How to display search results in JSON format using...

rupeshhiremath · ‎05-13-2016

Hi,

I am using Python SDK to perform search and get results.

With below code I am able to see records in OrderedDict

kwargs_export = {"search_mode": "normal"}
searchquery_export = "search index=auto"
exportsearch_results = self.splunk_instance.jobs.export(searchquery_export, **kwargs_export)
# Get the results and display them using the ResultsReader
reader = results.ResultsReader(exportsearch_results)
for result in reader:
     if isinstance(result, dict):
          print "Result: %s" % result
     elif isinstance(result, results.Message):
          # Diagnostic messages may be returned in the results
          print "Message: %s" % result

But when I am saying "output_mode":"json" in
kwargs_export = {"search_mode": "normal", "output_mode":"json"}, I am seeing nothing in results.

What could be the reason?

Thanks

Yasaswy · ‎05-13-2016

Hi,
Python SDK for Splunk does not have a JSON parser. You will need to write your own. If you would just like to see the results then skip the ResultsReader. You can try something like:

kwargs_export = {"search_mode": "normal", "output_mode":"json"}
searchquery_export = "search index=auto"
exportsearch_results = self.splunk_instance.jobs.export(searchquery_export, **kwargs_export)
print exportsearch_results.read()

How to display search results in JSON format using the Splunk SDK for Python

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Join the Conversation