All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Add-On Builder + REST API Modular Input -- Custom code error

marziaolla
Path Finder
‎09-06-2017 08:13 AM

Hi,
i'm trying to make a REST API Modular input for an external service using Splunk Add-On Builder to collect data from the external app.

I'm using this Python code:

#encoding = utf-8

import os
import sys
import time
import datetime
import json
import requests

def validate_input(helper, definition):
    object = definition.parameters.get('object', None)
    query = definition.parameters.get('query', None)
    pass


def collect_events(helper, ew):
    opt_object = helper.get_arg('object')
    opt_query = helper.get_arg('query')

    jsonText = '{"format":"CSV", "encrypted":"none","queries":[{ "name": "'+object+'","query":"'+query+'" ,"type":"type"} ], "name":"Estrazione"}'


    r = requests.post("<myurl>", auth=('<email>','<psw>'), headers = {'<key>': '<email>', '<psw>':'<psw>','Content-Type':'application/json' }, json=json.loads(jsonText))
    r = requests.get("<myurl>"+ r.json()['id'], auth=('<email>','<psw>'))

    while (r.json()['status'] == 'pending'):
        time.sleep(1)
            r = requests.get("<myurl>"+ r.json()['id'], auth=('<email>','<psw>'))

        r = requests.get("<myurl>"+ r.json().get('batches')[0]['fileId'], auth=('<email>','<psw>'))


    raw_data= r.json()
    rules = json.loads(raw_data)

    for row in rules:
        data = json.dumps(row)
        event = helper.new_event(source=helper.get_input_type(), index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=data)
        ew.write_event(event)

I want to make as a dynamic way to recover date if i want to query another object.

The Add-On Builder give me the following error:

Traceback (most recent call last):

File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\ta_splunk_add_on_myaddon\modinput_wrapper\base_modinput.py",
line 127, in stream_events
self.collect_events(ew) File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\myobject_objecttest_1504709657_662.py",
line 68, in collect_events
input_module.collect_events(self, ew) File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\input_module_myobject_objecttest_1504709657_662.py",
line 33, in collect_events
raw_data= r.json() File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\ta_splunk_add_on_myaddon\requests\models.py", line 850, in json
return complexjson.loads(self.text, **kwargs)
File "C:\Program
Files\Splunk\Python-2.7\Lib\json_init_.py",
line 339, in loads
return _default_decoder.decode(s) File "C:\Program
Files\Splunk\Python-2.7\Lib\json\decoder.py",
line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "C:\Program
Files\Splunk\Python-2.7\Lib\json\decoder.py",
line 382, in raw_decode
raise ValueError("No JSON object could be decoded") ValueError: No JSON
object could be decoded

ERRORNo JSON object could be decoded

I execute it in a Python IDLE and it works.

Can u pls help me?

0 Karma
Reply

asieira
Path Finder
‎09-07-2017 08:37 AM

You just need to define jsonText like this:

jsonText = {'format': 'CSV', 'encrypted': 'none', 'queries': [{ 'name': object, 'query': query , 'type': 'type'}], 'name': 'Estrazione'}

So that when later you call json.dumps(jsonText) this will do the right thing.

0 Karma
Reply

chli_splunk
Splunk Employee
Splunk Employee
‎09-06-2017 04:35 PM

Seems like you converted string to JSON object twice.

raw_data= r.json()

after this, raw_data is a JSON object already. Dont need to call json.loads() anymore.

rules = json.loads(raw_data) # remove this line

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...