- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How to build JSON object with python script?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to build JSON object with python script?
I am making a custom module and cannot, for the life of me, figure out how the python script is working. I am using the Example 6 script as a guide and my main trouble is with this piece:
dataset = getattr(job, entity_name)[offset: offset+count]
outputJSON = {}
for i, result in enumerate(dataset):
tdict = {}
tdict[str(result.get('processor', None))] = str(result.get('value', None))
name = str(result.get('name', None))
if name not in outputJSON:
outputJSON[name] = dict()
outputJSON[name].update(tdict)
I can see what it is doing, but my results are much different than a simple table. I need a way of pulling out the first value in a table cell, then the second, etc. This script outputs a JSON array of
{name:foo, {processor1 : value}, {processor2:value}, {etc}} .
I need a JSON array of something more complex, like:
{
"name": "flare",
"children": [
{
"name": "analytics",
"children": [
{
"name": "cluster",
"children": [
{"name": "AgglomerativeCluster", "value": 3938},
{"name": "CommunityStructure", "value": 3812},
{"name": "HierarchicalCluster", "value": 6714},
{"name": "MergeEdge", "value": 743}
]
},
{
"name": "graph",
"children": [
{"name": "BetweennessCentrality", "value": 3534},
{"name": "LinkDistance", "value": 5731},
{"name": "MaxFlowMinCut", "value": 7840},
{"name": "ShortestPaths", "value": 5914},
{"name": "SpanningTree", "value": 3416}
]
},
{
"name": "optimization",
"children": [
{"name": "AspectRatioBanker", "value": 7074}
]
}
]
},
{
"name": "animate",
"children": [
{"name": "Easing", "value": 17010},
{"name": "FunctionSequence", "value": 5842},
{
"name": "interpolate",
"children": [
{"name": "ArrayInterpolator", "value": 1983},
{"name": "ColorInterpolator", "value": 2047},
{"name": "DateInterpolator", "value": 1375},
{"name": "Interpolator", "value": 8746},
{"name": "MatrixInterpolator", "value": 2202},
{"name": "NumberInterpolator", "value": 1382},
{"name": "ObjectInterpolator", "value": 1629},
{"name": "PointInterpolator", "value": 1675},
{"name": "RectangleInterpolator", "value": 2042}
]
In other words, I need to build a JSON object that is much more complex than a 1:1 mapping, like in this example. Does anyone have any ideas on how to complete this? I still haven't been able to figure out if things like tdict[str(result.get( is just a python thing, or a splunk thing.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure if I understood your question corrently, but (having already made a long reply, getting deleted by "You cannot include external links with this low karma" <insert cursing>, I'll make it short)
All the function and methods used in your code snippet are from Python's built-in functions and types' methods. None of them are from Splunk's Python SDK.
For reference, see:
https://docs.python.org/2/library/functions.html (getattr(), enumerate(), str())
https://docs.python.org/2/library/stdtypes.html#dict.get
As for how to form a more complex JSON object; you do exactly similar dictionary & list processing.
JSON.dumps() converts python dictionaries { } to JSON objects, and python lists [ ] to JSON arrays.
See https://docs.python.org/2/library/json.html#encoders-and-decoders for full details on how default JSON encoder/decoder works.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
