SplunkPy: fix bugs in fetch & splunk-search command by ilappe · Pull Request #42432 · demisto/content

ilappe · 2025-12-28T12:19:06Z

SplunkPy

Fixed an issue where the fetch incidents would not work as expected after performing a reset last run when enrichment is configured.
Updated the splunk-search command to display a warning message when search results exceed the normal usage size.

SplunkPyV2

Updated the splunk-search command to display a warning message when search results exceed the normal usage size.

github-actions · 2025-12-28T12:25:02Z

Coverage Report

File	Stmts	Miss	Cover	Missing
Packs/SplunkPy/Integrations/SplunkPy
SplunkPy.py	1748	368	78%	171, 174, 259–260, 264–267, 269–270, 274–277, 300, 311, 390, 394–396, 430–432, 613, 618, 621, 752–753, 761, 779, 885–886, 901–906, 927–928, 930–932, 934, 936, 1012–1017, 1019, 1023–1024, 1228–1229, 1262, 1287, 1339–1341, 1358–1359, 1394–1403, 1438–1439, 1441, 1459, 1506–1508, 1513–1514, 1520, 1523–1524, 1555–1556, 1564, 1626–1629, 1635–1637, 1641, 1681–1682, 1688–1690, 1692–1693, 1758, 1803, 1807, 1886–1888, 1893–1894, 1956, 1958–1960, 2063, 2110–2111, 2130, 2174–2176, 2178, 2207–2208, 2212, 2215, 2218–2226, 2233–2234, 2236–2238, 2272–2274, 2276, 2278–2279, 2281–2285, 2287–2289, 2291, 2299, 2301–2304, 2306–2314, 2316–2317, 2848–2849, 2872–2874, 2879, 2881, 2883–2888, 2890, 3019, 3057, 3061, 3070, 3080, 3084, 3105, 3107, 3109, 3129, 3132, 3137–3142, 3144–3146, 3188, 3210, 3251, 3257, 3266, 3274, 3279, 3303–3304, 3343, 3354–3356, 3359–3360, 3362, 3377, 3402–3410, 3412, 3414–3417, 3419–3420, 3463, 3494–3497, 3500–3503, 3516–3519, 3563, 3604, 3645, 3660, 3677, 3763–3765, 3787, 3796–3800, 3808–3809, 3814–3815, 3831–3835, 3838, 3840, 3846–3853, 3855–3856, 3858–3859, 3863–3871, 3873–3876, 3880–3881, 3884–3886, 3888, 3894–3902, 3907, 3913–3916, 3922–3925, 3929–3932, 3947, 3949–3950, 3952–3954, 3963, 3967–3974, 3981, 3998–4003, 4029–4036, 4040–4041, 4043–4048
Packs/SplunkPy/Integrations/SplunkPyV2
SplunkPyV2.py	1740	368	78%	179, 182, 258, 284–285, 287–292, 294, 355–357, 408, 419, 561, 584, 660–662, 836, 843, 846, 978, 1002–1003, 1089–1090, 1105–1110, 1136–1137, 1219–1224, 1226, 1230–1231, 1334, 1457–1458, 1540–1542, 1559–1560, 1595–1604, 1639–1640, 1642, 1660, 1707–1709, 1714–1715, 1721, 1724–1725, 1756–1757, 1765, 1823–1826, 1832–1834, 1838, 1874–1875, 1879–1881, 1883–1884, 1950, 1952, 1955–1958, 1961–1962, 1964–1966, 1983, 1989, 2025, 2089–2091, 2100–2101, 2158, 2160–2162, 2243, 2283, 2316, 2415–2416, 2445–2446, 2449, 2451, 2459, 2461–2464, 2466–2474, 2476–2477, 3005, 3044–3046, 3048, 3050–3055, 3057, 3089–3097, 3100–3102, 3105, 3108, 3110, 3114, 3117, 3120–3121, 3123–3124, 3126–3129, 3137, 3139, 3141, 3161, 3164, 3169–3174, 3176–3178, 3226, 3248, 3289, 3295, 3306, 3314, 3319, 3343–3344, 3383, 3394–3396, 3399–3400, 3402, 3417, 3442–3450, 3452, 3454–3457, 3459–3460, 3466, 3481, 3512–3515, 3518–3521, 3534–3537, 3581, 3622, 3663, 3675–3676, 3686, 3690, 3712–3714, 3719–3722, 3724, 3733, 3735, 3827–3829, 3860, 3862, 3870, 3872–3873, 3915–3916, 3921–3922, 3938–3942, 3945, 3947, 3953–3960, 3962–3963, 3965–3966, 3970–3978, 3980–3983, 3987–3988, 3991–3993, 3995, 4001–4009, 4014, 4020–4023, 4029–4032, 4036–4039, 4054, 4056–4057, 4059–4061, 4070, 4074–4081, 4088, 4105–4110, 4129–4136, 4140–4141, 4143–4148
TOTAL	3488	736	78%

Tests	Skipped	Failures	Errors	Time
284	0 💤	0 ❌	0 🔥	4.667s ⏱️

…otential_splunk_bug

content-bot · 2026-01-04T12:05:49Z

🤖 Content-bot Review Disclaimer

This review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause.

content-bot

Thanks for the updates to the Splunk pack! I've reviewed the changes and have a few suggestions to improve performance and documentation accuracy. Please look into optimizing memory usage when calculating JSON length and ensure the splunk-search arguments are correct in the READMEs. Also, please verify the release notes formatting and the reader method signature.

Additionally, please address the following file-level notes:

Packs/SplunkPy/Integrations/SplunkPyV2/SplunkPyV2.py: The ResponseReaderWrapper.read method signature should be updated to def read(self, n=-1): (or n: int = -1).

@DeanArbel please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.

Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py

Packs/SplunkPy/Integrations/SplunkPyV2/SplunkPyV2.py

Packs/SplunkPy/Integrations/SplunkPy/README.md

Packs/SplunkPy/Integrations/SplunkPyV2/README.md

Packs/SplunkPy/ReleaseNotes/4_0_3.md

…content into ilappe/fix_potential_splunk_bug

talihaff · 2026-01-11T10:53:35Z

@ilappe docs approved

Packs/SplunkPy/Integrations/SplunkPy/README.md

Packs/SplunkPy/Integrations/SplunkPyV2/README.md

Packs/SplunkPy/ReleaseNotes/4_0_4.md

Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com>

content-bot · 2026-02-02T11:55:48Z

Validate summary
The following errors were reported as warnings: DO106.
The following errors were thrown as a part of this pr: .
If the AG100 validation in the pre-commit GitHub Action fails, the pull request cannot be force-merged.

Verdict: PR can be force merged from validate perspective? ✅

* fix bug * RN * another change * CR changes * update the doc * update RN after merge master * Update README.md * Update README.md * Apply suggestions from code review Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com> * Update 4_0_4.md --------- Co-authored-by: Richard Bluestone <53567272+richardbluestone@users.noreply.github.com>

fix bug

c5ebebd

ilappe self-assigned this Dec 28, 2025

ilappe added 3 commits December 28, 2025 14:55

Merge branch 'master' of github.com:demisto/content into ilappe/fix_p…

eddc415

…otential_splunk_bug

RN

e198b1d

another change

e7c382c

ilappe changed the title ~~SplunkPy: fix bug in fetch when enrichment enabled~~ SplunkPy: fix bugs in fetch & splunk-search command Jan 4, 2026

ilappe requested a review from DeanArbel January 4, 2026 11:35

ilappe added ready-for-pipeline-running Whether the pr is ready for running the whole pipeline, including testing on SAAS machines ready-for-ai-review The PR is ready for reviewing the PR with the AI Reviewer. labels Jan 4, 2026

Merge branch 'master' into ilappe/fix_potential_splunk_bug

d05d28b

content-bot removed the ready-for-ai-review The PR is ready for reviewing the PR with the AI Reviewer. label Jan 4, 2026

content-bot reviewed Jan 4, 2026

View reviewed changes

ilappe added 5 commits January 5, 2026 09:56

CR changes

c5c87c8

Merge branch 'ilappe/fix_potential_splunk_bug' of github.com:demisto/…

9c51014

…content into ilappe/fix_potential_splunk_bug

update the doc

0ddfbd6

merge master

36defd9

update RN after merge master

7886365

ilappe marked this pull request as ready for review January 11, 2026 08:53

DeanArbel approved these changes Jan 11, 2026

View reviewed changes

ilappe requested a review from richardbluestone January 11, 2026 09:01

richardbluestone requested review from talihaff and removed request for richardbluestone January 11, 2026 09:25

talihaff added the docs-approved label Jan 11, 2026