Hi,
I installed Python SDK in App.
I registered endpoint in the file restmap.conf .
I'd like to receive an answer in json format for the lookup file through search.
and I'd like to use this response data at another splunk app.
But, The following error message is returned...
'bad character (49) in reply size'
If I print a simple search without using a class SearchHandler(PersistentServerConnectionApplication), the result is good.
But, If I use endpoint, the following errors always occur.
Why is this error occurring?
this is my code.
[script:search-number]
match = /search-number
script = search_handler.py
scripttype = persist
handler = search_handler.SearchHandler
# import .env
from config import search_env
env = search_env()
HOST = env['HOST']
PORT = env['PORT']
USERNAME = env['USERNAME']
PASSWORD = env['PASSWORD']
import json
import time
from splunk.persistconn.application import PersistentServerConnectionApplication
import splunklib.client as client
import splunklib.results as results
from splunklib.results import JSONResultsReader
class SearchHandler(PersistentServerConnectionApplication):
def __init__(self, command_line, command_arg):
super(SearchHandler, self).__init__()
def handle(self, args):
try:
service = client.connect(
host=HOST,
port=PORT,
username=USERNAME,
password=PASSWORD,
)
search_query = '| inputlookup search-numbers.csv'
jobs = service.jobs
job = jobs.create(search_query)
while not job.is_done():
time.sleep(1)
reader = JSONResultsReader(job.results(output_mode='json'))
results_list = [item for item in reader if isinstance(item, dict)]
print(results_list)
return {
'payload': results_list,
'status': 200
}
except Exception as e:
return {
'payload': {'error': str(e)},
'status': 500
}
Is there an example code to search for csv files using 'endpoint'?
https://github.com/splunk/splunk-app-examples/tree/master/custom_endpoints/hello-world
this example is not using search.
I'm a front-end developer who doesn't know Python very well.....😭😭😭😭
I think your print statement is going to corrupt the response fed back and will prevent valid JSON/XML being rendered. Try removing this and see if that resolves the issue.
print(results_list)
Note - Persistent endpoints are...persistent...so if you edit the file you might need to kill the persistent process if its still running before you get a clean rendering of the output again.
If you're using linux then you can check with
ps -aux | grep persistent
🌟 Did this answer help you? If so, please consider:
Your feedback encourages the volunteers in this community to continue contributing