I am fairly new to splunking (if we are being honest), but thank you for your response. Below is some cleaned-up code of what I am trying to do. The issue is that I dont know the 'uuid' variable until I run some queries on other data sources. def collect_events(helper, ew):
opt_api_key=str(helper.get_global_setting('csw_api_key'))
opt_api_secret=str(helper.get_global_setting('csw_api_secret'))
API_ENDPOINT=str(helper.get_global_setting('csw_url'))
opt_uuid=str(helper.get_arg('uuid'))
#auth
restclient = RestClient(API_ENDPOINT, api_key=opt_api_key, api_secret=opt_api_secret, verify=False)
#GET
resp = restclient.get('/workload/'+ opt_uuid)
#Turn Resp into python list
r_status=resp.status_code
if r_status !=200:
resp.raise_for_status()
parsed_resp = resp.json()
event = helper.new_event(json.dumps(parsed_resp), time=None, host=None, index=None, source=None, sourcetype=None, done=True, unbroken=True)
ew.write_event(event)
... View more