Re: Why I get "error code 1" ?

cycheng · ‎08-15-2013

I created a custom search command called my_formula.py. When I run the script in my command prompt, everything works fine. Then I run it in Splunk search bar, it shows "External search command 'my_formula' returned error code 1".

I tried to check what is the exact error with below command:
index=_internal sourcetype=splunkd ExecProcessor

But I just get nothing. Does anybody know how to view the stdout or stdin message in Splunk? Please help.

praveenkpatidar · ‎10-05-2016

See my answer

https://answers.splunk.com/answers/145246/external-search-command-mypythonfile-returned-error-code-1...

cycheng · ‎08-15-2013

I get my answer from http://answers.splunk.com/answers/62473/how-to-execute-external-script-to-manipulate-file-from-searc...

try:
  :
except:
   import traceback
   stack =  traceback.format_exc()
   results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))

sbrant_splunk · ‎08-15-2013

Are you utilizing python that comes with the OS or the one that comes with Splunk? Try running your script like this:

$SPLUNK_HOME/bin/splunk cmd python my_formula.py

This should run it with the Splunk python distribution.

cycheng · ‎08-15-2013

Thanks for your answer. My first line of script is
results,unused1,unused2 = splunk.Intersplunk.getOrganizedResults()

The script should get the search results before proceed:
index=my_index | my_formula

May I know how can I pass the search results through command above? I tried below command and it is not working also:
splunk search "index=my_index | my_formula"

Why I get "error code 1" ?

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...