Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to retrieve the full raw object of app action?

CS_
Path Finder
‎01-26-2023 06:07 AM

Hey,

Is there a way to retrieve the raw object of an app action in phantom.collect?

So I have an app, which returns the following values:

data, message, status, parameter

And normally that works fine - I can call each of these in turn like this;

 

 

data_result = phantom.collect(container=container, datapath=["my_app_action:action_result.data"])
message_result = phantom.collect(container=container, datapath=["my_app_action:action_result.message"])

 

 

etc.

 

but how do I retrieve the full object? e.g. something like this:

 

 

all_result = phantom.collect(container=container, datapath=["my_app_action:action_result.*"])
all_result = phantom.collect(container=container, datapath=["my_app_action:*"])

 

 


Hope that makes sense.

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

CS_
Path Finder
‎01-26-2023 06:25 AM

After a bit more playing around and reading the documentation, i think I've found a way. You just call multiple datapaths at once:

 

paths = ['my_app_action:action_result.data',
'my_app_action:action_result.parameter',
'my_app_action:action_result.summary']

data_result = phantom.collect(container=container, datapath=paths)

 

This returns the values in the 3 datapaths all part of the same list item.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

CS_
Path Finder
‎01-26-2023 06:25 AM

After a bit more playing around and reading the documentation, i think I've found a way. You just call multiple datapaths at once:

 

paths = ['my_app_action:action_result.data',
'my_app_action:action_result.parameter',
'my_app_action:action_result.summary']

data_result = phantom.collect(container=container, datapath=paths)

 

This returns the values in the 3 datapaths all part of the same list item.

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...