How do I handle multivalues by splunk custom searc...

Splunk Enterprise

https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-sort-or-reorder-a-multivalue-field/m...

I want to make this with SCPversion2, but it doesn't work.

my code:

#!/usr/bin/env python

import sys
from splunklib.searchcommands import dispatch, StreamingCommand, Configuration, Option, validators


@Configuration()
class mvsortCommand(StreamingCommand):
    """ sort multivalue
    """


    def stream(self, records):
        self.logger.debug('mvsortCommand: %s', self)  # logs command line

        for record in records:
            if isinstance(record[self.fieldnames[0]],(str)):
                pass

            else:
                record[self.fieldnames[0]]=sorted(record[self.fieldnames[0]])
            yield record

dispatch(mvsortCommand, sys.argv, sys.stdin, sys.stdout, __name__)

I think I'm not handling generators and lists correctly, but I'm not sure.
Is there a good example?

Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

How do I handle multivalues by splunk custom search command under Search Command Protocol version 2.

development

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation