How do I handle multivalues by splunk custom searc...

Splunk Enterprise

https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-sort-or-reorder-a-multivalue-field/m...

I want to make this with SCPversion2, but it doesn't work.

my code:

#!/usr/bin/env python

import sys
from splunklib.searchcommands import dispatch, StreamingCommand, Configuration, Option, validators


@Configuration()
class mvsortCommand(StreamingCommand):
    """ sort multivalue
    """


    def stream(self, records):
        self.logger.debug('mvsortCommand: %s', self)  # logs command line

        for record in records:
            if isinstance(record[self.fieldnames[0]],(str)):
                pass

            else:
                record[self.fieldnames[0]]=sorted(record[self.fieldnames[0]])
            yield record

dispatch(mvsortCommand, sys.argv, sys.stdin, sys.stdout, __name__)

I think I'm not handling generators and lists correctly, but I'm not sure.
Is there a good example?

Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

How do I handle multivalues by splunk custom search command under Search Command Protocol version 2.

development

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?