Custom Search Commands: how to process positional ...

aovsiannikov · ‎12-25-2018

i.e. we have some custom command generatetext

@Configuration()
class GenerateTextCommand(GeneratingCommand):

    count = Option(require=True, validate=validators.Integer(0))
    text = Option(require=True)

    def generate(self):
        text = self.text
        for i in range(1, self.count + 1):
            yield {'_serial': i, '_time': time.time(), '_raw': six.text_type(i) + '. ' + text}

I'd like to pass args to it in positional manner,

NOT
| generatetext count=10 text='hi'

BUT
| generatetext 10 hi

How!?

HackerHit · ‎04-22-2019

I have the same question. Now I figure it out. I think it will help you.

We misunderstand the definition of Field and Option.

So we miss the important property named fieldnames that defined in splunklib/searchcommands/search_command.py Line:201

Following code is what you want. Line 8-9

@Configuration()
class GenerateTextCommand(GeneratingCommand):
    # options
    .....

    def generate(self):
            # field names
            count = self.fieldnames[0] 
            text = self.fieldnames[1]

        for i in range(1, self.count + 1):
            yield {'_serial': i, '_time': time.time(), '_raw': six.text_type(i) + '. ' + text}

Thank you.

HackerHit · ‎04-22-2019

I have the same question. Any body can answer it ?

Custom Search Commands: how to process positional args in command class?

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk