Hello Experts,
I am trying to pass an argument to a python script using "script command"
|gentimes start=-1|eval x=120|script python Hello $x$
throws me the following error (not sure how to make it an int from string on splunk side)
External search command 'Hello' returned error code 1.
If i try the following, it works as expected
|gentimes start=-1|eval x=120|script python Hello 120 -> Works
On the python side, if i say if sys.argv[1] > 100
elif sys.argv[1] < 100
(creates a message based on the condition) will always generate same message even when elif condition is true. I realized it's string and once i did int(sys.argv[1])
works on python side but not from splunk using $x$
. Could you please shed some light?
Appreciate your help
Thanks,
Raghav
Try this:
|gentimes start=-1|eval x=120|map search="|gentimes start=-1 | script python Hello $x$"
Try this:
|gentimes start=-1|eval x=120|map search="|gentimes start=-1 | script python Hello $x$"
you gotta be kidding me 🙂 that shed the exact amount of light i needed....Thank you
You can also do this with a subsearch
but I am partial to map
.
cool....I am able to pass the arguments to external script but the can't add this to triggered alert action as results are always 0 though there's value. I guess it passes the arguments and cleans itself out?
I run this |gentimes start=-1|eval x=120|map search="|gentimes start=-1 | script python Hello $x$"
I get the values of x printed to a text file but results say 0. If i could get the results populated so that they are displayed in triggered alerts & pass arguments that would solve it all. And i would drive to Texas and buy you a beer :)...is it possible?
Here is the way to do it with a subsearch:
|gentimes start=-1|eval x=120|script python Hello [|gentimes start=-1|eval x=120 | return $x]