All Apps and Add-ons

Accessing Response Handler Arguments from responsehandlers.py for REST API Modular Input app

AmyAllocate
Engager

I have just one parameter I need to pass through my API, it is a string, here is how my "Response Handler Arguments" field looks in the Splunk apps settings for the REST data input:

string=abc

I've seen a few questions on here and people seem to have this format for their arguments.
Now I want to pass this string into the handler, and then add it on to the events I am streaming into Splunk. My question is, how do I access this string for use in the python program.

I've tried the traditional args method of python, but it's running rest.py or another program which isn't the same program. I've tried logging the values in the "req_args" value passed into the "call_" function, to see what they are, but they don't seem to contain my string value.

In a few other examples[1], people seem to check if the "req_args" contains a "params" key, value pair, and if it doesn't they create one, and then create the arguments in the program. I am very confused by this as I assumed the idea of arguments was to pass them from outside the program, so I'm confused as to why people are creating parameters during the programs execution and then doing nothing with them.

Thanks!

0 Karma
1 Solution

Damien_Dallimor
Ultra Champion
class MyJSONArrayHandler:

    def __init__(self,**args):
        self.somekey = args['somekey']
        pass

    def __call__(self, response_object,raw_response_output,response_type,req_args,endpoint):
        if response_type == "json":
            output = json.loads(raw_response_output)

            for entry in output['value']:
                entry['somekey'] = self.somekey
                print_xml_stream(json.dumps(entry))
        else:
            print_xml_stream(raw_response_output)

View solution in original post

Damien_Dallimor
Ultra Champion
class MyJSONArrayHandler:

    def __init__(self,**args):
        self.somekey = args['somekey']
        pass

    def __call__(self, response_object,raw_response_output,response_type,req_args,endpoint):
        if response_type == "json":
            output = json.loads(raw_response_output)

            for entry in output['value']:
                entry['somekey'] = self.somekey
                print_xml_stream(json.dumps(entry))
        else:
            print_xml_stream(raw_response_output)

jpanderson
Path Finder

Worked for me, thanks a lot!

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...