Splunk Dev

Why am I getting Error code 1 for my python script?

RichaSingh
Path Finder

Hi,
I wrote a python script to read the external IP from event logs and pass that as the parameter to the command(script) which is designed to do a CURL lookup . I made sure to include all the splunk libraries within to stream the data, and meet the environment dependencies for CURL on windows.

Just to make sure I tested the python script with an IP passed as an argument out of Splunk framework& it works fine.
But returns Error code 1, when integrated with splunk as follows:

import sys, getopt
import os
import urllib
import urllib2
import csv
import sys,splunk.Intersplunk
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
 results = []
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
for arg in sys.argv:
    print arg
url='https:///%s?' %arg
maxm = os.system('curl -u  "username:password" %s' %url)
result = splunk.Intersplunk.generateErrorResults(None, None, True)
splunk.Intersplunk.outputResults(results)

"External search command 'asd' returned error code 1."

Please let me know what I am missing on and the likely solution for this.

Thanks

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You're calling generateErrorResults() in line 14, that's usually not good if done outside of a conditional statement. Also, I think that takes a single string rather than three arguments.

Check out http://docs.splunk.com/Documentation/Splunk/6.2.0/AdvancedDev/SearchScripts for some docs and an example at the bottom.

0 Karma

RichaSingh
Path Finder

Here is my edited script. But I still get the same error.

import sys, getopt
import os
import urllib
import urllib2
import csv
import splunk.Intersplunk
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
results = []
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
for arg in sys.argv:
print arg
url='https://%s' %arg
results = os.system('curl -u "username:password" %s' %url)
results = splunk.Intersplunk.readResults(None, None, True)
splunk.Intersplunk.outputResults(results)

0 Karma

MuS
Legend

use the logger function to display what your script is doing; first add a logger function:

def setup_logging(n):
    logger = logging.getLogger(n) # Root-level logger
    if myDebug == "yes":
        logger.setLevel(logging.DEBUG)
    else:
        logger.setLevel(logging.ERROR)
    LOGGING_DEFAULT_CONFIG_FILE = os.path.join(SPLUNK_HOME, 'etc', 'log.cfg')
    LOGGING_LOCAL_CONFIG_FILE = os.path.join(SPLUNK_HOME, 'etc', 'log-local.cfg')
    LOGGING_STANZA_NAME = 'python'
    LOGGING_FILE_NAME = "%s.log" % myScript
    BASE_LOG_PATH = os.path.join('var', 'log', 'splunk')
    LOGGING_FORMAT = "%(asctime)s %(levelname)-s\t%(module)s:%(lineno)d - %(message)s"
    splunk_log_handler = logging.handlers.RotatingFileHandler(os.path.join(SPLUNK_HOME, BASE_LOG_PATH, LOGGING_FILE_NAME), mode='a') 
    splunk_log_handler.setFormatter(logging.Formatter(LOGGING_FORMAT))
    logger.addHandler(splunk_log_handler)
    splunk.setupSplunkLogger(logger, LOGGING_DEFAULT_CONFIG_FILE, LOGGING_LOCAL_CONFIG_FILE, LOGGING_STANZA_NAME)
    return logger

then add for each step in your script a line like this:

if myDebug == "yes": logger.info( "Starting the main task ..." )

your log file will be in $SPLUNK_HOME/var/log/splunk/

RichaSingh
Path Finder

it says

The external search command 'asd' did not return events in descending time order, as expected.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

That's not the same error. Previously the search command didn't run, now it's running but isn't returning events in descending time order, as expected.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...