Hello all,
I have add-on with written a custom search command. This command call my python package.
**my_searchcommand.py**:
from lazy import Lazy
from splunklib.searchcommands import (
dispatch,
validators,
StreamingCommand,
Configuration,
Option,
)
from my_package import MyFunc
@Configuration()
class MyCommand(StreamingCommand):
def __init__(self):
super(MyCommand, self).__init__()
def prepare(self):
settings = Settings(self.service.confs,
self.service.storage_passwords)
self._action = Lazy(
self.action,
tr=Lazy(self.connect, settings),
)
def stream(self, records):
index = self.service.indexes['my_index'] # get index
# how to put a 'records' into 'my_index'?
for record in records:
yield record
@property
def action(self):
... # use my_package
def connect(self, settings):
...
1. How can I push results of a custom
search command into 'my_index' and how i can associate an index with a sourcetype?
Thank you!
↧