Я использую Splunk Python SDK для извлечения сохраненных результатов поиска / оповещений из Spunk Enterprise.Я получаю вывод в XML Namesce, но я получаю результат 1 страницы.Есть 92 результатов поиска, но выборка только 30 результатов (я думаю, это из-за нумерации страниц. Ниже приведен фрагмент кода для извлечения XML:
def main(argv):
""" main entry """
usage = 'usage: %prog --help for options'
opts = utils.parse(argv, RULES, ".splunkrc", usage=usage)
context = binding.connect(**opts.kwargs)
operation = None
# splunk.binding.debug = True # for verbose information (helpful for debugging)
# Extract from command line and build into variable args
kwargs = {}
for key in RULES.keys():
if key in opts.kwargs:
if key == "operation":
operation = opts.kwargs[key]
else:
kwargs[key] = opts.kwargs[key]
# no operation? if name present, default to list, otherwise list-all
if not operation:
if 'name' in kwargs:
operation = 'list'
else:
operation = 'list-all'
# pre-sanitize
if (operation != "list" and operation != "create"
and operation != "delete"
and operation != "list-all"):
print("operation %s not one of list-all, list, create, delete" % operation)
sys.exit(0)
if 'name' not in kwargs and operation != "list-all":
print("operation requires a name")
sys.exit(0)
# remove arg 'name' from passing through to operation builder, except on create
if operation != "create" and operation != "list-all":
name = kwargs['name']
kwargs.pop('name')
# perform operation on saved search created with args from cli
if operation == "list-all":
# result = context.get("saved/searches", **kwargs)
result = context.get("saved/searches", **kwargs)
elif operation == "list":
result = context.get("saved/searches/%s" % name, **kwargs)
elif operation == "create":
result = context.post("saved/searches", **kwargs)
else:
result = context.delete("saved/searches/%s" % name, **kwargs)
print("HTTP STATUS: %d" % result.status)
# pdb.set_trace()
xml_data = result.body.read().decode('utf-8')
Когда используется
if operation == "list-all":
# result = context.get("saved/searches", **kwargs)
,Я получаю XML.
Ниже приводится XML, который я получаю:
<?xml version="1.0" encoding="UTF-8"?>
<!--This is to override browser formatting; see server.conf[httpServer] to disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .-->
<?xml-stylesheet type="text/xml" href="/static/atom.xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:s="http://dev.splunk.com/ns/rest" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
<title>savedsearch</title>
<id>https://website.com</id>
<updated>2019-09-26T01:21:06-05:00</updated>
<generator build="657388c7a488" version="7.3.0"/>
<author>
<name>Splunk</name>
</author>
<link href="/services/saved/searches/_new" rel="create"/>
<link href="/services/saved/searches/_reload" rel="_reload"/>
<link href="/services/saved/searches/_acl" rel="_acl"/>
<opensearch:totalResults>92</opensearch:totalResults>
<opensearch:itemsPerPage>30</opensearch:itemsPerPage>
<opensearch:startIndex>0</opensearch:startIndex>
<s:messages/>
<entry>
<title>MyTitle</title>
<id>https://website.com</id>
<updated>1969-12-31T18:00:00-06:00</updated>
<link href="/servicesNS/nobody/some_name/saved/searches" rel="alternate"/>
<author>
<name>nobody</name>
</author>
<link href="/servicesNS/nobody/some_name/saved/searches/" rel="list"/>
<link href="/servicesNS/nobody/some_name/saved/searches" rel="_reload"/>
<link href="/servicesNS/nobody/some_name/saved/searches" rel="edit"/>
<link href="/servicesNS/nobody/some_name/saved/searches/disable" rel="disable"/>
<link href="/servicesNS/nobody/some_name/saved/searches/dispatch" rel="dispatch"/>
<link href="/servicesNS/nobody/some_name/saved/searches/embed" rel="embed"/>
<link href="/servicesNS/nobody/some_name/saved/searches/history" rel="history"/>
<content type="text/xml">
<s:dict>
<s:key name="eai:acl">
<s:dict>
<s:key name="app">some_name</s:key>
<s:key name="can_change_perms">1</s:key>
</s:dict>
</s:key>
</s:dict>
</content>