https://community.splunk.com/t5/Getting-Data-In/When-building-a-modular-input-how-to-index-JSON-data/m-p/323696#M60262 <P>This may help:<BR /> <A href="https://answers.splunk.com/answers/620832/error-execprocessor-message-from-scriptpy-error-ca.html">https://answers.splunk.com/answers/620832/error-execprocessor-message-from-scriptpy-error-ca.html</A></P> Tue, 10 Apr 2018 04:46:40 GMT p_gurav 2018-04-10T04:46:40Z https://community.splunk.com/t5/Getting-Data-In/When-building-a-modular-input-how-to-index-JSON-data/m-p/323695#M60261 <P>Hi,</P> <P>I am building a modular input using Add-on Building and python.<BR /> When I am trying to index JSON data I get this error: "ERRORcannot serialize {u'rule-number': 1, u'type': u'access-rule..."</P> <P>Any clue about this issue?</P> <P>The relevant portion of code is: </P> <PRE><CODE>res = json.load(response) rules = res['rulebase'] for rule in rules: event = helper.new_event(source=helper.get_input_type(), index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=rule) ew.write_event(event) </CODE></PRE> <P>Best regards,</P> Mon, 09 Apr 2018 11:59:12 GMT https://community.splunk.com/t5/Getting-Data-In/When-building-a-modular-input-how-to-index-JSON-data/m-p/323695#M60261 apezuela 2018-04-09T11:59:12Z https://community.splunk.com/t5/Getting-Data-In/When-building-a-modular-input-how-to-index-JSON-data/m-p/323696#M60262 <P>This may help:<BR /> <A href="https://answers.splunk.com/answers/620832/error-execprocessor-message-from-scriptpy-error-ca.html">https://answers.splunk.com/answers/620832/error-execprocessor-message-from-scriptpy-error-ca.html</A></P> Tue, 10 Apr 2018 04:46:40 GMT https://community.splunk.com/t5/Getting-Data-In/When-building-a-modular-input-how-to-index-JSON-data/m-p/323696#M60262 p_gurav 2018-04-10T04:46:40Z https://community.splunk.com/t5/Getting-Data-In/When-building-a-modular-input-how-to-index-JSON-data/m-p/323697#M60263 <P>try json.dump before you write the events</P> Wed, 15 Aug 2018 22:43:24 GMT https://community.splunk.com/t5/Getting-Data-In/When-building-a-modular-input-how-to-index-JSON-data/m-p/323697#M60263 smoir_splunk 2018-08-15T22:43:24Z https://community.splunk.com/t5/Getting-Data-In/When-building-a-modular-input-how-to-index-JSON-data/m-p/323698#M60264 <P>Hi,</P> <P>Have you looked at the structure of the raw data ? Splunk modular input is sending data as a xml, and therefor you json parsing fails. i am myself unsure how this is expected to work.</P> <P>raw event<BR /> 2018-10-22T13:05:51.329000+0200{'test': 'Issue', 'time': '2018-10-22T13:05:51.329000+0200'}</P> <P>real event<BR /> {'test': 'Issue', 'time': '2018-10-22T13:05:51.329000+0200'}</P> <P>related post<BR /> <A href="https://answers.splunk.com/answers/693177/parsing-of-splunk-modular-input-with-json-data.html">https://answers.splunk.com/answers/693177/parsing-of-splunk-modular-input-with-json-data.html</A></P> Mon, 22 Oct 2018 11:09:11 GMT https://community.splunk.com/t5/Getting-Data-In/When-building-a-modular-input-how-to-index-JSON-data/m-p/323698#M60264 AndersNierhoff 2018-10-22T11:09:11Z