All Apps and Add-ons
Highlighted

Splunk Add-On Builder + REST API Modular Input -- Custom code error

Explorer

Hi,
i'm trying to make a REST API Modular input for an external service using Splunk Add-On Builder to collect data from the external app.

I'm using this Python code:

#encoding = utf-8

import os
import sys
import time
import datetime
import json
import requests

def validate_input(helper, definition):
    object = definition.parameters.get('object', None)
    query = definition.parameters.get('query', None)
    pass


def collect_events(helper, ew):
    opt_object = helper.get_arg('object')
    opt_query = helper.get_arg('query')

    jsonText = '{"format":"CSV", "encrypted":"none","queries":[{ "name": "'+object+'","query":"'+query+'" ,"type":"type"} ], "name":"Estrazione"}'


    r = requests.post("<myurl>", auth=('<email>','<psw>'), headers = {'<key>': '<email>', '<psw>':'<psw>','Content-Type':'application/json' }, json=json.loads(jsonText))
    r = requests.get("<myurl>"+ r.json()['id'], auth=('<email>','<psw>'))

    while (r.json()['status'] == 'pending'):
        time.sleep(1)
            r = requests.get("<myurl>"+ r.json()['id'], auth=('<email>','<psw>'))

        r = requests.get("<myurl>"+ r.json().get('batches')[0]['fileId'], auth=('<email>','<psw>'))


    raw_data= r.json()
    rules = json.loads(raw_data)

    for row in rules:
        data = json.dumps(row)
        event = helper.new_event(source=helper.get_input_type(), index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=data)
        ew.write_event(event)

I want to make as a dynamic way to recover date if i want to query another object.

The Add-On Builder give me the following error:

Traceback (most recent call last):

File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\tasplunkaddonmyaddon\modinputwrapper\basemodinput.py",
line 127, in streamevents
self.collect
events(ew) File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\myobjectobjecttest1504709657662.py",
line 68, in collect
events
inputmodule.collectevents(self, ew) File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\inputmodulemyobjectobjecttest1504709657662.py",
line 33, in collect
events
rawdata= r.json() File "C:\Program
Files\Splunk\etc\apps\TA-splunk-add-on-myaddon\bin\ta
splunkaddonmyaddon\requests\models.py", line 850, in json
return complexjson.loads(self.text, **kwargs)
File "C:\Program
Files\Splunk\Python-2.7\Lib\json_
init_.py",
line 339, in loads
return _default
decoder.decode(s) File "C:\Program
Files\Splunk\Python-2.7\Lib\json\decoder.py",
line 364, in decode
obj, end = self.rawdecode(s, idx=w(s, 0).end()) File "C:\Program
Files\Splunk\Python-2.7\Lib\json\decoder.py",
line 382, in raw_decode
raise ValueError("No JSON object could be decoded") ValueError: No JSON
object could be decoded

ERRORNo JSON object could be decoded

I execute it in a Python IDLE and it works.

Can u pls help me?

0 Karma
Highlighted

Re: Splunk Add-On Builder + REST API Modular Input -- Custom code error

Splunk Employee
Splunk Employee

Seems like you converted string to JSON object twice.

raw_data= r.json()

after this, raw_data is a JSON object already. Dont need to call json.loads() anymore.

rules = json.loads(raw_data) # remove this line

Highlighted

Re: Splunk Add-On Builder + REST API Modular Input -- Custom code error

Path Finder

You just need to define jsonText like this:

jsonText = {'format': 'CSV', 'encrypted': 'none', 'queries': [{ 'name': object, 'query': query , 'type': 'type'}], 'name': 'Estrazione'}

So that when later you call json.dumps(jsonText) this will do the right thing.

0 Karma