All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Add-On Builder + REST API Modular Input -- Custom code error

marziaolla
Path Finder
‎09-06-2017 08:13 AM

Hi,
i'm trying to make a REST API Modular input for an external service using Splunk Add-On Builder to collect data from the external app.

I'm using this Python code:

#encoding = utf-8

import os
import sys
import time
import datetime
import json
import requests

def validate_input(helper, definition):
    object = definition.parameters.get('object', None)
    query = definition.parameters.get('query', None)
    pass


def collect_events(helper, ew):
    opt_object = helper.get_arg('object')
    opt_query = helper.get_arg('query')

    jsonText = '{"format":"CSV", "encrypted":"none","queries":[{ "name": "'+object+'","query":"'+query+'" ,"type":"type"} ], "name":"Estrazione"}'


    r = requests.post("<myurl>", auth=('<email>','<psw>'), headers = {'<key>': '<email>', '<psw>':'<psw>','Content-Type':'application/json' }, json=json.loads(jsonText))
    r = requests.get("<myurl>"+ r.json()['id'], auth=('<email>','<psw>'))

    while (r.json()['status'] == 'pending'):
        time.sleep(1)
            r = requests.get("<myurl>"+ r.json()['id'], auth=('<email>','<psw>'))

        r = requests.get("<myurl>"+ r.json().get('batches')[0]['fileId'], auth=('<email>','<psw>'))


    raw_data= r.json()
    rules = json.loads(raw_data)

    for row in rules:
        data = json.dumps(row)
        event = helper.new_event(source=helper.get_input_type(), index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=data)
        ew.write_event(event)

I want to make as a dynamic way to recover date if i want to query another object.

The Add-On Builder give me the following error:

Traceback (most recent call last):

File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\ta_splunk_add_on_myaddon\modinput_wrapper\base_modinput.py",
line 127, in stream_events
self.collect_events(ew) File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\myobject_objecttest_1504709657_662.py",
line 68, in collect_events
input_module.collect_events(self, ew) File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\input_module_myobject_objecttest_1504709657_662.py",
line 33, in collect_events
raw_data= r.json() File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\ta_splunk_add_on_myaddon\requests\models.py", line 850, in json
return complexjson.loads(self.text, **kwargs)
File "C:\Program
Files\Splunk\Python-2.7\Lib\json_init_.py",
line 339, in loads
return _default_decoder.decode(s) File "C:\Program
Files\Splunk\Python-2.7\Lib\json\decoder.py",
line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "C:\Program
Files\Splunk\Python-2.7\Lib\json\decoder.py",
line 382, in raw_decode
raise ValueError("No JSON object could be decoded") ValueError: No JSON
object could be decoded

ERRORNo JSON object could be decoded

I execute it in a Python IDLE and it works.

Can u pls help me?

0 Karma
Reply

asieira
Path Finder
‎09-07-2017 08:37 AM

You just need to define jsonText like this:

jsonText = {'format': 'CSV', 'encrypted': 'none', 'queries': [{ 'name': object, 'query': query , 'type': 'type'}], 'name': 'Estrazione'}

So that when later you call json.dumps(jsonText) this will do the right thing.

0 Karma
Reply

chli_splunk
Splunk Employee
Splunk Employee
‎09-06-2017 04:35 PM

Seems like you converted string to JSON object twice.

raw_data= r.json()

after this, raw_data is a JSON object already. Dont need to call json.loads() anymore.

rules = json.loads(raw_data) # remove this line

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...