Join the Conversation
- Find Answers
- :
- Splunk Products
- :
- Splunk SOAR
- :
- How to create dynamic custom functions?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hoping someone can help me get past the last hurdle.
I'm trying to create a custom function that dynamically calls other custom functions.
I've got the part of generating the list of desired functions.
I understand how to make sure the datapath into the dynamically selected custom function.
I want to pass the results out to a filter object, but it seems to be coming out only as a single variable. not an array.
What am I missing?
def rule_check(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('rule_check() called')
custom_function_results_data_1 = phantom.collect2(container=container, datapath=['build:custom_function_result.data.data_packets.*.packet'], action_results=results)
custom_function_results_data_2 = phantom.collect2(container=container, datapath=['get_funcs:custom_function_result.data.found_functions.*.function_path'], action_results=results)
custom_function_results_item_1_0 = [item[0] for item in custom_function_results_data_1]
custom_function_results_item_2_0 = [item[0] for item in custom_function_results_data_2]
rule_check__data = None
################################################################################
## Custom Code Start
################################################################################
# Write your custom code here...
parameters = []
for item0 in custom_function_results_data_1:
parameters.append({
'data_w_fields': item0[0],
})
for func in custom_function_results_item_2_0:
a = phantom.custom_function(custom_function=func, parameters=parameters, name='rule_check')
################################################################################
## Custom Code End
################################################################################
phantom.save_run_data(key='rule_check:data', value=json.dumps(rule_check__data))
filter_1(container=container)
return
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'll post a reply to myself, in case someone else wonders the same thing.
In this particular case, you've got literally just run a for loop of all the custom functions, w/ the callback baked in. Then add in the return. This forces it to ignore the custom code end. (Making it abit of a dead path)
Not ideal programmatically, but it works.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'll post a reply to myself, in case someone else wonders the same thing.
In this particular case, you've got literally just run a for loop of all the custom functions, w/ the callback baked in. Then add in the return. This forces it to ignore the custom code end. (Making it abit of a dead path)
Not ideal programmatically, but it works.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
May 2026 Splunk Expert Sessions: Security & Observability
Network to App: Observability Unlocked [May & June Series]
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
