Splunk Search

How to execute a script and display results on a search page?

tusharsaran1
Path Finder

I need to execute a python script from Splunk search and display the return value on the same page. How can this be done?
I read about script command which allows us to pass an argument to an external script which has an entry in commands.conf. Does it also support displaying the values returned from this script?

0 Karma
1 Solution

PowerPacked
Builder

Hi @tusharsaran1

Yes, you can do that

as you mentioned create a command which calls the python script, in the python script import the Intersplunk.py module which is availabale in $SplunkHome$/lib/python2.7/sitepackages/splunk.

This Intersplunk can do all the work for you, call the functions in the file like -- outputResults(),getOrganizedResults(),getKeywordsAndOptions()

in your case outputResults is the function which prints the results from python file to splunk UI.

Thanks

View solution in original post

PowerPacked
Builder

Hi @tusharsaran1

Yes, you can do that

as you mentioned create a command which calls the python script, in the python script import the Intersplunk.py module which is availabale in $SplunkHome$/lib/python2.7/sitepackages/splunk.

This Intersplunk can do all the work for you, call the functions in the file like -- outputResults(),getOrganizedResults(),getKeywordsAndOptions()

in your case outputResults is the function which prints the results from python file to splunk UI.

Thanks

tusharsaran1
Path Finder

Thanks! This is exactly what I needed.
I wrote a quick script to test this and it worked !

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Hi @tusharsaran1,

Please check out my app: https://splunkbase.splunk.com/app/3950/

————————————
If this helps, give a like below.
0 Karma

tusharsaran1
Path Finder

I am not sure I understand how is this app similar to what I am looking for. Can you please explain exactly what your app does?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

This app is used to check any email id is pwned or not in haveibeenpwned.com site.

Input - it takes any field contains email id and calls haveibeenpwened.com to query email id details and result will be parsed in python script and parsed result will be sent back to search.

please go through hipb.py in the TA. you will understand if you have coding background.

To understand more how this TA-works please read the description provided in splunkbase.

————————————
If this helps, give a like below.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...