How to display search results in JSON format using...

rupeshhiremath · ‎05-13-2016

Hi,

I am using Python SDK to perform search and get results.

With below code I am able to see records in OrderedDict

kwargs_export = {"search_mode": "normal"}
searchquery_export = "search index=auto"
exportsearch_results = self.splunk_instance.jobs.export(searchquery_export, **kwargs_export)
# Get the results and display them using the ResultsReader
reader = results.ResultsReader(exportsearch_results)
for result in reader:
     if isinstance(result, dict):
          print "Result: %s" % result
     elif isinstance(result, results.Message):
          # Diagnostic messages may be returned in the results
          print "Message: %s" % result

But when I am saying "output_mode":"json" in
kwargs_export = {"search_mode": "normal", "output_mode":"json"}, I am seeing nothing in results.

What could be the reason?

Thanks

Yasaswy · ‎05-13-2016

Hi,
Python SDK for Splunk does not have a JSON parser. You will need to write your own. If you would just like to see the results then skip the ResultsReader. You can try something like:

kwargs_export = {"search_mode": "normal", "output_mode":"json"}
searchquery_export = "search index=auto"
exportsearch_results = self.splunk_instance.jobs.export(searchquery_export, **kwargs_export)
print exportsearch_results.read()

How to display search results in JSON format using the Splunk SDK for Python

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation

How to display search results in JSON format using the Splunk SDK for Python

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+