Splunk Dev

How we can run splunk python sdk code in splunk as scripted input?

ajitshukla61116
Path Finder

In this case ,I have Index "A" with Two fields "Latitude" and "Longitude" ,now I want my python script fetch these two fields from Index"A" and calculated distance (using internal logic) and then indexed this distance field into Index "B".

For this case I have used splunk python sdk to get indexed data ,now I want this script will run by splunk as scripted input to ingest data in index "B" .

Please help me out do complete this task.

0 Karma

niketn
Legend

@ajitshukla61116 , what is the condition for reading index A and pushing to index B? based on the description seems like this should be a Scheduled Search with to calculate distance between geolocation Alert Action, then use collect command to insert to a new index. (With option 1 below this all can be done within splunk using SPL, without any need of python coding).

However, you can try one of the following options. If option 1 does not meet your requirement you can create custom command as per option 2.

Option 1: can you refer to the following answer post by @MuS which deals with Distance between two geo-locations: https://answers.splunk.com/answers/317935/calculating-distances-between-points-with-geoip-us.html
This can be done directly via SPL.

Option 2: If this does not help you can read the Custom Command Splunk Dev Example and create your own custom command on similar lines: http://dev.splunk.com/view/python-sdk/SP-CAAAEU2

Option 3: You can use the script command to execute script stored in bin folder of the app. https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Script

Option 4: Custom Alert Action to calculate geolocation and collect to index: https://login.splunk.com/index.php?module=roles&func=showloginform&redirecturl=https://docs.splunk.c...

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

ajitshukla61116
Path Finder

thanks @niketnilay for these options.
Actually I have one index which have multiple fields like latitude,Longitude ,"FieldA","FieldB","FieldC".Using these fields I have to calculate "distance" and again ingest "distance" filed into same index for every events.
For distance calculation I have to use python script because distance calculation logic can not be implemented on splunk search.

Note:in this case I will get already ingested data .I have calculate distance and add distance filed to same index.

I am trying custom command but I am not able to fetch more than two variable from splunk side .I don't know why I am getting error code 1.
please check my code :
import sys
import splunk.Intersplunk
import json
import requests as req

def calculate_distance(lat,long,fieldA,fieldB,fieldC):

   #internal logic will be here


return distance

def collect_events():
results, dummyresults, settings = splunk.Intersplunk.getOrganizedResults()
for result in results:
lat=result["Latitude"]
long=result["Longitude"]
fieldA=result["FieldA"]
fieldB=result["FieldB"]
fieldC=result["FieldC"]
result[distance]=calculate_distance(lat,long,fieldA,fieldB,fieldC)
splunk.Intersplunk.outputResults(results) 
collect_events()
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...