-
Notifications
You must be signed in to change notification settings - Fork 370
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding results.JSONReader #435
Conversation
Hmm. Just for clarification: If I'm just issuing (non-export, just regular) querys via the splunk sdk and getting a job back
Your implementation of
Would not return single events. The "single" event would consist of arrays (results) containing the 50.000 events. This is rather different from
which would print 50.000 log lines. Above solution would log 1 time, giant dict with key results containing 50.000 events |
This is more of what I would expect:
|
…chance of using a modern IDE
I think 78079ae updates the code to something that should work. I've updated my test code over in https://github.com/yaleman/splunk-sdk-games so that seems to work too.
If someone can provide a way of testing it in docker or something that'd be cool but I think it works. I can't run the built-in tests because python 3.7 on an m1 macBook doesn't have |
@yaleman thanks for the PR. We are considering the provided suggestion to use JSONResultsReader and exploring more on the same. |
@yaleman we have considered your changes for JSONResultsReader and have added some modifications as well which are now available in the latest Python SDK release 1.6.19. |
results.ResultsReader
is slow because it's iterating byte-by-byte through the stream to parse the XML in a way the chosen parser will be happy. I've added JSONResultsReader to provide a much more performant option.Benefits:
Other changes in this commit
Test Data
Running the tests from https://github.com/yaleman/splunk-sdk-games/
(you can just clone the repo, configure it and run
./run_tests.sh
)Generating the local files, so that we're not testing the response of my Splunk instance:
Using
results.ResultsReader
and the job in XML output format:Running test_file_resultsreader.py message: "INFO: Your timerange was substituted based on your search string" Results: 113625 Preview results: 9963 real 2m2.416s user 2m0.997s sys 0m0.405s
Using
results.JSONResultsReader
and the job in JSON output format:The 1 "missing" result is the
Message
that the JSON export endpoint doesn't return.