![]() You can also configure permissions for the app, or change it’s visibility to allow the commands to be accessible from anywhere within Splunk. Now that the search command is complete, the app can be packaged and up as any other application and then published on Splunk Apps or put on a share where it can be imported into a Splunk instance. You can see in the screenshot that the event_no field has also been picked up, allowing it to be selected if the view is switched to “Table” You can see Splunk has picked up our events! Entering “ | helloworld count=5” at the search bar should return the expected “Hello World” events as in the screenshot below. Notice below the “Generate Hello” app:Ĭlicking on that app will then take you to the search screen. Once you have logged in to the instance you should the new app has been loaded. If your Splunk instance is already running, you’ll need to restart it to have it load the new command either using the Splunk CLI or from Splunk UI. Now that we can see that the command is working we can test it out in Splunk. If you try to run without passing count, you’ll get an error as count is required:Īnd if a letter is provided for count, it will also fail as it is not an Integer:įinally, any error output that is generated is also available within the log file which is in the root of the application: ![]() The specific values in this case don’t really matter, but you must put something.Īuthoring a search command involves 2 main steps, first specify parameters for the search command, second implement the generate() function with logic which creates events and returns them to Splunk.Įdit generate hello.py in the bin folder and paste the following code: Replace each of the remaining $(…) values with the appropriate information based on the name.Replace each instance of $(command.lower()) with helloworld as this is the name of the command.Replace each instance of $(command.title()) with GenerateHello.Edit bin/generatehello.py, and app.conf, commands, conf and nf in the default folder. Now we need to do some search and replacing in the template. Rename generating.py to generatehello.py.Delete report.py and stream.py as we’re creating a generating command. Go into the bin folder of the new app.Copy the “./splunk-sdk-python/splunklib folder into the $SPLUNK_HOME/etc/apps/generatehello_app/bin folder.Next copy the contents of “./splunk-sdk-python/examples/search_commands_template” to $SPLUNK_HOME/etc/apps/generatehello_app.“~/” go clone the Splunk SDK for Python using the following command: git Go into that folder you just installed and run the setup. Go to your $SPLUNK_HOME/etc/apps folder and create a new folder called generatehello_app.Here are the steps to create a new app using the template. Fortunately the Splunk SDK for Python includes a template which you can use as a start point. As with any Splunk app there is a specific file layout and some configuration files that are required. As you can see it outputs a series of “Hello World” events.Ĭustom search commands are deployed via a Splunk application. The command is not very useful in itself, but it is a quick way to see how you can author custom commands.īelow is a screenshot of using the command we’re going to build. We’re going to create a GenerateHello command that will generate Hello World events based on a supplied count. A generating command generates events which can be from any source, for example an internal system, or an external API. In this post, we’re going to focus on building a very basic Generating command. In this and other upcoming posts we’re going to look at how to develop several different search commands to illustrate what you can do with this. Custom search commands in our Python SDK allow you to extend Splunk’s search language and teach it new capabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |