<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic SplunkSDK SplunkJS oneshotSearch unable to get splunk query result as response in Splunk Dev</title>
    <link>https://community.splunk.com/t5/Splunk-Dev/SplunkSDK-SplunkJS-oneshotSearch-unable-to-get-splunk-query/m-p/695811#M11632</link>
    <description>&lt;P&gt;Hi Team,&lt;/P&gt;&lt;P&gt;I am using SplunkSDK version 1.12.1 (&lt;SPAN class=""&gt;&lt;A href="mailto:splunk-sdk@1.12.1" target="_blank" rel="noopener"&gt;splunk-sdk@1.12.1&lt;/A&gt;). We are using oneshotSearch to get splunk query data from the Get api. Please see below code snippet for executeSearch&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;module.exports.executeSearch = function (query, params, cb) {        
        splunkService.oneshotSearch(query, params, function (err, results) {
        console.log("Query is : "+query);
        cb(err, results);
  });
};&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Below code is from where we are calling above&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;SplunkQuery.executeSearch(splunkSearch, splunkParams, function (err, results) {  
   if (err) {
      if (err.data &amp;amp;&amp;amp; err.data.messages) {
        Log.error(err.data.messages);
      }
      var error = Boom.badRequest();
      error.reformat();
      error.output.payload = Response.buildResponse(Errors.ERROR_RECORD_RETRIEVAL_FAILURE, []);
      // return reply(error);
      throw err;
    }
    var events = [];
    var rawRowIndex = results.fields.indexOf('_raw');
    if (results.rows.length == 0 &amp;amp;&amp;amp; request.query.id) {
      var error = Boom.badRequest();
      error.reformat();
      error.output.payload = Response.buildResponse(Errors.ERROR_INVALID_ID_PARAM, []);
      return h.response(error);
    }

    for (var i = 0; i &amp;lt; results.rows.length; i++) {
      var splunkRecord = results.rows[i];
      Log.info("splunkRecord"+splunkRecord);
      if (splunkRecord &amp;amp;&amp;amp; splunkRecord[rawRowIndex]) {
        var rawRecord = splunkRecord[rawRowIndex];        
    events.push(Util.splunkRecordToEvent(JSON.parse(rawRecord.replace(/\nValue of UseDynamoDB = True/g, ''))));
       }
    }
   Log.info("end splunck sear");
   Log.info('Splunk search completed, events count:'+events.length);
   h.response(Response.buildResponse(0, events));
  });&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I can see the result or events in console with the search count (Splunk Search completed, events count: ) log as well. But I am getting 500 error as response through curl and postman too. What code changes I have to do to get the result data as response. Please suggest. Thank you&lt;/P&gt;</description>
    <pubDate>Fri, 09 Aug 2024 09:53:48 GMT</pubDate>
    <dc:creator>AnandSurya</dc:creator>
    <dc:date>2024-08-09T09:53:48Z</dc:date>
    <item>
      <title>SplunkSDK SplunkJS oneshotSearch unable to get splunk query result as response</title>
      <link>https://community.splunk.com/t5/Splunk-Dev/SplunkSDK-SplunkJS-oneshotSearch-unable-to-get-splunk-query/m-p/695811#M11632</link>
      <description>&lt;P&gt;Hi Team,&lt;/P&gt;&lt;P&gt;I am using SplunkSDK version 1.12.1 (&lt;SPAN class=""&gt;&lt;A href="mailto:splunk-sdk@1.12.1" target="_blank" rel="noopener"&gt;splunk-sdk@1.12.1&lt;/A&gt;). We are using oneshotSearch to get splunk query data from the Get api. Please see below code snippet for executeSearch&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;module.exports.executeSearch = function (query, params, cb) {        
        splunkService.oneshotSearch(query, params, function (err, results) {
        console.log("Query is : "+query);
        cb(err, results);
  });
};&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Below code is from where we are calling above&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="python"&gt;SplunkQuery.executeSearch(splunkSearch, splunkParams, function (err, results) {  
   if (err) {
      if (err.data &amp;amp;&amp;amp; err.data.messages) {
        Log.error(err.data.messages);
      }
      var error = Boom.badRequest();
      error.reformat();
      error.output.payload = Response.buildResponse(Errors.ERROR_RECORD_RETRIEVAL_FAILURE, []);
      // return reply(error);
      throw err;
    }
    var events = [];
    var rawRowIndex = results.fields.indexOf('_raw');
    if (results.rows.length == 0 &amp;amp;&amp;amp; request.query.id) {
      var error = Boom.badRequest();
      error.reformat();
      error.output.payload = Response.buildResponse(Errors.ERROR_INVALID_ID_PARAM, []);
      return h.response(error);
    }

    for (var i = 0; i &amp;lt; results.rows.length; i++) {
      var splunkRecord = results.rows[i];
      Log.info("splunkRecord"+splunkRecord);
      if (splunkRecord &amp;amp;&amp;amp; splunkRecord[rawRowIndex]) {
        var rawRecord = splunkRecord[rawRowIndex];        
    events.push(Util.splunkRecordToEvent(JSON.parse(rawRecord.replace(/\nValue of UseDynamoDB = True/g, ''))));
       }
    }
   Log.info("end splunck sear");
   Log.info('Splunk search completed, events count:'+events.length);
   h.response(Response.buildResponse(0, events));
  });&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I can see the result or events in console with the search count (Splunk Search completed, events count: ) log as well. But I am getting 500 error as response through curl and postman too. What code changes I have to do to get the result data as response. Please suggest. Thank you&lt;/P&gt;</description>
      <pubDate>Fri, 09 Aug 2024 09:53:48 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Splunk-Dev/SplunkSDK-SplunkJS-oneshotSearch-unable-to-get-splunk-query/m-p/695811#M11632</guid>
      <dc:creator>AnandSurya</dc:creator>
      <dc:date>2024-08-09T09:53:48Z</dc:date>
    </item>
  </channel>
</rss>

