I'm retrieving DNS lookup log results from Splunk using the Python SDK. One of the fields present in the log is the domain. The search returns an OrderedDict for each entry, but looking at the keys in the dict some fields (like domain) are not present. The search string is simple: search index=dnslog | tail 1 .
blocksearch_results = splunk_job.results(**kwargs_paginate)
for result in results.ResultsReader(blocksearch_results):
print result['domain'] # Doesn't work - no such key
In Splunk Web, 'domain' is one of the 'interesting fields'. I can see the domain value as part of result['_raw'] , but digging it out of there is not the right way to go.
How do I get the dict to contain key/value pairs for all fields?
... View more