Hi,
I wrote a python script to read the external IP from event logs and pass that as the parameter to the command(script) which is designed to do a CURL lookup . I made sure to include all the splunk libraries within to stream the data, and meet the environment dependencies for CURL on windows.
Just to make sure I tested the python script with an IP passed as an argument out of Splunk framework& it works fine.
But returns Error code 1, when integrated with splunk as follows:
import sys, getopt
import os
import urllib
import urllib2
import csv
import sys,splunk.Intersplunk
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
results = []
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
for arg in sys.argv:
print arg
url='https:///%s?' %arg
maxm = os.system('curl -u "username:password" %s' %url)
result = splunk.Intersplunk.generateErrorResults(None, None, True)
splunk.Intersplunk.outputResults(results)
"External search command 'asd' returned error code 1."
Please let me know what I am missing on and the likely solution for this.
Thanks
You're calling generateErrorResults()
in line 14, that's usually not good if done outside of a conditional statement. Also, I think that takes a single string rather than three arguments.
Check out http://docs.splunk.com/Documentation/Splunk/6.2.0/AdvancedDev/SearchScripts for some docs and an example at the bottom.
Here is my edited script. But I still get the same error.
import sys, getopt
import os
import urllib
import urllib2
import csv
import splunk.Intersplunk
(isgetinfo, sys.argv) = splunk.Intersplunk.isGetInfo(sys.argv)
results = []
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
for arg in sys.argv:
print arg
url='https://%s' %arg
results = os.system('curl -u "username:password" %s' %url)
results = splunk.Intersplunk.readResults(None, None, True)
splunk.Intersplunk.outputResults(results)
use the logger function to display what your script is doing; first add a logger function:
def setup_logging(n):
logger = logging.getLogger(n) # Root-level logger
if myDebug == "yes":
logger.setLevel(logging.DEBUG)
else:
logger.setLevel(logging.ERROR)
LOGGING_DEFAULT_CONFIG_FILE = os.path.join(SPLUNK_HOME, 'etc', 'log.cfg')
LOGGING_LOCAL_CONFIG_FILE = os.path.join(SPLUNK_HOME, 'etc', 'log-local.cfg')
LOGGING_STANZA_NAME = 'python'
LOGGING_FILE_NAME = "%s.log" % myScript
BASE_LOG_PATH = os.path.join('var', 'log', 'splunk')
LOGGING_FORMAT = "%(asctime)s %(levelname)-s\t%(module)s:%(lineno)d - %(message)s"
splunk_log_handler = logging.handlers.RotatingFileHandler(os.path.join(SPLUNK_HOME, BASE_LOG_PATH, LOGGING_FILE_NAME), mode='a')
splunk_log_handler.setFormatter(logging.Formatter(LOGGING_FORMAT))
logger.addHandler(splunk_log_handler)
splunk.setupSplunkLogger(logger, LOGGING_DEFAULT_CONFIG_FILE, LOGGING_LOCAL_CONFIG_FILE, LOGGING_STANZA_NAME)
return logger
then add for each step in your script a line like this:
if myDebug == "yes": logger.info( "Starting the main task ..." )
your log file will be in $SPLUNK_HOME/var/log/splunk/
it says
The external search command 'asd' did not return events in descending time order, as expected.
That's not the same error. Previously the search command didn't run, now it's running but isn't returning events in descending time order, as expected.