Splunk Search

want to forward contents of stdin to my script

alexl1
Path Finder

hi,

I am trying to do this but it doesn't work

import os, re, sys
import splunk.Intersplunk, splunk.mining.dcutils as dcu
import subprocess
from subprocess import call, PIPE, STDOUT, Popen
logger    = dcu.getLogger()
p = Popen(['scripts/trapblaster.pl'], stdout=PIPE, stdin=PIPE, close_fds=True)
r=splunk.Intersplunk.readResults();
for i in r:
 p.communicate(input=i)

The "trapblaster.pl" script is just

#!/usr/bin/perl
$|=1;
open FILE, ">>/tmp/hi.txt";
while (<STDIN>){ 
 print FILE;
}
close FILE;

thanks

Tags (1)
0 Karma
1 Solution

Gilberto_Castil
Splunk Employee
Splunk Employee

Here is the snippet again. I am unsure of the complete purpose of your script so this purely mechanical to answer your question.

perlExec = '/usr/bin/perl '
perlScript = '/opt/splunk/etc/apps/search/bin/trapblaster.pl '
perlArgs = perlExec + perlScript
perlCommand = shlex.split(perlArgs)

p = subprocess.Popen(perlCommand, stdout=subprocess.PIPE)

while True :
  result = p.stdout
  rc = p.wait()
  if rc == None :
    continue
  else :
    break

Perhaps you may take a minute to explain the purpose of your script so we can better address your question. Are you trying to build a scripted input? A custom Splunk commad?

View solution in original post

Gilberto_Castil
Splunk Employee
Splunk Employee

Here is the snippet again. I am unsure of the complete purpose of your script so this purely mechanical to answer your question.

perlExec = '/usr/bin/perl '
perlScript = '/opt/splunk/etc/apps/search/bin/trapblaster.pl '
perlArgs = perlExec + perlScript
perlCommand = shlex.split(perlArgs)

p = subprocess.Popen(perlCommand, stdout=subprocess.PIPE)

while True :
  result = p.stdout
  rc = p.wait()
  if rc == None :
    continue
  else :
    break

Perhaps you may take a minute to explain the purpose of your script so we can better address your question. Are you trying to build a scripted input? A custom Splunk commad?

alexl1
Path Finder

thanks, what I want the script for is, I save the logs of historical traps, and sometimes I want to re-send them with a net-snmp command line utility called snmptrap. So I want to send the raw event to my script and then my script will parse it and send it as a trap.

0 Karma

Gilberto_Castil
Splunk Employee
Splunk Employee

You need to wait until the subprocess ends. It seems that the Python code should work but you have to wait for the subprocess to complete before jumping to the next step in your program (or loop iteration in this case).

In essense, the subprocess probably completes and returns a value when you execute the code manually. However, I suspect that when integrating this into the Splunk custom command you do not see the results -if any at all.

Here is a snippet of code that works for me:

while True :
  rc = p.wait()
  if rc == None :
    continue
  else :
     break

The lag is not humanly noticeable.

--

As for the Perl script, you need a shell or Python wrapper. However, if the data is already in a readable ASCII file, why not have a Splunk monitor pick up the data?

0 Karma

alexl1
Path Finder

thx for ur help, can you type the complete code because i don't know where to put p=Popen and p.communicate relative to your code. thx

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...