Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Installation #7

Open
codesmaker opened this issue Mar 29, 2017 · 6 comments
Open

Installation #7

codesmaker opened this issue Mar 29, 2017 · 6 comments

Comments

@codesmaker
Copy link

Hi,

I'm new to Splunk and I have been trying to collect some info about user agents from my web server and by chance, I found your python script which looks very promising. Since there is no instruction about how to install and I'm totally new to all this, I feel lost. Could you please guide me?
@JustinAzoff
Copy link
Owner

JustinAzoff commented Mar 29, 2017
edited
Loading

Following http://docs.splunk.com/Documentation/Splunk/6.5.2/Search/Customcommandlocation should work

It just needs to go in a apps/whatever/bin/ and then in apps/whatever/local/commands.conf:


[ua2os]
chunked = true
filename = ua2os.py

@codesmaker
Copy link
Author

Thanks a lot for the help and sorry for the noob questions. It was indeed easy to install. I just had to follow your instructions and ua2os plugin was among the plugins in Splunk.

I've managed to make to visible and now it's just below the search plugin. When I click on it, I get the search bar, just as if I clicked on the search and reporting plugin. I'm not sure how it works. I did a quick query:
host=node1 useragent="*" | stats count by useragent

I actually get all the user agents in that specific host but I still get:
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0

What am I missing here?

@JustinAzoff
Copy link
Owner

Oh.. it sounds like you created a ua2os app instead of just adding it as a command to an existing app. The way it's used is by doing a

host=node1 useragent="*" | ua2os | stats count by browser

@codesmaker
Copy link
Author

Ah I understand. OK, I tried to add it to the search & reporting app. I've copied ua2os.py to
/opt/splunk/etc/apps/search/bin
There is no "local" directory inside search & reporting directory but the "commands.conf" exists under the "default" directory. So, I've modified it and added the lines you suggested and restarted splunk.
When I use
host=node1 useragent="*" | ua2os | stats count by browser
It hangs there saying "parsing job....". I also have a warning in the splunk log
"04-04-2017 10:52:45.863 +0200 WARN InstalledFilesHashChecker - An installed file="/opt/splunk/etc/apps/search/default/commands.conf" did not pass hash-checking due to reason="content mismatch"

Is it because of the warning the search doesn't work?

@JustinAzoff
Copy link
Owner

The problem is you aren't supposed to modify files in default/. If local/ didn't exist you just need to create it and then add a new commands.conf in there. I think you can also setup the command through the GUI which will effectively do the same thing.

@codesmaker
Copy link
Author

I've already tried that. The problem is that when I run the query, I get "Parsing job..." and it stays there. Anyways, Thanks a lot for your time and efforts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JustinAzoff @codesmaker