Hey everyone,

I'm currently writing a custom search command for some reporting and I'm struggling with the result format that I get. Usually you get an array of json events that can be used for streaming commands, however what I need is an array of columns, where each element contains all values from a column of the resultset.

I know that in Splunk's internal libraries there is a function called "setFetchOptions()" which is also used by some visualizations to gather the results in a column array instead of row array, however I couldn't find an implementation of it directly.

from pdfgen_endpoint.py, line 698:
view.getSearchJobObj().setFetchOptions(output_mode="json_cols", time_format=pt.TIME_RAW_FORMAT)
results = view.getSearchJobResults()


I know that I can create this column array manually by iterating over the resultset like this:
data = list()
for key in results[0].keys():
column = list()
for r in results:
column.append(r[key])
data.append(column)

However I thought that maybe someone knows a more convenient, so to say: Splunk way of doing it.