- Splunk Answers
- :
- Using Splunk
- :
- Splunk Dev
- :
- Whats the point of Custom Python scripts?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Whats the point of creating a custom script in python for Splunk?
I read that you can use it to handle your Splunk search results, but you can already do that via the browser Interface, What else can you do?
If this is beneficial, where can I find tutorials to help write python scripts for Splunk?
by the way, I already know how to program in python.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We're talking about 2 different cases where you could write a script. The first, when you need to gather data from somewhere that doesn't have a logfile, you use a "scripted input". That scripted input would be run on an interval, as specified in inputs.conf (i.e. the script provides "input"/data to Splunk).
# inputs.conf
[script://./bin/myscript.sh]
interval = 300
source = myscript
sourcetype = myscript
With that definition, myscript.sh will run every 5 minutes, and whatever data it prints out will be indexed within Splunk -- as OL said, it's nice for getting data from databases and APIs, etc.
Now, the second case is when you find that you need an extra feature within the search language that doesn't exist already (e.g. I want to add geolocation data to my events), or is possibly too challenging using standard search commands. You create a script (these scripts must make calls to Splunk APIs) and a corresponding commands.conf entry:
[geoip]
filename = geoipcmd.py
streaming = true
supports_getinfo=true
maxinputs = 0
This new command is then available in your searches:
sourcetype=firewall src_ip=* | geoip src_ip
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We're talking about 2 different cases where you could write a script. The first, when you need to gather data from somewhere that doesn't have a logfile, you use a "scripted input". That scripted input would be run on an interval, as specified in inputs.conf (i.e. the script provides "input"/data to Splunk).
# inputs.conf
[script://./bin/myscript.sh]
interval = 300
source = myscript
sourcetype = myscript
With that definition, myscript.sh will run every 5 minutes, and whatever data it prints out will be indexed within Splunk -- as OL said, it's nice for getting data from databases and APIs, etc.
Now, the second case is when you find that you need an extra feature within the search language that doesn't exist already (e.g. I want to add geolocation data to my events), or is possibly too challenging using standard search commands. You create a script (these scripts must make calls to Splunk APIs) and a corresponding commands.conf entry:
[geoip]
filename = geoipcmd.py
streaming = true
supports_getinfo=true
maxinputs = 0
This new command is then available in your searches:
sourcetype=firewall src_ip=* | geoip src_ip
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
-Thanks a Bunch mw, but after Iv added my script to the input.cong file How do I search for it?
My Script is a MySql Query script from a Solaris Host, do I have to add this to the input.conf or am I good to go?
-So your saying that Python and Perl Scripts are only used if I were to add a new Search feature to Splunk?
-Does Splunk support Python 3.1?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
If you are talking about python scripts at index time, this is a great feature when Splunk are not able to get the data such as database or application API. You can find lots of information about this on http://www.splunk.com/base/Documentation/4.2.1/Developer/ScriptSetup (replace the 4.2.1 with the latest release version or the one you are using)
If you are talking about the python search command, an idea could be that you could use it when creating a python scripted input and you want to change the input data according to the data already indexed in Splunk. For more information about python search command, have a look at: http://www.splunk.com/base/Documentation/4.2.1/SearchReference/WriteaPythonsearchcommand
You want to search into Splunk using Python and integrate the result in your third-party application, I would suggest to have a look at the REST API that you will find in teh documentation section.
Hope it helps.
Regards,
Olivier
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you run the script by piping your search results to the google command. eg "foo host=bar | google"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, but Do I really need to have a key file and a Wrapper Script?, What files are Mandatory needed? I am currently trying to run the google.py which is a default script I found in the Search/bin Directory, in order to output the results in an output-file to search it via Splunk, My question is after adding the details to the input.conf and commands.conf, How do you actually run the Script?
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
