Why is the Splunk Python SDK not returning formatt...

lpolo · ‎04-21-2016

Splunk Python SDK does not return formatted numbers in the JSON response.

Example:

|eval var1=tonumber(var2)|
table var1

Results:

[{"var1": "321"}]

I was expecting

[{"var1": 321}]

Any idea why?

Thanks,
Lp

gwobben · ‎04-22-2016

I'm not working at Splunk so I can't really answer the why. However, it looks like Splunk is unaware of the data type (which makes sense given that the data type is figured out on search time). I'm guessing this is the reason everything is quoted in the JSON response, to prevent invalid JSON.

It's not very hard to work around this in Python (although there might be a minor performance hit). Try something like this:

def parseDictValues(d):
    for key, value in d.iteritems():

        # Test for a float
        try:
            d[key] = float(value)
        except ValueError:
            pass
    return d

Then loop through the results you've received and call this function to convert all numeric values.

lpolo · ‎04-22-2016

Splunk should honor that data type in the json response if I specify the data type in the search query.

Thanks,
Lp

Why is the Splunk Python SDK not returning formatted numbers in the JSON response?

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation

Why is the Splunk Python SDK not returning formatted numbers in the JSON response?

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+