Solved: Re: Debugging custom search commands

Marinus · ‎09-26-2011

I've been tinkering with a custom search command that uses win32com.client.
When I try to invoke my search command I get the following error

(-2147352567, 'Exception occurred.', (0, None, None, None, 0, -2147200925), None)

I've tried to call the offending section using the bundled interpreter, and it works just fine.

./splunk cmd python

Any ideas I'm kinda stumped.
I really don't want to have my search command, exec an external interpreter.

== Update ==
I've implemented another version that execs a vbs script to invoke the win32 com component.
It also fails which leads me to believe that splunkd is doing something funny.

Marinus · ‎10-10-2011

Running splunk under a normal user account solves the problem.
On Windows splunk cmd python doesn't run in the same context as the service.

View solution in original post

Marinus · ‎10-10-2011

Running splunk under a normal user account solves the problem.
On Windows splunk cmd python doesn't run in the same context as the service.

Drainy · ‎09-27-2011

I would follow http://splunk-base.splunk.com/answers/31262/sysstderr-not-logging-to-splunkd

I have been having issues with trying to find errors with custom commands and the link above has an answer which explains how to add logging information to your script so you can try to track where it is producing errors or how far it is going.

Marinus · ‎09-28-2011

I am able to trap the error. The issue is what the splunkd process does to the environment that causes the python interpreter to behave differently.

Debugging custom search commands

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases