Hi everyone, Im using Splunk APP https://splunkbase.splunk.com/app/1546/ I want to split a single JSON array event to multiple events by the word"addrRef". if you see my JSON array example and a...
See more...
Hi everyone, Im using Splunk APP https://splunkbase.splunk.com/app/1546/ I want to split a single JSON array event to multiple events by the word"addrRef". if you see my JSON array example and at the end I wrote Response handler which is not working but is not sending any error either when I look at my "_internal" logs. If anyone could tell me why my reponse handler is not working or what Im doing wrong? Best regards Json Array { [-] result: { [-] ipamRecords: [ [-] { [-] addrRef: IPAMRecords/248211 address: 10.1.1.20 claimed: false customProperties: { [+] } device: dhcpLeases: [ [+] ] dhcpReservations: [ [+] ] discoveryType: ARP dnsHosts: [ [+] ] extraneousPTR: false interface: lastDiscoveryDate: Feb 3, 2022 08:11:04 lastKnownClientIdentifier: AB:BA:CA:FF:EA:66 lastSeenDate: Feb 3, 2022 07:55:17 ptrStatus: OK state: Assigned usage: 25140 } { [-] addrRef: IPAMRecords/357310 address: 10.2.2.21 claimed: false customProperties: { [+] } device: dhcpLeases: [ [+] ] dhcpReservations: [ [+] ] discoveryType: Ping dnsHosts: [ [+] ] extraneousPTR: false interface: lastDiscoveryDate: Feb 2, 2022 13:40:17 lastKnownClientIdentifier: BA:BB:AA:B5:28:AC lastSeenDate: Nov 3, 2017 17:07:34 ptrStatus: OK state: Assigned usage: 24596 } { [+] } { [+] } { [+] } { [+] } { [+] } ] totalResults: 7 } } MY RESPONSE HANDLER NOT WORKING, BUT NOT GIVING ANY ERROR ON "index=_interna host=Myhost": vi /opt/splun/etc/apps/rest_ta/bin/responsehandlers.py class MenAndMiceHandler: def __init__(self,**args): pass def __call__(self, response_object,raw_response_output,response_type,req_args,endpoint): if response_type == "json": output = json.loads(raw_response_output) for addrRef in output: print_xml_stream(json.dumps(addrRef)) else: print_xml_stream(raw_response_output)