当前位置: 首页>>代码示例>>Python>>正文

Python results.Message方法代码示例

本文整理汇总了Python中splunklib.results.Message方法的典型用法代码示例。如果您正苦于以下问题:Python results.Message方法的具体用法?Python results.Message怎么用?Python results.Message使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在splunklib.results的用法示例。


在下文中一共展示了results.Message方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: get_current_splunk_time

# 需要导入模块: from splunklib import results [as 别名]
# 或者: from splunklib.results import Message [as 别名]
def get_current_splunk_time(splunk_service):
    t = datetime.utcnow() - timedelta(days=3)
    time = t.strftime(SPLUNK_TIME_FORMAT)
    kwargs_oneshot = {'count': 1, 'earliest_time': time}
    searchquery_oneshot = '| gentimes start=-1 | eval clock = strftime(time(), "%Y-%m-%dT%H:%M:%S")' \
                          ' | sort 1 -_time | table clock'

    oneshotsearch_results = splunk_service.jobs.oneshot(searchquery_oneshot, **kwargs_oneshot)

    reader = results.ResultsReader(oneshotsearch_results)
    for item in reader:
        if isinstance(item, results.Message):
            return item.message["clock"]
        if isinstance(item, dict):
            return item["clock"]
    raise ValueError('Error: Could not fetch Splunk time')
开发者ID:demisto,项目名称:content,代码行数:18,代码来源:SplunkPy.py

示例2: parse_batch_of_results

# 需要导入模块: from splunklib import results [as 别名]
# 或者: from splunklib.results import Message [as 别名]
def parse_batch_of_results(current_batch_of_results, max_results_to_add, app):
    parsed_batch_results = []
    batch_dbot_scores = []
    results_reader = results.ResultsReader(io.BufferedReader(ResponseReaderWrapper(current_batch_of_results)))
    for item in results_reader:
        if isinstance(item, results.Message):
            if "Error in" in item.message:
                raise ValueError(item.message)
            parsed_batch_results.append(convert_to_str(item.message))

        elif isinstance(item, dict):
            if demisto.get(item, 'host'):
                batch_dbot_scores.append({'Indicator': item['host'], 'Type': 'hostname',
                                          'Vendor': 'Splunk', 'Score': 0, 'isTypedIndicator': True})
            if app:
                item['app'] = app
            # Normal events are returned as dicts
            parsed_batch_results.append(item)

        if len(parsed_batch_results) >= max_results_to_add:
            break
    return parsed_batch_results, batch_dbot_scores
开发者ID:demisto,项目名称:content,代码行数:24,代码来源:SplunkPy.py

示例3: _process_result

# 需要导入模块: from splunklib import results [as 别名]
# 或者: from splunklib.results import Message [as 别名]
def _process_result(self, result, **kwargs):
        if isinstance(result, results.Message):
            if kwargs['verbose']:
                print(f"Message: {result}")
            return None

        if isinstance(result, dict):
            # Remove internal fields if requested
            if kwargs['internal_fields'] is False:
                for field in [key for key in result.keys() if key.startswith('_')]:
                    result.pop(field)
            elif isinstance(kwargs['internal_fields'], str):
                for field in list(map(lambda x: x.strip(), kwargs['internal_fields'].split(','))):
                    result.pop(field)

        return result
开发者ID:target,项目名称:huntlib,代码行数:18,代码来源:splunk.py

示例4: messages

# 需要导入模块: from splunklib import results [as 别名]
# 或者: from splunklib.results import Message [as 别名]
def messages(self):
        """Returns the collection of service messages.

        :return: A :class:`Collection` of :class:`Message` entities.
        """
        return Collection(self, PATH_MESSAGES, item=Message)
开发者ID:remg427,项目名称:misp42splunk,代码行数:8,代码来源:client.py

示例5: results

# 需要导入模块: from splunklib import results [as 别名]
# 或者: from splunklib.results import Message [as 别名]
def results(self, **query_params):
        """Returns a streaming handle to this job's search results. To get a
        nice, Pythonic iterator, pass the handle to :class:`splunklib.results.ResultsReader`,
        as in::

            import splunklib.client as client
            import splunklib.results as results
            from time import sleep
            service = client.connect(...)
            job = service.jobs.create("search * | head 5")
            while not job.is_done():
                sleep(.2)
            rr = results.ResultsReader(job.results())
            for result in rr:
                if isinstance(result, results.Message):
                    # Diagnostic messages may be returned in the results
                    print '%s: %s' % (result.type, result.message)
                elif isinstance(result, dict):
                    # Normal events are returned as dicts
                    print result
            assert rr.is_preview == False

        Results are not available until the job has finished. If called on
        an unfinished job, the result is an empty event set.

        This method makes a single roundtrip
        to the server, plus at most two additional round trips if
        the ``autologin`` field of :func:`connect` is set to ``True``.

        :param query_params: Additional parameters (optional). For a list of valid
            parameters, see `GET search/jobs/{search_id}/results
            <http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTsearch#GET_search.2Fjobs.2F.7Bsearch_id.7D.2Fresults>`_.
        :type query_params: ``dict``

        :return: The ``InputStream`` IO handle to this job's results.
        """
        query_params['segmentation'] = query_params.get('segmentation', 'none')
        return self.get("results", **query_params).body
开发者ID:remg427,项目名称:misp42splunk,代码行数:40,代码来源:client.py

示例6: _parse_results

# 需要导入模块: from splunklib import results [as 别名]
# 或者: from splunklib.results import Message [as 别名]
def _parse_results(self, handle):
        """ Wraps output from Splunk searches with the Splunk ResultsReader.
        Splunk typically retrieves events debug statements, errors through the same stream.
        Debug/Info messages will be displayed and actual results

        :param handle: Splunk search job generator
        """
        result_reader = ResultsReader(handle)
        for result in result_reader:

            # Diagnostic messages may be returned in the results
            if isinstance(result, Message):
                logger.debug('[{}] {}'.format(result.type, result.message))

            # Normal events are returned as dicts
            elif isinstance(result, dict):
                result = dict(result)
                if '_time' in result:
                    result['_time'] = SplunkAbstraction._to_datetime(result['_time'])
                yield {
                    'time': result['_time'] if '_time' in result else '',
                    'metadata': {k: v for k, v in result.items() if k.startswith('_')},
                    'state': {k: v for k, v in result.items() if not k.startswith('_')}
                }

            else:
                logger.warning('Unknown result type in _parse_results: {}'.format(result))

        assert result_reader.is_preview is False
开发者ID:mitre,项目名称:cascade-server,代码行数:31,代码来源:splunk.py

示例7: splunk_results_command

# 需要导入模块: from splunklib import results [as 别名]
# 或者: from splunklib.results import Message [as 别名]
def splunk_results_command(service):
    res = []
    sid = demisto.args().get('sid', '')
    try:
        job = service.job(sid)
    except HTTPError as error:
        if error.message == 'HTTP 404 Not Found -- Unknown sid.':
            demisto.results("Found no job for sid: {}".format(sid))
        else:
            return_error(error.message, error)
    else:
        for result in results.ResultsReader(job.results()):
            if isinstance(result, results.Message):
                demisto.results({"Type": 1, "ContentsFormat": "json", "Contents": json.dumps(result.message)})
            elif isinstance(result, dict):
                # Normal events are returned as dicts
                res.append(result)

        demisto.results({"Type": 1, "ContentsFormat": "json", "Contents": json.dumps(res)})
开发者ID:demisto,项目名称:content,代码行数:21,代码来源:SplunkPy.py


注:本文中的splunklib.results.Message方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。