Splunk Cloud Platform

python code not working after declaring python3

premranjithj
Builder

external script was working in python2x version but after forcing to use pythion3, its return with error code 1. python script.

 

import sys,splunk.Intersplunk
import xml.sax
import xml.sax.saxutils as saxutils
from xml.sax.handler import ContentHandler
from xml.sax.handler import EntityResolver
from xml.sax.xmlreader import InputSource
import StringIO

class NullInputSource(InputSource):
    def getByteStream(self):
        return StringIO.StringIO("entity files not supported.")

class NullEntityResolver(EntityResolver):
    def resolveEntity(self,publicId,systemId):
        return NullInputSource()

class XmlHandler(ContentHandler):
    def __init__(self):
        self.indent = 0

    def reset(self , r):
        self.current_output = ''
        self.indent = 0
        self.open_tag = ''

    def getOutput(self):
        return self.current_output

    def startElement(self, name, attrs):
        self.open_tag = name
        self.current_output += '\n' + '  ' * self.indent
        self.indent += 1
        self.current_output += '<' + name

        if attrs.getLength() > 0:
            for k in attrs.getNames():
                self.current_output += ' ' + k + '=' + saxutils.quoteattr(attrs.getValue(k))
        self.current_output += '>'

    def characters(self, content):
        if len(content.strip()) > 0:
#            self.current_output += '  ' * self.indent
            self.current_output += saxutils.escape( content ) #+ '\n'

    def endElement(self, name):
        self.indent -= 1
        if self.open_tag != name:
            self.current_output += '\n' + '  ' * self.indent
        self.current_output += '</' + name + '>'

try:
    results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

    handler = XmlHandler()

    for r in results:
        try:
            if 'xml' in r:
                xml_text = r['xml']
                dest_field = 'xml'
            else:
                raw = r["_raw"]
                dest_field = '_raw'

                xml_text = raw[ raw.index( '<' ) : raw.rindex( '>' )+1 ]

            handler.reset(xml_text)
            parser = xml.sax.make_parser()
            parser.setContentHandler(handler)
            parser.setEntityResolver(NullEntityResolver())
            parser.parse(StringIO.StringIO(xml_text))

            r[dest_field] = handler.getOutput()

            if 'xml' in r:
                xml_text = r['xml']
            else:
                raw = r["_raw"]

        except:
            import traceback
            stack =  traceback.format_exc()
            r['_raw'] = "Failed to parse: " + str(stack) + "\n" + r['_raw']

except:
    import traceback
    stack =  traceback.format_exc()
    results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))

splunk.Intersplunk.outputResults( results )

 

@kamlesh_vaghela

 

[xmlformat]
filename = xmlformat.py
retainsevents = true
overrides_timeorder = false
run_in_preview = false
streaming = true
python.version = python3

 

 

Labels (1)
0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

@premranjithj 

Your provided script is not compatible with python3. You can validate by executing below command. It will execute script and gives you appropriate error. 

/opt/splunk/bin/splunk cmd python3 /opt/splunk/etc/apps/MyApp/bin/myscript.py

 

I did the same for you. Can you please try below script?

 

import sys,splunk.Intersplunk
import xml.sax
import xml.sax.saxutils as saxutils
from xml.sax.handler import ContentHandler
from xml.sax.handler import EntityResolver
from xml.sax.xmlreader import InputSource
try:
    from StringIO import StringIO ## for Python 2
except ImportError:
    from io import StringIO ## for Python 3

class NullInputSource(InputSource):
    def getByteStream(self):
        return StringIO("entity files not supported.")

class NullEntityResolver(EntityResolver):
    def resolveEntity(self,publicId,systemId):
        return NullInputSource()

class XmlHandler(ContentHandler):
    def __init__(self):
        self.indent = 0

    def reset(self , r):
        self.current_output = ''
        self.indent = 0
        self.open_tag = ''

    def getOutput(self):
        return self.current_output

    def startElement(self, name, attrs):
        self.open_tag = name
        self.current_output += '\n' + '  ' * self.indent
        self.indent += 1
        self.current_output += '<' + name

        if attrs.getLength() > 0:
            for k in attrs.getNames():
                self.current_output += ' ' + k + '=' + saxutils.quoteattr(attrs.getValue(k))
        self.current_output += '>'

    def characters(self, content):
        if len(content.strip()) > 0:
#            self.current_output += '  ' * self.indent
            self.current_output += saxutils.escape( content ) #+ '\n'

    def endElement(self, name):
        self.indent -= 1
        if self.open_tag != name:
            self.current_output += '\n' + '  ' * self.indent
        self.current_output += '</' + name + '>'

try:
    results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

    handler = XmlHandler()

    for r in results:
        try:
            if 'xml' in r:
                xml_text = r['xml']
                dest_field = 'xml'
            else:
                raw = r["_raw"]
                dest_field = '_raw'

                xml_text = raw[ raw.index( '<' ) : raw.rindex( '>' )+1 ]

            handler.reset(xml_text)
            parser = xml.sax.make_parser()
            parser.setContentHandler(handler)
            parser.setEntityResolver(NullEntityResolver())
            parser.parse(StringIO(xml_text))

            r[dest_field] = handler.getOutput()

            if 'xml' in r:
                xml_text = r['xml']
            else:
                raw = r["_raw"]

        except:
            import traceback
            stack =  traceback.format_exc()
            r['_raw'] = "Failed to parse: " + str(stack) + "\n" + r['_raw']

except:
    import traceback
    stack =  traceback.format_exc()
    results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))

splunk.Intersplunk.outputResults( results )

 

Happy Splunking

KV

View solution in original post

kamlesh_vaghela
SplunkTrust
SplunkTrust

@premranjithj 

Your provided script is not compatible with python3. You can validate by executing below command. It will execute script and gives you appropriate error. 

/opt/splunk/bin/splunk cmd python3 /opt/splunk/etc/apps/MyApp/bin/myscript.py

 

I did the same for you. Can you please try below script?

 

import sys,splunk.Intersplunk
import xml.sax
import xml.sax.saxutils as saxutils
from xml.sax.handler import ContentHandler
from xml.sax.handler import EntityResolver
from xml.sax.xmlreader import InputSource
try:
    from StringIO import StringIO ## for Python 2
except ImportError:
    from io import StringIO ## for Python 3

class NullInputSource(InputSource):
    def getByteStream(self):
        return StringIO("entity files not supported.")

class NullEntityResolver(EntityResolver):
    def resolveEntity(self,publicId,systemId):
        return NullInputSource()

class XmlHandler(ContentHandler):
    def __init__(self):
        self.indent = 0

    def reset(self , r):
        self.current_output = ''
        self.indent = 0
        self.open_tag = ''

    def getOutput(self):
        return self.current_output

    def startElement(self, name, attrs):
        self.open_tag = name
        self.current_output += '\n' + '  ' * self.indent
        self.indent += 1
        self.current_output += '<' + name

        if attrs.getLength() > 0:
            for k in attrs.getNames():
                self.current_output += ' ' + k + '=' + saxutils.quoteattr(attrs.getValue(k))
        self.current_output += '>'

    def characters(self, content):
        if len(content.strip()) > 0:
#            self.current_output += '  ' * self.indent
            self.current_output += saxutils.escape( content ) #+ '\n'

    def endElement(self, name):
        self.indent -= 1
        if self.open_tag != name:
            self.current_output += '\n' + '  ' * self.indent
        self.current_output += '</' + name + '>'

try:
    results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()

    handler = XmlHandler()

    for r in results:
        try:
            if 'xml' in r:
                xml_text = r['xml']
                dest_field = 'xml'
            else:
                raw = r["_raw"]
                dest_field = '_raw'

                xml_text = raw[ raw.index( '<' ) : raw.rindex( '>' )+1 ]

            handler.reset(xml_text)
            parser = xml.sax.make_parser()
            parser.setContentHandler(handler)
            parser.setEntityResolver(NullEntityResolver())
            parser.parse(StringIO(xml_text))

            r[dest_field] = handler.getOutput()

            if 'xml' in r:
                xml_text = r['xml']
            else:
                raw = r["_raw"]

        except:
            import traceback
            stack =  traceback.format_exc()
            r['_raw'] = "Failed to parse: " + str(stack) + "\n" + r['_raw']

except:
    import traceback
    stack =  traceback.format_exc()
    results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))

splunk.Intersplunk.outputResults( results )

 

Happy Splunking

KV

View solution in original post

premranjithj
Builder

@kamlesh_vaghela thanks for the help and teaching for debugging the code . awesome

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@premranjithj  let me check it. BTW Which Splunk version you are using? Splunk 8.0.5 or higher?

0 Karma

premranjithj
Builder

@kamlesh_vaghela  splunk cloud version is 

Version:8.0.2007.1

Tags (1)
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!