All,
Trying to make a basic scripted python lookup. The examples and tutorials were just way over my head. So trying to do something simpler. I coped the example file and tried to simplify the problem a little. What I am aiming to do here is pass a field called 'mystring' and get back a field called 'myoutput'.
I am passing hello as the field value for mystring and expecting world as the value in the new field myoutput.
When I execute this I get the following
index=*
| head 1
| eval mystring = "hello"
| lookup mylookup mystring
I get" Script execution failed for external search command '/opt/splunk/etc/apps/TA-myapp/bin/mylookup.py'."
here is my python.
#!/usr/bin/env python
import csv
import sys
def main():
if len(sys.argv) != 3:
print("Usage: python mylookup.py [mystring] [myoutput]")
sys.exit(1)
# always passing hello as a eval mystring = "hello"
mystring = sys.argv[1]
myoutput = sys.argv[2]
infile = sys.stdin
outfile = sys.stdout
r = csv.DictReader(infile)
header = r.fieldnames
w = csv.DictWriter(outfile, fieldnames=r.fieldnames)
w.writeheader()
for result in r:
result[mystring] = "hello"
result[myoutput] = "world"
w.writerow(result)
main()
Hi,
Have you configured transforms.conf for external lookup ?
Like
[mylookup]
external_cmd = mylookup.py mystring
fields_list = mystring,myoutput