Solved: want to forward contents of stdin to my script

alexl1 · ‎04-17-2012

hi,

I am trying to do this but it doesn't work

import os, re, sys
import splunk.Intersplunk, splunk.mining.dcutils as dcu
import subprocess
from subprocess import call, PIPE, STDOUT, Popen
logger    = dcu.getLogger()
p = Popen(['scripts/trapblaster.pl'], stdout=PIPE, stdin=PIPE, close_fds=True)
r=splunk.Intersplunk.readResults();
for i in r:
 p.communicate(input=i)

The "trapblaster.pl" script is just

#!/usr/bin/perl
$|=1;
open FILE, ">>/tmp/hi.txt";
while (<STDIN>){ 
 print FILE;
}
close FILE;

thanks

Gilberto_Castil · ‎04-17-2012

Here is the snippet again. I am unsure of the complete purpose of your script so this purely mechanical to answer your question.

perlExec = '/usr/bin/perl '
perlScript = '/opt/splunk/etc/apps/search/bin/trapblaster.pl '
perlArgs = perlExec + perlScript
perlCommand = shlex.split(perlArgs)

p = subprocess.Popen(perlCommand, stdout=subprocess.PIPE)

while True :
  result = p.stdout
  rc = p.wait()
  if rc == None :
    continue
  else :
    break

Perhaps you may take a minute to explain the purpose of your script so we can better address your question. Are you trying to build a scripted input? A custom Splunk commad?

View solution in original post

Gilberto_Castil · ‎04-17-2012

Here is the snippet again. I am unsure of the complete purpose of your script so this purely mechanical to answer your question.

perlExec = '/usr/bin/perl '
perlScript = '/opt/splunk/etc/apps/search/bin/trapblaster.pl '
perlArgs = perlExec + perlScript
perlCommand = shlex.split(perlArgs)

p = subprocess.Popen(perlCommand, stdout=subprocess.PIPE)

while True :
  result = p.stdout
  rc = p.wait()
  if rc == None :
    continue
  else :
    break

Perhaps you may take a minute to explain the purpose of your script so we can better address your question. Are you trying to build a scripted input? A custom Splunk commad?

alexl1 · ‎04-17-2012

thanks, what I want the script for is, I save the logs of historical traps, and sometimes I want to re-send them with a net-snmp command line utility called snmptrap. So I want to send the raw event to my script and then my script will parse it and send it as a trap.

Gilberto_Castil · ‎04-17-2012

You need to wait until the subprocess ends. It seems that the Python code should work but you have to wait for the subprocess to complete before jumping to the next step in your program (or loop iteration in this case).

In essense, the subprocess probably completes and returns a value when you execute the code manually. However, I suspect that when integrating this into the Splunk custom command you do not see the results -if any at all.

Here is a snippet of code that works for me:

while True :
  rc = p.wait()
  if rc == None :
    continue
  else :
     break

The lag is not humanly noticeable.

--

As for the Perl script, you need a shell or Python wrapper. However, if the data is already in a readable ASCII file, why not have a Splunk monitor pick up the data?

alexl1 · ‎04-17-2012

thx for ur help, can you type the complete code because i don't know where to put p=Popen and p.communicate relative to your code. thx

want to forward contents of stdin to my script

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!