All Apps and Add-ons

How to prevent TA-webtools curl command from running with an empty result set

bowesmana
SplunkTrust
SplunkTrust

In a query that culminates in a curl command on a resuult, when the result set if empty, it's not possible to prevent the curl command from trying to execute.

A workaround I am using is to set the urifield rather than using uri, as then when there are not results and no urifield, the curl call just returns an error saying no URL specified.

However, it would be nice to be able to indicate the curl command do nothing when the results.len = 0. Currently when results is 0, it just goes and tries to run the curl.

My search is running as a saved search and all iterations will record an error when there are no  results.

Labels (1)
Tags (2)
0 Karma

jkat54
SplunkTrust
SplunkTrust

This is the intended behavior

if len > 0... act like a streaming command

else... act like a generating command

this lets the command have the flexibility to run once per result fed to it, or to just run one time all by itself.

Can you use additional logic to get around it?

perhaps a subsearch with eval if/case which returns the curl command OR "null"

Instead of the opposite direction you're going where a null is fed to the curl command.

 

 

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...