Hello,
I'm trying to findout how external lookup definition work. I've a python script which tell me if the date and hour provide in input is a business hour or not.
My script is based on the dns lookup example (external_lookup.py) script provided by Splunk. Here the output :
[splunk@dummy bin]# /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/dummy/bin/is_hno.py date_year date_month date_mday date_hour is_hno < test.csv
date_year,date_month,date_mday,date_hour,is_hno
2013,april,01,09,True
2013,april,02,02,True
2013,april,02,09,False
My transforms.conf file :
[hnocalc]
default_match = 0
external_cmd = $SPLUNK_HOME/etc/apps/dummy/bin/is_hno.py date_year date_month date_mday date_hour is_hno
fields_list = date_year,date_month,date_mday,date_hour,is_hno
max_matches = 1
min_matches = 1
My props.conf file :
[dummy]
LOOKUP-hnocalc = hnocalc date_hour date_mday date_month date_year OUTPUTNEW is_hno
When trying to use my new lookup definition :
* | lookup hnocalc date_year, date_month, date_mday, date_hour OUTPUTNEW is_hno
Splunk doesn't found my lookup definition ; error message :
Error in 'lookup' command: The lookup table 'hnocalc' does not exist.
And python logs file doesn't tell me anything about my script. It seems Splunk never run my script. I've checked also my rights but since I've made entry it should be fine.
[root@dummy bin]# ls -al | grep is_hno.py
-rwxr-xr-x 1 splunk splunk 6924 mai 7 13:12 is_hno.py
And I'm stuck at this step. I've already tested an external csv file which work well but as we have constraints in my country ; using scripted file is more appropriate.
Tell me if you have any idea about why splunk doesn't run my script.
Regards,
Aurelien
... View more