how to get event string from ResultsReader (python...

rgrimsha · ‎02-10-2013

I am following the documentation example except I am searching for syslog data. i.e. DHCPRELEASE
and the results I get from ResultsReader include the time, server etc - everything except the data string i.e. the MacAddress that released. How can I get the syslog string data for the event? Thank you.

dart · ‎02-11-2013

The _raw field is the event text.

bradp123 · ‎08-24-2013

@rgrimsha, I am also getting a truncated _raw field in my results. Did you figure out how to get the full line of text back with the python SDK? It seems the text is truncated after the word in my search query.

rgrimsha · ‎02-12-2013

Looking a little deeper, the data is correctly being returned in the query. it is being truncated by the results.ResultsReader function used in the example. The returned data looks a little like this (sanitized) Feb 12 13:50:13 hostname dhcpd: DHCPRELEASE of 123.456.789.321 from 22:33:44:55:66:77 via eth0 (found)
but the ResultsReader stops before the <sg for the _raw field.

rgrimsha · ‎02-12-2013

Thank you, I do see the _raw fieldname and some data... but it is truncated to only show the timestamp server and application portion.

how to get event string from ResultsReader (python)

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

how to get event string from ResultsReader (python)

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...