hello I have a modular input script which estract data from a external source with a interval ejecution this script has an Schema, I wont to use the schema data for a script ejecution in search
Modular input scheme script:
import json
import time
import urllib2
from splunklib.modularinput import *
class MyScript(Script):
def get_scheme(self):
scheme = Scheme("x")
scheme.description = ("x")
scheme.use_external_validation = True
scheme.use_single_instance = False
api_arg = Argument(
name="api",
title="API Code",
data_type=Argument.data_type_string,
required_on_create=True,
required_on_edit=True
)
scheme.add_argument(api_arg)
return scheme
def validate_input(self, definition):
api = definition.parameters["api"]
def stream_events(self, inputs, ew):
api = input_item["api"]
list=[]
count=0
try:
r = urllib2.Request("URLLLLLLL".format(api))
t = json.loads(urllib2.urlopen(r).read())
logevent = Event()
logevent.stanza = input_name
logevent.data = json.dumps(t, sort_keys=True, separators=(',',':'))
ew.write_event(logevent)
if __name__ == "__main__":
exitcode = MyScript().run(sys.argv)
sys.exit(exitcode)
using following search
| script commandname arg1 arg2
my script use api schema data and update or add events to my index
¿any example of my script?
... View more