Splunk Python SDK导出JSON字符串
[英]Splunk python SDK exporting json string
问题描述
I'm trying to export query results from Splunk into a Python application. 
我正在尝试将查询结果从Splunk导出到Python应用程序中。 I've got Key-Value fields, and one of those has a json string (that is a json structure wrapped in quotes). 我有键值字段,其中之一具有json字符串(即用引号引起来的json结构)。
First I had encountered an issue where using the table command would only return the opening bracket (eg "{") - which I then resolved by extracting the text via rex . 首先,我遇到一个问题,其中使用table命令只会返回左括号(例如“ {”)-然后我通过通过rex提取文本来解决。
However, despite the query working well in Splunk UI, including the download option, whenever I query via the SDK I keep getting "{" as a value. 但是,尽管查询在Splunk UI(包括下载选项)中运行良好,但是每当我通过SDK查询时,我都会不断获取“ {”作为值。 I've tried CSV/JSON/XML exports, and all experience the same issue. 我尝试了CSV / JSON / XML导出,并且都遇到了相同的问题。
Any suggestions? 有什么建议么?
1 个解决方案
解决方案1
1 已采纳 2017-03-20 12:21:56
Looks like the issue was an escaping one - I originally had: 看起来问题出在逃避-我最初有:
| rex field=_raw ".*filter=(?<filter>\".*\}\"),"
Which when replaced with the following, worked: 当被以下替换时,它可以工作:
| rex field=_raw ".*filter=(?<filter>\\".*\}\\"),"
Escaping had to be double in order to work properly. 转义必须加倍才能正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.