have no idea what is going on here. I can make the same api call that the script is and receive the json back in the same order every time. Splunk for some reason has the response payload elements in random orders.
Anyone have any ideas?
Here are some examples of the first part of the raw payload as displayed in Splunk form the same input (running every 3 minutes)
{"more": true, "incidents": [{"last_status_change_by": {"summary":
{"total": null, "more": true, "limit": 2, "incidents": [{"incident_key":
{"offset": 0, "total": null, "incidents": [{"incident_number":
The preferred way I would like to see this is as below, which is also what is constantly output from running the script directly
{"incidents":[{"incident_number":164831,"title":"
It was only an issue as I needed to break the json into individual elements, so setting a line_breaker or break before wouldn't work without knowing how the events are coming in, that said, the solution was easier than I though just pass a sort_keys argument
print(json.dumps(json_data, sort_keys=True))
It was only an issue as I needed to break the json into individual elements, so setting a line_breaker or break before wouldn't work without knowing how the events are coming in, that said, the solution was easier than I though just pass a sort_keys argument
print(json.dumps(json_data, sort_keys=True))
I should add, that although json is a random order payload, the script itself somehow always returned the same order when run via pycharm, etc. The reason I care is I need to set line_breakers to extract each incident into its own event.
Not something I've seen before. Theoretically JSON/py dict key order is irrelevant (although I think arrays are meant to be returned in element order) and there is nothing broken in returning the data out of order, but I agree it it nice when it comes back the same way every time.
That said other than the look of it, this shouldn't be causing an issue - is it breaking your search in some way?