Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Python Script Not working via search command

harshal_chakran
Builder
‎07-23-2014 05:44 AM

Hi,

I have written a python script which runs perfectly when opened directly, but when i run it via search |script python prediction then it returns error code 1.

While more deep debugging i found that i am using below R library at which the code doesn't works and gives me error. When i comment the below line, the script works until it reaches the dependency of the below library.

from rpy2.robjects.packages

Now point is since this python script works perfectly when run from that same app folder, so python is able to have access to the rpy2, but when i run it via Splunk search it is not able to reach to rpy2 library.

Can any one help me how do make it run? Is there any specific steps to be taken to install rpy2 so python for splunk?

Also i had copied rpy2 folder in the bin directory of the app, but still it didnt worked via search.

Can anyone please help me any workaround to make this script run via splunk search

0 Karma
Reply

psobisch
Path Finder
‎07-23-2014 06:05 AM

Splunk 6.1.x seems to have a problem executing custom commands (e.g. python scripts) which are using relative paths for example to access a file inside of app directory.

In earlier versions (6.0.x) the script was started with current directory pointing to the app/bin directory, in 6.1.2 we faced a problem that the current dírectory is now a temporary search directory.

To do a workaround we had to put:

os.chdir(os.path.dirname(__file__))

at the beginning of every python script. Maybe it is similar problem at your side.

Edit: if you are using Linux: there is a linux own Python installation, splunk uses it own. So if you have a lib inside your linux installation it is not automatically available inside of splunk-python scripts.

Reply

harshal_chakran
Builder
‎07-24-2014 05:02 AM

I tried running the same code in Splunk 6.0, but it didnt worked yet! Also i tried your solution in both 6.0 & 6.1 but it didn't helped.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...