully call the python script.
I tried to use create a custom search but it returns an error.i want to invoke a search command and create a new event based on the key passed in the search.

search command used : | ack key

error: External search command 'ack' returned error code 1.

python script used

import sys, os, random, json, collections, time
sys.path.insert(0, os.path.join(os.path.dirname(file), "..", ".."))

import splunklib.client as client
from datetime import datetime, timedelta

import splunk.Intersplunk

def post(event):
print "connecting\n"
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD)

index = service.indexes['spogops']
index.submit(event, sourcetype='py-event')
    splunk.Intersplunk.outputResults(event)

def acknowledge_e():
result = splunk.Intersplunk.readResults(None, None, false)
a = []
u_event = {}
u_event['key'] = sys.argv[1]
u_event['status'] = "Acknowledged"
u_event['date'] = datetime.utcnow().isoformat()+"Z"
ju_event = json.dumps(u_event)
a.append(ju_event)
post(ju_event)
print 'Posted ', ju_event
return a
acknowledge_e()

0 Karma

sideview
SplunkTrust
SplunkTrust

This problem is purely within your custom script. At least that's what Splunk means by it's "error 1" statement. It means there's just a python syntax error or some exception being thrown purely within your script. What happens if you just run the file directly using splunk cmd python your_script.py ? If there's something as simple as a syntax error, that'll catch it.

But for the other parts, you would just need:

<module name="Button">
  <param name="allowAutoSubmit">False</param>    

  <module name="Search">
    <param name="search">| ack key</param>

    <module name="CustomBehavior">
      <param name="requiresDispatch">True</param>
    </module>
  </module>
</module>

Also it sounds like a custom controller is a bit better here. You can use a Redirector module under your Button to make a request to an arbitrary URL and you can implement a custom controller to receive that request, and then Redirector or CustomBehavior to hit the corresponding URL when the button is clicked. To get nice user feedback and error handling you might want to use a CustomBehavior instead of a Redirector module. I'll try to add such an example to Sideview Utils.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...