|
Hi, does Splunk has a possibility to run server side scripts (python, ruby) based on a splunk search result? The search output should be the input (e.g. a number or list of numbers) for the server side script. Something like this: ... | fields X | my_server_script X Thanks! |
|
This should be possible by defining a custom search command. Your new search command extends the Splunk search language, and Splunk uses your new command by calling the script that implements it. Some of the existing commands in Splunk (iplocation) are implemented using this facility. These scripts are currently expected to be python scripts. A "runshellscript" command exists in my $SPLUNK_HOME/etc/apps/search/default/commands.conf that looks somewhat interesting. Your command would receive a stdin dump of the current search results, which you could do as you please with. Docs at http://www.splunk.com/base/Documentation/latest/SearchReference/Aboutcustomsearchcommands |
|
you could also define a scripted alert that fires off a script using search results when a set condition is met: http://www.splunk.com/base/Documentation/latest/Admin/Configurescriptedalerts |