All Apps and Add-ons

Splunk Add-On Builder + REST API Modular Input -- Custom code error

marziaolla
Path Finder

Hi,
i'm trying to make a REST API Modular input for an external service using Splunk Add-On Builder to collect data from the external app.

I'm using this Python code:

#encoding = utf-8

import os
import sys
import time
import datetime
import json
import requests

def validate_input(helper, definition):
    object = definition.parameters.get('object', None)
    query = definition.parameters.get('query', None)
    pass


def collect_events(helper, ew):
    opt_object = helper.get_arg('object')
    opt_query = helper.get_arg('query')

    jsonText = '{"format":"CSV", "encrypted":"none","queries":[{ "name": "'+object+'","query":"'+query+'" ,"type":"type"} ], "name":"Estrazione"}'


    r = requests.post("<myurl>", auth=('<email>','<psw>'), headers = {'<key>': '<email>', '<psw>':'<psw>','Content-Type':'application/json' }, json=json.loads(jsonText))
    r = requests.get("<myurl>"+ r.json()['id'], auth=('<email>','<psw>'))

    while (r.json()['status'] == 'pending'):
        time.sleep(1)
            r = requests.get("<myurl>"+ r.json()['id'], auth=('<email>','<psw>'))

        r = requests.get("<myurl>"+ r.json().get('batches')[0]['fileId'], auth=('<email>','<psw>'))


    raw_data= r.json()
    rules = json.loads(raw_data)

    for row in rules:
        data = json.dumps(row)
        event = helper.new_event(source=helper.get_input_type(), index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=data)
        ew.write_event(event)

I want to make as a dynamic way to recover date if i want to query another object.

The Add-On Builder give me the following error:

Traceback (most recent call last):

File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\ta_splunk_add_on_myaddon\modinput_wrapper\base_modinput.py",
line 127, in stream_events
self.collect_events(ew) File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\myobject_objecttest_1504709657_662.py",
line 68, in collect_events
input_module.collect_events(self, ew) File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\input_module_myobject_objecttest_1504709657_662.py",
line 33, in collect_events
raw_data= r.json() File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\ta_splunk_add_on_myaddon\requests\models.py", line 850, in json
return complexjson.loads(self.text, **kwargs)
File "C:\Program
Files\Splunk\Python-2.7\Lib\json_init_.py",
line 339, in loads
return _default_decoder.decode(s) File "C:\Program
Files\Splunk\Python-2.7\Lib\json\decoder.py",
line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "C:\Program
Files\Splunk\Python-2.7\Lib\json\decoder.py",
line 382, in raw_decode
raise ValueError("No JSON object could be decoded") ValueError: No JSON
object could be decoded

ERRORNo JSON object could be decoded

I execute it in a Python IDLE and it works.

Can u pls help me?

0 Karma

asieira
Path Finder

You just need to define jsonText like this:

jsonText = {'format': 'CSV', 'encrypted': 'none', 'queries': [{ 'name': object, 'query': query , 'type': 'type'}], 'name': 'Estrazione'}

So that when later you call json.dumps(jsonText) this will do the right thing.

0 Karma

chli_splunk
Splunk Employee
Splunk Employee

Seems like you converted string to JSON object twice.

raw_data= r.json()

after this, raw_data is a JSON object already. Dont need to call json.loads() anymore.

rules = json.loads(raw_data) # remove this line

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!