How to display search results in JSON format using...

rupeshhiremath · ‎05-13-2016

Hi,

I am using Python SDK to perform search and get results.

With below code I am able to see records in OrderedDict

kwargs_export = {"search_mode": "normal"}
searchquery_export = "search index=auto"
exportsearch_results = self.splunk_instance.jobs.export(searchquery_export, **kwargs_export)
# Get the results and display them using the ResultsReader
reader = results.ResultsReader(exportsearch_results)
for result in reader:
     if isinstance(result, dict):
          print "Result: %s" % result
     elif isinstance(result, results.Message):
          # Diagnostic messages may be returned in the results
          print "Message: %s" % result

But when I am saying "output_mode":"json" in
kwargs_export = {"search_mode": "normal", "output_mode":"json"}, I am seeing nothing in results.

What could be the reason?

Thanks

Yasaswy · ‎05-13-2016

Hi,
Python SDK for Splunk does not have a JSON parser. You will need to write your own. If you would just like to see the results then skip the ResultsReader. You can try something like:

kwargs_export = {"search_mode": "normal", "output_mode":"json"}
searchquery_export = "search index=auto"
exportsearch_results = self.splunk_instance.jobs.export(searchquery_export, **kwargs_export)
print exportsearch_results.read()

How to display search results in JSON format using the Splunk SDK for Python

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation