Difference between revisions of "Splunk: Python Lookup"

Revision as of 14:47, 14 November 2019

Copy requirements to /opt/splunk/lib/python2.7/site-packages

Including SplunkLookup.py:

import csv
import sys
from abc import ABCMeta, abstractmethod


class SplunkLookup:
    __metaclass__ = ABCMeta
    usage = "Usage: python {} [arg1] [arg2]"

    def __init__(self):
        self.validate_args()
        self.arg1, self.arg2 = self.read_arguments()
        self.header, self.stdin = self.read_input()
        self.writer = self.write_header()
        self.process_stdin()

    def validate_args(self):
        if len(sys.argv) != 3:
            print(self.usage)

    @staticmethod
    def read_arguments():
        ipfield = sys.argv[2]
        location = sys.argv[1]
        return ipfield, location

    @staticmethod
    def read_input():
        infile = sys.stdin
        reader = csv.DictReader(infile)
        header = reader.fieldnames
        return header, reader

    def write_header(self):
        stdout = sys.stdout
        writer = csv.DictWriter(stdout, fieldnames=self.header)
        writer.writeheader()
        return writer

    def process_stdin(self):
        for result in self.stdin:
            self.lookup_missing(result)
            self.writer.writerow(result)

    def lookup_missing(self, result):
        if result[self.arg1] and result[self.arg2]:
            pass
        elif result[self.arg1]:
            result.update({self.arg2: self.lookup_arg2(result[self.arg1])})
        elif result[self.arg2]:
            result.update({self.arg1: self.lookup_arg1(result[self.arg2])})

    @abstractmethod
    def lookup_arg2(self, argument_value1):
        pass

    @abstractmethod
    def lookup_arg1(self, argument_value2):
        pass


class SplunkLookupError(object):
    pass

Difference between revisions of "Splunk: Python Lookup"

Revision as of 14:47, 14 November 2019

Navigation menu

Search