I created the directory you stated:
$SPLUNK_HOME/etc/apps/your_app_name/bin/lib
I then created:
$SPLUNK_HOME/etc/apps/your_app_name/bin/commands.conf.
Inside I added:
# type of script: 'python', 'perl'
TYPE = python
# is command streamable?
streaming = false
# maximum data that can be passed to command (0 = no limit)
maxinputs = 50000
[test_sdk]
filename = test_sdk.py
In bin/lib I have an init.py file and test_sdk.py
[root@splunk lib]# ls -l
total 0
-rw-r--r--. 1 root root 0 Mar 11 12:01 __init__.py
-rw-r--r--. 1 root root 0 Mar 11 12:00 test_sdk.py
In $SPLUNK_HOME/etc/apps/your_app_name/bin/ta__adaptive_response/, I have "modalert_blacklist_block_helper.py". This file has "import test_sdk".
When I run a test, it still can't import test_sdk. Any ideas?
... View more