Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I add a python module for external lookup command?

ndoshi
Splunk Employee
Splunk Employee
‎06-26-2011 08:25 PM

I know the answers site has a description for having one Python program call another, which includes a custom module, but this seems to be more geared for scripted inputs or alerts. http://splunk-base.splunk.com/answers/8/can-i-add-python-modules-to-the-splunk-environment. I have a custom module that works outside of Splunk in Python 2.6, but I need to use this within a lookup Python script. The script will have parameters passed within it as labeled in transforms.conf. The custom module will eventually call native C/C++ code. The module builds itself into an egg file. I can't simply drop this file into Splunk's Python 2.6 site-packages directory as even the import didn't work. How do I let Splunk know about this module so that the lookup Python script can import and use it?

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

BryantD
Explorer
‎06-28-2011 12:40 PM

Try using a wrapper script. The one described in the answer you link to is possibly more complex than what's needed for lookups. I solved this problem yesterday using a wrapper, as follows.

wrapper.py:

import os

NEW_PYTHON_PATH = '/usr/bin/python'

os.environ['PYTHONPATH'] = NEW_PYTHON_PATH
my_process = '/opt/splunk/etc/apps/zgp/bin/lookup.py')

os.execv(my_process, ())

View solution in original post

0 Karma
Reply
Solved! Jump to solution

rosslord
Engager
‎02-03-2012 01:18 PM

As an aside, I was able to call a script with this:

#!/bin/bash
/usr/bin/python /path/to/python/script.py

.. andit found all my moduldes and worked fine.

Reply
Solved! Jump to solution

ndoshi
Splunk Employee
Splunk Employee
‎02-06-2012 06:12 AM

My original question was for lookup scripts as lookups call Python directly and do not call shell scripts.

0 Karma
Reply
Solved! Jump to solution
Solution

BryantD
Explorer
‎06-28-2011 12:40 PM

Try using a wrapper script. The one described in the answer you link to is possibly more complex than what's needed for lookups. I solved this problem yesterday using a wrapper, as follows.

wrapper.py:

import os

NEW_PYTHON_PATH = '/usr/bin/python'

os.environ['PYTHONPATH'] = NEW_PYTHON_PATH
my_process = '/opt/splunk/etc/apps/zgp/bin/lookup.py')

os.execv(my_process, ())
0 Karma
Reply
Solved! Jump to solution

ndoshi
Splunk Employee
Splunk Employee
‎06-28-2011 05:32 PM

Thanks for your reply. I think the the field header arguments would have to be put in the myprocess = ... part. Lowell provided an even easier answer in a past post for my module that happens to be in an egg: Lowell wrote "Instead I recommend creating .egg files, putting them in your own lib folder, and explicitly doing a sys.path.append("/your/lib/whatever.egg") before your import."

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...