Hi Splunkers,
I’m working on custom command script which should basically do the following:I need to create a dashboard where a customer enter a Mac_address and should get the attributes of the Mac_address (which are not available in the events).I have worked on a python script which will call the external URL’s to get the attributes of the Mac_address but I am unable to figure out what should be the next step. These are few doubts that I have
1) How can I send those Mac_address attributes to splunk as results?
2) Something like this in the search bar - | mycommand “xx:xx:xx:xx:xx:xx” (only one argument (Mac_address) at a time) this will be my full search query, is it possible?
So can anyone please let me know what the available options to get my desired outcome are? Is writing a custom command is good approach?
You can pass as normal argument
| YourCUstomCommand($entered_ip_address$)
And it will be available in sys.argv
Please go through the "Handling errors" in this link
I did this once, now forgot the exact syntax.. try | YourCUstomCommand $entered_ip_address$
if the above didn't worked
Hi dadepu,
there is an App already on Splunkbase https://splunkbase.splunk.com/app/1249/ 😉
cheers, MuS
You can use an external lookup
(AK scripted lookup
) like this:
| makeresults | eval Mac_Address=$Mac_Address$ | lookup YourExternalLookupHere MacAddress | fields - _time
http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Configureexternallookups