Databases Reference
In-Depth Information
When to write a command
Given the warning about performance, there are still times it will make sense
to write a command. I can think of a few reasons:
• You need to perform a specific action that cannot be accomplished
using internal commands
• You need to talk to an external system (though a lookup may be
more efficient)
• You need to produce "events" out of thin air, perhaps from an external
service or for testing
I'm sure you can think of your own reasons. Let's explore the nuts and bolts
of different types of commands.
Configuring commands
Before we start writing commands, there is some setup that must be done for all
commands. First, every command will need an entry in the
commands.conf
the
of your app. Let's take a look at the following sample stanza:
[commandname]
filename = scriptname.py
streaming = false
enableheader = true
run_in_preview = true
local = false
retainsevents = false
Stepping through the following attributes:
•
[commandname]
: The command available to search will be the title of the
stanza, in this case
commandname
.
•
filename = scriptname.py
: The script to run. It must live in the directory
bin
inside your app.
•
streaming = false
: By default, only one instance of each command will
be run on the complete set of results. The assumption is that all events are
needed for the script to do its work. If your script works on each event
individually, set this value to
true
. This will eliminate the event limit,
which by default is 50,000, as specified by
maxresultrows
in
limits.conf
.
Search WWH ::
Custom Search