Thanks ppeeters.
please help me on the following error in spunk sdk input search using the following code.how do we handle the below error.
print(error) is not showing anything now.sometimes i'm getting the following error.in a few minutes later if i'm again search,it is working fine.i want to pass the quota error in the code.
Case 1:
HTTPError: HTTP 503 Service Unavailable -- Search not executed: This search could not be dispatched because the role-based disk usage quota of search artifacts for user "test01" has been reached (usage=497MB, quota=100MB). Use the [[/app/search/]] to delete some of your search artifacts, or ask your Splunk administrator to increase the disk quota of search artifacts for your role in authorize.conf., usage=497MB, quota=100MB, user=test01, concurrency_category="historical", concurrency_context="user_instance-wide".
formatted code:
service = splunk_connect()
splunk_search_kwargs = {
"exec_mode": "blocking",
"earliest_time":args.earliest_time,
"latest_time":args.latest_time,
"enable_lookups": "true"
}
try:
if (result_count <= 100):
r = splunk_search_job.results({"count": 100, "output_mode": "json"})
obj = json.loads(r.read())
sample_results = json.dumps(obj['results'], indent=4)
print(f'{get_dt()} - displaying first 100 rows {sample_results}')
else:
r = splunk_search_job.results(**{"output_mode": "json"})
obj = json.loads(r.read())
fl_nm = f'{args.save_file}/{get_dt()}.json'
with open(fl_nm, 'w') as f:
.write(json.dumps(obj['results']))
except Exception as error:
print(error)
Case 2:
oneshot search options:
This one shot search options not working for "output_mode": "json".if i removed output mode,it is returned as OrderedDict
format as follows
output:
OrderedDict([('field1', '1.2.3.3'), ('field2', '8.7.1.0'), ('field3', 'sample text msg')])
OrderedDict([('field1', '1.2.3.3'), ('field2', '8.7.1.0'), ('field3', 'sample text msg.')])
OrderedDict([('field1', '1.2.3.3'), ('field2', '8.7.1.0'), ('field3', 'sample text msg')])
how do we print the output mode as json format.i want to write the json data into a file.it is not working properly.it would be helpful,if you give me some advise on this.
sample code snippet:
service = spunk_connect()
kwargs_oneshot = {"search_mode": "normal",
"count": 0,
"output_mode": "json",
"earliest_time":args.earliest_time.strip(),
"latest_time":args.latest_time.strip()
}
searchquery_oneshot= "search " + args.search_query
try:
oneshotsearch_results = service.jobs.oneshot(searchquery_oneshot, **kwargs_oneshot)
#Get the results and display them using the ResultsReader
reader = results.ResultsReader(oneshotsearch_results)
for item in reader:
print(item)
Thanks
... View more