def main():
client = actconfig.setup()
# Parse arguments
opts, kwargs = Intersplunk.getKeywordsAndOptions()
if not opts:
Intersplunk.generateErrorResult(
"Usage: | actadd <field1> ... <fieldN> [fact_type=<fact type>] [fact_value=<fact value]"
)
return
events, _, _ = Intersplunk.getOrganizedResults()
# Annotate events
for event in events:
object_value = []
for field in opts:
if event.get(field):
object_value.append(event[field])
if not object_value:
continue
event.update(fact_search(client, object_value, **kwargs))
Intersplunk.outputResults(events)
