Hello, I'm creating a custom command on splunk (as you can see bellow), my problem is that from one row I want to create two.
Is it possible?
Just to keep you in the context, what i'm trying to change this single line:
main_app first_relation second_relation
into two:
main_app first_relation
main_app second_relation
import sys
import re
from splunklib.searchcommands import dispatch, StreamingCommand, Configuration
@Configuration(local=True)
class ExtractDicom(StreamingCommand):
def stream(self, records):
for record in records:
record['from'] = None
record['to'] = None
if record['main_app'] is not None or record['main_app']!='':
record['from'] = record['main_app']
record['to'] = record['first_relation']
record['from'] = record['main_app']
record['to'] = record['second_relation']
record['meh'] = {'data2', 'data3'}
yield record
if __name__ == "__main__":
dispatch(ExtractDicom, sys.argv, sys.stdin, sys.stdout, __name__)
Any kind of help I would appreciate 🙂
