Databases Reference
In-Depth Information
This is a larger script, but hopefully it is clear what is happening. Notice in this
example a few new things:
• Most of the logic is in the class definition. This provides a better separation
of Splunk-specific logic and business logic.
• Testing for
__main__
, as is the Python way.
• Exception handling.
• A nicer exception for failed parsing of integer arguments.
• Field names with spaces in them.
Our entry in
commands.conf
does not allow streaming, and does not retain events:
[countwords]
filename = countwords.py
retainsevents = false
streaming = false
We can then use our command as follows:
* | countwords
This will give us back a table, as shown in the following screenshot:
Search WWH ::
Custom Search