You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
1.9 KiB
49 lines
1.9 KiB
__author__ = 'pezhang'
|
|
import splunk.Intersplunk as intersplunk
|
|
import traceback
|
|
|
|
OUTPUT_COUNT = 100
|
|
OUTPUT_ATTRIBUTE_FIELDS = ['_time', 'job_name', 'info_min_time', 'info_max_time']
|
|
|
|
def comparator(s):
|
|
return -1 * s['_time']
|
|
|
|
def parse_table(input):
|
|
output = []
|
|
for i in range(len(input)):
|
|
if len(output) == OUTPUT_COUNT:
|
|
break
|
|
|
|
fields = list(input[i].keys())
|
|
value_fields = list([x for x in fields if x.startswith('value_')])
|
|
for value_field in value_fields:
|
|
cur_field = value_field[6:]
|
|
outlier_field = 'outlier_' + cur_field
|
|
severity_field = 'severity_' + cur_field
|
|
if outlier_field in search_results[i] and str(search_results[i][outlier_field]) == 'True':
|
|
if len(str(search_results[i][severity_field])) > 0:
|
|
severity_value = search_results[i][severity_field]
|
|
else:
|
|
severity_value = -1
|
|
cur_row = {'Field name': cur_field, 'Value': input[i][value_field], 'Severity': severity_value}
|
|
cur_row.update({k: input[i][k] for k in OUTPUT_ATTRIBUTE_FIELDS if k in input[i]})
|
|
output.append(cur_row)
|
|
|
|
sorted(output, key=comparator)
|
|
return output
|
|
|
|
|
|
try:
|
|
output_fields = ['_time', 'Job name', 'Field name', 'Value', 'Severity']
|
|
output_results = []
|
|
search_results, dummyresults, settings = intersplunk.getOrganizedResults()
|
|
if search_results is None or len(search_results) == 0:
|
|
intersplunk.outputResults(output_results)
|
|
|
|
output_results = parse_table(search_results)
|
|
intersplunk.outputResults(output_results[:OUTPUT_COUNT], fields=OUTPUT_ATTRIBUTE_FIELDS.extend(['Field name', 'Value', 'Severity']))
|
|
except:
|
|
stack = traceback.format_exc()
|
|
results = intersplunk.generateErrorResults("Error : Traceback: " + str(stack))
|
|
intersplunk.outputResults(results)
|