logger.error("Exception encountered: %s" % e)
logger.info("Traceback: %s" % stack)
# just tell user that we couldn't extract anything
regexes = ""
if len(regexes) == 0:
si.generateErrorResults(
'Unable to learn any extractions. Provide different examples, counterexamples, or searchresults'
)
exit(0)
rex = regexes[0]
rex = rex.replace("?P<FIELDNAME>", "?P<%s>" % keywords[0])
si.addInfoMessage(
messages,
'Successfully learned regex. Consider using: | rex "%s"' %
rex.replace('"', '\\"'))
# for each result
for result in results:
val = result.get(fromfield, None)
# match regex and put values in
match = re.search(rex, val)
if match:
extractions = match.groupdict()
for k, v in extractions.items():
result[k] = v
si.outputResults(results, messages)
except Exception, e:
stack = traceback.format_exc()
def execute():
results = []
try:
results, dummyresults, settings = si.getOrganizedResults()
keywords, options = si.getKeywordsAndOptions()
settings.update(options)
sessionKey = settings.get("sessionKey", None)
if TESTING and sessionKey == None:
sessionKey = auth.getSessionKey('admin', 'changeme')
owner = settings.get("owner", None)
namespace = settings.get("namespace", "search")
scriptname = settings.get("script", None)
prerun_str = settings.get("prerun", "True").lower()
prerun = prerun_str.startswith('t') or prerun_str.startswith(
'y') or prerun_str.startswith('1')
log("sessionKey %s owner %s namespace %s script %s prerun %s" %
(sessionKey, owner, namespace, scriptname, prerun))
if scriptname == None:
raise Exception('"script" value required')
if ".." in scriptname or "/" in scriptname or "\\" in scriptname:
raise Exception(
'pathname cannot contain cannot contain "..", "/", or "\\".')
home = si.splunkHome()
localpath = os.path.join('etc', 'apps', namespace, 'scripts',
scriptname + ".ss")
pathname = os.path.join(home, localpath)
if not os.path.exists(pathname):
raise Exception('script path does not exist: "%s"' %
os.path.join("SPLUNK_HOME", localpath))
log("pathname %s" % (pathname))
real_stdout = sys.stdout
if CAN_STREAM_RESULTS_ANY_TIME:
# output results immediately to stdout
result_stream = sys.stdout
else:
# output results once all done
result_stream = StringIO.StringIO()
# capture debugging stdout to StringIO, but have real stdout used for outputting results as streamed
sys.stdout = StringIO.StringIO()
script = scripting.Script(sessionKey,
owner,
namespace,
path=pathname,
prerunfix=prerun,
outputstream=result_stream)
side_effects = script.run()
log("side_effects %s" % (side_effects))
# output non-results -- variables and print statements from scripts
sys.stdout.flush()
messages = {}
si.addInfoMessage(messages, "Variable values: %s" % side_effects)
si.addInfoMessage(messages,
"Standard output: %s" % sys.stdout.getvalue())
# reset stdout
sys.stdout = real_stdout
OUTPUT_MSGS = True
if OUTPUT_MSGS:
# si.outputResults(None, messages)
for level, messages in messages.items():
for msg in messages:
print "%s=%s" % (level, normalizeMsg(msg))
print
# we haven't output results yet. do it now.
if not CAN_STREAM_RESULTS_ANY_TIME:
result_stream.flush()
print result_stream.getvalue()
except Exception, e:
sys.stdout = real_stdout
import traceback
msg = "%s. Traceback: %s" % (e, traceback.format_exc())
log("error %s" % msg)
si.generateErrorResults(msg)
regexes, extractions = ifl.learn(values, examples, badexamples)
except Exception, e:
# log error
logger.error("%s" % e)
logger.info("Traceback: %s" % stack)
# just tell user that we couldn't extract anything
regexes = ""
if len(regexes) == 0:
si.generateErrorResults('Unable to learn any extractions. Provide different examples, counterexamples, or searchresults')
exit(0)
rex = regexes[0]
rex = rex.replace("?P<FIELDNAME>", "?P<%s>" % keywords[0])
si.addInfoMessage(messages, 'Successfully learned regex. Consider using: | rex "%s"' % rex.replace('"', '\\"'))
# for each result
for result in results:
val = result.get(fromfield, None)
# match regex and put values in
match = re.search(rex, val)
if match:
extractions = match.groupdict()
for k,v in extractions.items():
result[k] = v
si.outputResults(results, messages)
except Exception, e:
import traceback
stack = traceback.format_exc()
def execute():
results = []
try:
results, dummyresults, settings = si.getOrganizedResults()
keywords, options = si.getKeywordsAndOptions()
settings.update(options)
sessionKey = settings.get("sessionKey", None)
if TESTING and sessionKey == None:
sessionKey = auth.getSessionKey('admin', 'changeme')
owner = settings.get("owner", None)
namespace = settings.get("namespace", "search")
scriptname = settings.get("script", None)
prerun_str = settings.get("prerun", "True").lower()
prerun = prerun_str.startswith('t') or prerun_str.startswith('y') or prerun_str.startswith('1')
log("sessionKey %s owner %s namespace %s script %s prerun %s" % (sessionKey, owner, namespace, scriptname, prerun))
if scriptname == None:
raise Exception('"script" value required')
if ".." in scriptname or "/" in scriptname or "\\" in scriptname:
raise Exception('pathname cannot contain cannot contain "..", "/", or "\\".')
home = si.splunkHome()
localpath = os.path.join('etc', 'apps', namespace, 'scripts', scriptname + ".ss")
pathname = os.path.join(home, localpath)
if not os.path.exists(pathname):
raise Exception('script path does not exist: "%s"' % os.path.join("SPLUNK_HOME", localpath))
log("pathname %s" % (pathname))
real_stdout = sys.stdout
if CAN_STREAM_RESULTS_ANY_TIME:
# output results immediately to stdout
result_stream = sys.stdout
else:
# output results once all done
result_stream = StringIO.StringIO()
# capture debugging stdout to StringIO, but have real stdout used for outputting results as streamed
sys.stdout = StringIO.StringIO()
script = scripting.Script(sessionKey, owner, namespace, path=pathname, prerunfix=prerun, outputstream=result_stream)
side_effects = script.run()
log("side_effects %s" % (side_effects))
# output non-results -- variables and print statements from scripts
sys.stdout.flush()
messages = {}
si.addInfoMessage(messages, "Variable values: %s" % side_effects)
si.addInfoMessage(messages, "Standard output: %s" % sys.stdout.getvalue())
# reset stdout
sys.stdout = real_stdout
OUTPUT_MSGS = True
if OUTPUT_MSGS:
# si.outputResults(None, messages)
for level, messages in messages.items():
for msg in messages:
print "%s=%s" % (level, normalizeMsg(msg))
print
# we haven't output results yet. do it now.
if not CAN_STREAM_RESULTS_ANY_TIME:
result_stream.flush()
print result_stream.getvalue()
except Exception, e:
sys.stdout = real_stdout
import traceback
msg = "%s. Traceback: %s" % (e, traceback.format_exc())
log("error %s" % msg)
si.generateErrorResults(msg)