All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-On Builder + REST API Modular Input -- Custom code error

marziaolla
Path Finder
‎09-06-2017 08:13 AM

Hi,
i'm trying to make a REST API Modular input for an external service using Splunk Add-On Builder to collect data from the external app.

I'm using this Python code:

#encoding = utf-8

import os
import sys
import time
import datetime
import json
import requests

def validate_input(helper, definition):
    object = definition.parameters.get('object', None)
    query = definition.parameters.get('query', None)
    pass


def collect_events(helper, ew):
    opt_object = helper.get_arg('object')
    opt_query = helper.get_arg('query')

    jsonText = '{"format":"CSV", "encrypted":"none","queries":[{ "name": "'+object+'","query":"'+query+'" ,"type":"type"} ], "name":"Estrazione"}'


    r = requests.post("<myurl>", auth=('<email>','<psw>'), headers = {'<key>': '<email>', '<psw>':'<psw>','Content-Type':'application/json' }, json=json.loads(jsonText))
    r = requests.get("<myurl>"+ r.json()['id'], auth=('<email>','<psw>'))

    while (r.json()['status'] == 'pending'):
        time.sleep(1)
            r = requests.get("<myurl>"+ r.json()['id'], auth=('<email>','<psw>'))

        r = requests.get("<myurl>"+ r.json().get('batches')[0]['fileId'], auth=('<email>','<psw>'))


    raw_data= r.json()
    rules = json.loads(raw_data)

    for row in rules:
        data = json.dumps(row)
        event = helper.new_event(source=helper.get_input_type(), index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=data)
        ew.write_event(event)

I want to make as a dynamic way to recover date if i want to query another object.

The Add-On Builder give me the following error:

Traceback (most recent call last):

File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\ta_splunk_add_on_myaddon\modinput_wrapper\base_modinput.py",
line 127, in stream_events
self.collect_events(ew) File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\myobject_objecttest_1504709657_662.py",
line 68, in collect_events
input_module.collect_events(self, ew) File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\input_module_myobject_objecttest_1504709657_662.py",
line 33, in collect_events
raw_data= r.json() File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\ta_splunk_add_on_myaddon\requests\models.py", line 850, in json
return complexjson.loads(self.text, **kwargs)
File "C:\Program
Files\Splunk\Python-2.7\Lib\json_init_.py",
line 339, in loads
return _default_decoder.decode(s) File "C:\Program
Files\Splunk\Python-2.7\Lib\json\decoder.py",
line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "C:\Program
Files\Splunk\Python-2.7\Lib\json\decoder.py",
line 382, in raw_decode
raise ValueError("No JSON object could be decoded") ValueError: No JSON
object could be decoded

ERRORNo JSON object could be decoded

I execute it in a Python IDLE and it works.

Can u pls help me?

0 Karma
Reply

asieira
Path Finder
‎09-07-2017 08:37 AM

You just need to define jsonText like this:

jsonText = {'format': 'CSV', 'encrypted': 'none', 'queries': [{ 'name': object, 'query': query , 'type': 'type'}], 'name': 'Estrazione'}

So that when later you call json.dumps(jsonText) this will do the right thing.

0 Karma
Reply

chli_splunk
Splunk Employee
Splunk Employee
‎09-06-2017 04:35 PM

Seems like you converted string to JSON object twice.

raw_data= r.json()

after this, raw_data is a JSON object already. Dont need to call json.loads() anymore.

rules = json.loads(raw_data) # remove this line

Reply
Get Updates on the Splunk Community!

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...
Top