I am trying to install the Rapid 7 TA. The document doesn't really give any good information. There are no searches, just inputs, so I am guessing it needs to go on a Heavy Forwarder and the Search Head? ... View more

I would like to pull the Splunk REST API jobs/$someSEARCH owner and use it as a variable in a python script here is what I ahve so fare def getAuthor(argvals, settings): try: namespace = settings.get("namespace", None) sessionKey = settings['sessionKey'] ent = entity.getEntity('jobs', '| script python git', namespace=namespace, owner='nobody', sessionKey=sessionKey) argvals ['author'] = ent['owner'] except Exception, e: logger.error("Could not get the owner of the job. Error: %s" %(str(e))) raise logger.basicConfig(format='%(asctime)s %(levelname)s %(message)s', filename=os.path.join(os.environ['SPLUNK_HOME'],'var','log','splunk','git.log'), filemode='a+', level=logger.INFO) keywords, argvals = splunk.Intersplunk.getKeywordsAndOptions() em_message_fromArg = getarg(argvals, "message", "Commiting a with no message, please ask the owner about the change") settings = splunk.Intersplunk.getOrganizedResults() getAuthor(argvals, settings) with open('/opt/splunk/etc/apps/incident_response/bin/test.txt', 'a') as file: file.write(author) What else could I do? ... View more