Splunk Dev

Is there a way to schedule a Python Script from Splunk?

markdflip
Path Finder

I currently have a Python script calling an API and returning the results to Splunk. I can use the |script command in Splunk and the Python script works as expected. I have a dashboard built on the underlying data, which is pretty small in volume.

Is there a way to schedule this script to be called within Splunk? Is the saved search the best way to go about calling the |script command?

0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

You could turn your script into a scripted input, and run that on a schedule either by interval or cron.

View solution in original post

Temp
Observer

Hey. How did you return the results of the script to Splunk?

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You could turn your script into a scripted input, and run that on a schedule either by interval or cron.

martin_mueller
SplunkTrust
SplunkTrust

Search for index=_internal jira_wrapper_script to find infos about the script running.

For a simplified example, try something like this:

test.sh (set x bit with chmod!):

#!/bin/sh
echo Hello

inputs.conf

[script://./bin/test.sh]
interval, index, etc.

This should send an event containing just the word Hello to the index, sourcetype, etc. you specified in the inputs.conf.

0 Karma

markdflip
Path Finder

Hmmm, it seems my scripting skills are below par. I set up the monitoring of the python script directly through the UI and it worked flawlessly. Shell script didn't turn out as well.

Turns out there was some issue with the actual sh file. The below shell script worked for anyone stumbling upon this page.

shell script

 #!/bin/bash
python "C:/Program Files/Splunk/etc/apps/my_app_name/bin/jira_rest_api.py"

Martin - thank you for your help.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust
0 Karma

markdflip
Path Finder

I tried going down the path of scripted inputs, to pretty bad results. I added the .sh script to inputs.conf, but there is no reference to the script anywhere in the logs. Is there a way to check if the script is being triggered at all?

[script://$SPLUNK_HOME/etc/apps/my_app/bin/jira_wrapper_script.sh]
disabled = false # change to false to start the input, requires restart
host = local
index = jira_test
interval = 240 
source = http-simple
sourcetype = jira

[script://$SPLUNK_HOME/etc/apps/my_app/bin/jira_rest_api.py]
disabled = false # change to false to start the input, requires restart
host = local
index = jira_test
interval = 240
source = http-simple
sourcetype = jira

I am not surprised that the shell script may not work, since I have never written one before. I did expect to see error messages somewhere.

0 Karma

markdflip
Path Finder

Do I need to create a .sh file that calls the .py file?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...