Splunk Dev

Creating custom Commands- Splunk [5.0.2]

Stephen93Marsh
Explorer

I'm trying to make a custom Command using python but I'm running into some errors.

"Error in 'script': Getinfo probe failed for external search command 'testscript'"

For the moment I'm just trying to figure out how to get any script to work, which is proving more difficult that I anticipated.

How I created the app and command:

So, I created a test app called "TestCommands" using the sample_app template.
Then, I created a dummy script called "testcommand.py" in the bin folder within that app.

import sys
import csv
import splunk.Intersplunk

while True:
    line = sys.stdin.readline()
    if not line.strip(): break

reader = csv.DictReader( sys.stdin )
headers = reader.fieldnames
writer = csv.DictWriter( sys.stdout, headers )
writer.writer.writerows( headers )

(From what I understand, this should just output the headers back to splunk)

I also have a commands.conf located in the default and local folders of the apps. (The directions were unclear as to which of these i should put it in) Both of those contain the same information:

[testscript]
filename = testcommand.py
streaming = true
supports_getinfo=true
maxinputs = 0

My Search is as follows:

source="pathname\dummydata.csv" | testscript" 

I have checked that the data source isn't the problem.
Thanks for the help.

OL
Communicator

I had this issue when upgrading my python SDK of my app to version 1.3.0 (from 1.2.3). The solution was to add at the beginning of my script the following lines (as it is the case in the new examples):

import sys

from splunklib.searchcommands import \
    dispatch, StreamingCommand, Configuration, Option, validators

Hope it might help others 🙂

0 Karma

Stephen93Marsh
Explorer

I'll try that Chris. If I start basic enough, its bound to work. Thanks

0 Karma

chris
Motivator

Maybe you could start by copying one of the commands in the search app. uniq.py a very basic example.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Your command does not do anything that appears to support getinfo and the error message mentions the same, so I suggest turning that off in commands.conf.

martin_mueller
SplunkTrust
SplunkTrust

Concerning local vs default, put the .conf in default. You're the creator of the app, so you provide the default configuration. The user of your app can then override things in local if he needs to.

0 Karma

Stephen93Marsh
Explorer

After trying this, it just says "Unknown search command" 😞

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...