Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Need help with a custom dashboard that calls external URLs to retrieve Mac_address attributes.

dadepu
Engager
‎11-30-2017 12:04 PM

Hi Splunkers,

I’m working on custom command script which should basically do the following:I need to create a dashboard where a customer enter a Mac_address and should get the attributes of the Mac_address (which are not available in the events).I have worked on a python script which will call the external URL’s to get the attributes of the Mac_address but I am unable to figure out what should be the next step. These are few doubts that I have
1) How can I send those Mac_address attributes to splunk as results?
2) Something like this in the search bar - | mycommand “xx:xx:xx:xx:xx:xx” (only one argument (Mac_address) at a time) this will be my full search query, is it possible?
So can anyone please let me know what the available options to get my desired outcome are? Is writing a custom command is good approach?

0 Karma
Reply

paramagurukarth
Builder
‎12-03-2017 09:40 PM

You can pass as normal argument

| YourCUstomCommand($entered_ip_address$)

And it will be available in sys.argv
Please go through the "Handling errors" in this link

I did this once, now forgot the exact syntax.. try | YourCUstomCommand $entered_ip_address$ if the above didn't worked

0 Karma
Reply

MuS
Legend
‎12-03-2017 06:58 PM

Hi dadepu,

there is an App already on Splunkbase https://splunkbase.splunk.com/app/1249/ 😉

cheers, MuS

Reply

woodcock
Esteemed Legend
‎12-03-2017 06:39 PM

You can use an external lookup (AK scripted lookup) like this:

| makeresults | eval Mac_Address=$Mac_Address$ | lookup YourExternalLookupHere MacAddress | fields - _time

http://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Configureexternallookups

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...