Hi everyone,

Im using Splunk APP https://splunkbase.splunk.com/app/1546/
I want to split a single JSON array event to multiple events by the word"addrRef".
if you see my JSON array example and at the end I wrote Response handler which is not working
but is not sending any error either when I look at my "_internal" logs.

If anyone could tell me why my reponse handler is not working or what Im doing wrong?

Best regards

Json Array

{ [-]
result: { [-]
ipamRecords: [ [-]
{ [-]
addrRef: IPAMRecords/248211
address: 10.1.1.20
claimed: false
customProperties: { [+]
}
device:
dhcpLeases: [ [+]
]
dhcpReservations: [ [+]
]
discoveryType: ARP
dnsHosts: [ [+]
]
extraneousPTR: false
interface:
lastDiscoveryDate: Feb 3, 2022 08:11:04
lastKnownClientIdentifier: AB:BA:CA:FF:EA:66
lastSeenDate: Feb 3, 2022 07:55:17
ptrStatus: OK
state: Assigned
usage: 25140
}
{ [-]
addrRef: IPAMRecords/357310
address: 10.2.2.21
claimed: false
customProperties: { [+]
}
device:
dhcpLeases: [ [+]
]
dhcpReservations: [ [+]
]
discoveryType: Ping
dnsHosts: [ [+]
]
extraneousPTR: false
interface:
lastDiscoveryDate: Feb 2, 2022 13:40:17
lastKnownClientIdentifier: BA:BB:AA:B5:28:AC
lastSeenDate: Nov 3, 2017 17:07:34
ptrStatus: OK
state: Assigned
usage: 24596
}
{ [+]
}
{ [+]
}
{ [+]
}
{ [+]
}
{ [+]
}
]
totalResults: 7
}
}

MY RESPONSE HANDLER NOT WORKING, BUT NOT GIVING ANY ERROR ON  "index=_interna host=Myhost":

vi /opt/splun/etc/apps/rest_ta/bin/responsehandlers.py

class MenAndMiceHandler:

def __init__(self,**args):
pass

def __call__(self, response_object,raw_response_output,response_type,req_args,endpoint):
if response_type == "json":

output = json.loads(raw_response_output)

for addrRef in output:
print_xml_stream(json.dumps(addrRef))
else:
print_xml_stream(raw_response_output)