Splunk Search

How to set python script to run automatically on a custom app.

splunkbot22
New Member

Hello guys, I am new to Splunk. I need help in letting the python script i have created to run automatically every month. My python script is able to get API JSON output and create a lookup file or update existing one. Now i need it to run it automatically in the APPS/bin folder i have already configured the inputs.conf file but the script is not or creating the csv lookup file!

0 Karma

ashikuma
Explorer

Can we have some python script which will create inputs.conf stanza by pulling log file location from word\csv file.
Note- Index will be same for all , only sourcetype will be changed which will be name of log file.

0 Karma

ddrillic
Ultra Champion

Makes perfect sense @ashikuma.

For example, I use a python a base script like this to build pieces of my ever changing serverclass.conf -

import sys


input_file       = "<location>/<file>.txt"

i = 0
f = open(input_file)
for line in f:
    # strip the new line character
    line = line[:-1]
    parts = line.split("$")


    print 'whitelist.' + str(i) + ' = ' + line + '<domain>'
    i = i + 1


f.close()
0 Karma

jkat54
SplunkTrust
SplunkTrust

Yes you can do many things with python.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Scripted inputs will index everything on stdout from the execution of the script.

So you could just print your csv to the screen

import csv
with open('eggs.csv', 'rb') as csvfile:
      Reader = csv.reader(csvfile, delimiter=',', quote-char='”’)
      for row in Reader:
            print(row)
0 Karma

jkat54
SplunkTrust
SplunkTrust

You can create a modular input:
http://dev.splunk.com/view/python-sdk/SP-CAAAER3

Or you can make your script write the csv to a location that you also monitor in inputs.conf.

0 Karma

markuxProof
Path Finder

Hi, splunkbot22.

you can use the interval property with the crontab syntax:

interval = [<number>|<cron schedule>]

Ex:
[script:// ./bin/script_name ]
interval = 30 12 * */12 * #[ At 12:30 in every 12th month. ]
index = index_name
source = source_name
sourcetype = sourcetype_name

As for the output of the script, you do not need to generate a csv, just make an impression of the data in the standard output that Splunk will collect this data.

If you have any questions about the syntax of crontab, you can use this site as a reference: Crontab.guru

0 Karma

splunkbot22
New Member

Hello,
Thanks for the reply, I had already set the interval crontab syntax in the inputs.conf file. However can you elaborate more how i can make an impression of the data? And how i can update the existing lookups file with it?

0 Karma

splunkbot22
New Member

Hi,

Thank you for the reply, i have already add the script and interval properties in the inputs.conf under the default directory on my app. However can you further elaborate how do i make an impression of the data in the standard output? Or append he api response into the csv file?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Hi,

Please paste here your inputs.conf and the location of python file.

————————————
If this helps, give a like below.
0 Karma

splunkbot22
New Member

Hi,
the location of my python file is under /app/bin and the location of the inputs.conf file is in the /apps/default directory of my app .

Content of my inputs.conf is
[script://opt/splunk/etc/apps/School/bin/retreivefromthreatcrowd.py]
interval=60
disabled=false
source=script://./bin/retreivefromthreadcrowd.py

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...