hi,
I am trying to do this but it doesn't work
import os, re, sys
import splunk.Intersplunk, splunk.mining.dcutils as dcu
import subprocess
from subprocess import call, PIPE, STDOUT, Popen
logger = dcu.getLogger()
p = Popen(['scripts/trapblaster.pl'], stdout=PIPE, stdin=PIPE, close_fds=True)
r=splunk.Intersplunk.readResults();
for i in r:
p.communicate(input=i)
The "trapblaster.pl" script is just
#!/usr/bin/perl
$|=1;
open FILE, ">>/tmp/hi.txt";
while (<STDIN>){
print FILE;
}
close FILE;
thanks
Here is the snippet again. I am unsure of the complete purpose of your script so this purely mechanical to answer your question.
perlExec = '/usr/bin/perl '
perlScript = '/opt/splunk/etc/apps/search/bin/trapblaster.pl '
perlArgs = perlExec + perlScript
perlCommand = shlex.split(perlArgs)
p = subprocess.Popen(perlCommand, stdout=subprocess.PIPE)
while True :
result = p.stdout
rc = p.wait()
if rc == None :
continue
else :
break
Perhaps you may take a minute to explain the purpose of your script so we can better address your question. Are you trying to build a scripted input? A custom Splunk commad?
Here is the snippet again. I am unsure of the complete purpose of your script so this purely mechanical to answer your question.
perlExec = '/usr/bin/perl '
perlScript = '/opt/splunk/etc/apps/search/bin/trapblaster.pl '
perlArgs = perlExec + perlScript
perlCommand = shlex.split(perlArgs)
p = subprocess.Popen(perlCommand, stdout=subprocess.PIPE)
while True :
result = p.stdout
rc = p.wait()
if rc == None :
continue
else :
break
Perhaps you may take a minute to explain the purpose of your script so we can better address your question. Are you trying to build a scripted input? A custom Splunk commad?
thanks, what I want the script for is, I save the logs of historical traps, and sometimes I want to re-send them with a net-snmp command line utility called snmptrap. So I want to send the raw event to my script and then my script will parse it and send it as a trap.
You need to wait until the subprocess ends. It seems that the Python code should work but you have to wait for the subprocess to complete before jumping to the next step in your program (or loop iteration in this case).
In essense, the subprocess probably completes and returns a value when you execute the code manually. However, I suspect that when integrating this into the Splunk custom command you do not see the results -if any at all.
Here is a snippet of code that works for me:
while True :
rc = p.wait()
if rc == None :
continue
else :
break
The lag is not humanly noticeable.
--
As for the Perl script, you need a shell or Python wrapper. However, if the data is already in a readable ASCII file, why not have a Splunk monitor pick up the data?
thx for ur help, can you type the complete code because i don't know where to put p=Popen and p.communicate relative to your code. thx