FilesExpand file tree

 develop

/

incidentresults.py

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

39 lines (28 loc) · 1.22 KB

 develop

/

incidentresults.py

Top

File metadata and controls

• Code
• Blame

39 lines (28 loc) · 1.22 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

import csv

import splunk.rest as rest

import json

import collections

import os, re, sys, urllib

import splunk.Intersplunk, splunk.mining.dcutils as dcu

results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

#(isgetinfo, sys.argv) = intersplunk.isGetInfo(sys.argv)

if len(sys.argv) < 2:

splunk.Intersplunk.generateErrorResults("Please specify a valid incident_id field")

#if isgetinfo:

# intersplunk.outputInfo(False, False, True, False, None, True)

# # outputInfo automatically calls sys.exit()

sessionKey = settings.get("sessionKey", None)

incident_id_field = sys.argv[1]

for row in results:

if incident_id_field in row:

query = { 'incident_id': row[incident_id_field] }

uri = '/servicesNS/nobody/alert_manager/storage/collections/data/incident_results?query=%s' % urllib.quote(json.dumps(query))

serverResponse, serverContent = rest.simpleRequest(uri, sessionKey=sessionKey)

if serverResponse['status'] == "200":

data = json.loads(serverContent)

inc_results = data[0]

for field in inc_results["field_list"]:

# TODO: Support for multi-value fields

if field in inc_results["fields"][0]:

row[field] = inc_results["fields"][0][field]

splunk.Intersplunk.outputResults( results )