Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import csv
- import sys
- import splunk.Intersplunk
- import string
- import re
- ### Used for getting the
- # Get the regular expression string format
- def _get_re_compile_str(str_list):
- new_list = []
- for item in str_list:
- if "*" not in item:
- new_list.append("^" + item + "$")
- else:
- if not item.startswith('*'):
- item = '^' + item
- else:
- item = item[1:]
- if not item.endswith('*'):
- item = item + '$'
- new_list.append(item.replace('*','.*'))
- return new_list
- # Get all fields for a specific row matching the regular expression string format given.
- def _get_fields(str_regex_list, keys):
- fields = []
- for str_regex in str_regex_list:
- regex = re.compile(str_regex)
- fields.extend([string for string in keys if re.match(regex, string)])
- return fields
- # Fetch the results
- results = splunk.Intersplunk.readResults(None, None, True)
- # args is a list of parameters which will look like ['argument1', 'field*']
- # kwargs is dictionary which will look like {'param1':'value1', 'param2': 'value2'}
- args, kwargs = splunk.Intersplunk.getKeywordsAndOptions()
- str_regex_list = _get_re_compile_str(args)
- # Run through each line and add a new field called new_field with 'static value' for its value
- for res in results:
- fields = _get_fields(str_regex_list, res.keys())
- res['new_field'] = 'static value'
- # Send the result back
- splunk.Intersplunk.outputResults(results)
Add Comment
Please, Sign In to add comment