Splunk Search

Only first line of python script is getting executed

hkmurali
New Member

I had placed a python script in the 'C:\Program Files\Splunk\etc\apps\search\bin\parsing.py'
This is a sample of my code.

print("Test Message for log1") import
numpy lines = [] # Declare an empty
list named "lines" i=0 end_position=[]
with open ('C:\Program
Files\Splunk\20161129_0000.log', 'rt')
as in_file:
for line in in_file: # For each line of text in in_file, where the
data is named "line",
lines.append(line.rstrip('\n')) # add
that line to our list of lines,
stripping newlines.
if "-----------------------------------------------------------------" in line:
end_position.append(i)
i=i+1

Store all the positions of the hyphens to find out the ending lines

for each of the table
end_position=numpy.array(end_position)
total_lines=i

But when I add this script in splunk and hit search, only the first line "Test message for log 1" is getting printed out
The rest of the lines are not getting executed. Kindly help
All i'm getting is this:

Time Event
1/17/17 2:56:15.000 PM Test Message for log1
host = ATA1CJSKCR source = C:\Program Files\Splunk\etc\apps\search\bin\parse.py sourcetype =parsing
Thanks. Kindly help

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

I'm pretty sure it's your code, and this is a python rather than a splunk question.

You need to post the code with the correct line breaks and indentation, since python syntax is critically dependent on indentation rather than block identifiers present in other languages (END-IFs, curly braces and so on).

If your code is actually all jumbled up like that, then that's the problem.

I've pulled out the comments and lined up where I believe the code breaks, and it looks something like this -

print("Test Message for log1") 
import numpy 
lines = [] 
i=0 
end_position=[]
with open ('C:\Program Files\Splunk\20161129_0000.log', 'rt') as in_file: 
   for line in in_file: 
       lines.append(line.rstrip('\n')) 
       if "-----------------------------------------------------------------" in line:
          end_position.append(i)
       i=i+1

end_position=numpy.array(end_position)
total_lines=i

Now, from looking at that restructured code, I don't see how you would know whether the rest of the lines are being executed. You are not actually attempting to print out any other diagnostics, and i can't tell without the function wrapper what values are supposed to be passed out.

Try placing a few more test lines like print("Now counting another Dash line") and print("Total lines is now {0}", format(total_lines)) and see what you can find out.

hkmurali
New Member

Thanks DalJeanis
This is just part of the code to show what I was doing
In fact in the final code , I did add test print lines in middle to see if its printing but its not happening
But otherwise, apart from the code , is there anything else I am doing wrong with respect to the process of placing the script in the folder, running the script etc

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...