Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I add python modules to the Splunk environment?

Simeon
Splunk Employee
Splunk Employee
‎11-06-2009 05:21 PM

How can I add a python module that is not included in the Splunk python bundle? Specifically, I would like to use the pymssql module from within Splunk to run a scripted input.

Labels (1)
Labels
Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

amrit
Splunk Employee
Splunk Employee
‎11-12-2009 07:06 PM

There's also a more upgrade-friendly way to accomplish this. Some of our users setup whichever script they've configured in Splunk as a pass-through to a script that runs using their system Python (with whichever custom modules they've installed).

The steps are roughly:

  • configure your script in splunk (search script, scripted input, whatever)

  • this script should:

    • unset PYTHONPATH (in os.environ)

    • perhaps unset LD_LIBRARY_PATH, depending on your environment (also in os.environ)

    • create a process to run /usr/bin/python (via subprocess)

    • redirect stdin, stdout, stderr to/from script2

script2 can then load any arbitrary python module installed in your system's python installation.

View solution in original post

Reply
Solved! Jump to solution

Dark_Ichigo
Builder
‎10-04-2011 12:27 AM

Is there a step by step tutorial to accomplish this on a Linux environment?

Reply
Solved! Jump to solution

bmacias84
Champion
‎07-07-2015 10:25 AM

As another option I would checkout this post on how to add egg file or source files while still using Splunk python rather than system. http://answers.splunk.com/answers/220196/import-non-native-python-libraries-into-splunk.html#answer-...

0 Karma
Reply
Solved! Jump to solution

Johnvey
Contributor
‎11-06-2009 10:23 PM

Users are free to install any python module they desire. The caveats are, 1) upgrading Splunk may break them, 2) installing newer versions of packages that come with Splunk may produce unknown interaction problems.

To install a python package in splunk:

$ splunk cmd <python_install_command>

So if the package uses the setup.py method:

$ cd path_to_package_setup
$ splunk cmd python setup.py install

Or if it's an egg,

$ splunk cmd ./my-python-installer.egg

The final location of the installed modules would be:

$SPLUNK_HOME/lib/python2.6/site-packages
Reply
Solved! Jump to solution

wollinet
Path Finder
‎01-28-2011 04:21 PM

Is that still supported with 4.1 ? I tried both ways, first one prouced errors, second one didn't produce any output and nothing was installed.

0 Karma
Reply
Solved! Jump to solution

igor
Splunk Employee
Splunk Employee
‎11-06-2009 08:37 PM

Just use the standard way of installing modules (make sure that splunk and python are in path):
Untar pymssql-1.0.2.tar.gz
cd pymssql-1.0.2
splunk cmd python setup.py install

Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...