SplunkQuerySet
Important notice: As part of Advanced XML deprecation, the Module System is officially deprecated beginning with Splunk Enterprise 6.3. For more information, see Advanced XML Deprecation. |
all()
The all() method gets the entire set of model objects for all models in scope.
Use this method in combination with filter(), filter_by_app(), filter_by_user(), and search() to populate lists or locate specific entities from the pool of models in scope.
Synopsis
querySet = all()
Return Value
Object | A SplunkQuerySet object containing a list of all models in scope. |
See Also
filter()
filter_by_app()
filter_by_user()
order_by()
search()
filter()
The filter() method gets a clone of the current query set, which is filtered by the kwargs model field names.
Synopsis
clone = filter( **kwargs )
Parameters
**kwargs | Dict | Dictionary corresponding to model fields and values by which to filter the current result set. |
Return Value
Object | SplunkQuerySet object representing a filtered clone of the current result set. |
Raises
Exception | 'cannot filter on unknown field: %s' % arg |
Example
from splunk.models.app import App
class AlertsController(BaseController):
def index(self, app, **params):
apps = App.all().filter(is_disabled=False)
See Also
all()
filter_by_app()
filter_by_user()
order_by()
search()
filter_by_app()
The filter_by_app() method provides app-based filtering by getting a clone of the current query set.
Synopsis
clone = filter_by_app( app )
Parameters
app | String | App name to use for filtering. |
Return Value
Object | SplunkQuerySet object representing a filtered clone of the current result set. |
Example
from splunk.models.fired_alert import FiredAlert, FiredAlertSummary
class AlertsController(BaseController):
... elided ...
def index(self, app, **params):
fired_alert_summary = FiredAlertSummary.all().filter_by_app(alerts_app).
filter_by_user(alerts_user)
See Also
all()
filter()
filter_by_user()
order_by()
search()
filter_by_user()
The filter_by_user() method provides user-based filtering by getting a clone of the current query set.
Synopsis
clone = filter_by_user( user )
Parameters
user | String | Object owner name used for filtering. |
Return Value
Object | SplunkQuerySet object representing a filtered clone of the current result set. |
Example
from splunk.models.fired_alert import FiredAlert, FiredAlertSummaryclass AlertsController(BaseController):
def index(self, app, **params):
fired_alert_summary = FiredAlertSummary.all().filter_by_app(alerts_app).
filter_by_user(alerts_user)
See Also
all()
filter()
filter_by_app()
search()
get_entities()
The get_entities() wrapper creates Splunk Entity object sets of stored Splunk configuration objects.
Note: This method is called by the iterator() during SplunkQuerySet instantiation and, generally, does not need to be called directly.
Synopsis
entities = get_entities( **kwargs )
Parameters
**kwargs | Dict | De-serialized key-value pairs. |
Return Value
Entity | An Entities object containing zero or more entities. |
See Also
iterator()
The iterator() method iteratively gets resource entities, using an internal count-per-request that is set when SplunkQuerySet is instantiated.
Note: This method does not need to be called directly, because it is used with the built-in __iter__() method and accessed implicitly by calling SplunkQuerySet.next(). Overriding this method is not recommended unless the model has properties that require a special iterator.
Synopsis
model = iterator()
Yields
Function | Generator function representing an iteration of SplunkQuerySet. |
Raises
splunk.AuthenticationFailed |
See Also
order_by()
The order_by() method gets a clone of the current result set, ordered by the specified model field and sorting order.
Synopsis
clone = order_by( key, direction)
Parameters
key | String | Key to sort on. |
direction | String | Sort dirrection: asc = Ascending order. desc = Descending order. |
Return Value
Object | A clone of the current SplunkQuerySet object sorted by key and direction. |
Example
from splunk.models.base import SplunkQuerySet
class MyAppModel(SplunkRESTModel):
See Also
all()
filter()
filter_by_app()
filter_by_user()
search()
search()
The search() method gets a clone of the current query set constrained by the specified search_string. This method is used to perform free text search against a SplunkQuerySet to limit the results returned.
Synopsis
clone = search( search_string )
Parameters
search_string | String | Search string by which to constrain the results. |
Return Value
Object | Clone of the current SplunkQuerySet with only members that match the specified search_string. |
Example
from splunk.models.base import SplunkQuerySet
from splunk.models.fired_alert import FiredAlert, FiredAlertSummary
class MyAppModel(SplunkQuerySet):
def index(self, app, **params):
... elided ...
if not 'alerts_id' in params:
fired_alerts = FiredAlert.all()
else:
fired_alerts = FiredAlert.get_alerts(
urllib.unquote_plus(params.get('alerts_id')))
# augment query with search
if len(search_string) > 0:
fired_alerts = fired_alerts.search(' '.join(search_string))
... elided ...
See Also
SplunkRESTManager | Decorators |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9
Feedback submitted, thanks!