splunklib.data¶

The splunklib.data module reads the responses from splunkd in Atom Feed format, which is the format used by most of the REST API.

splunklib.data.load(text, match=None)¶

This function reads a string that contains the XML of an Atom Feed, then returns the data in a native Python structure (a dict or list). If you also provide a tag name or path to match, only the matching sub-elements are loaded.

Parameters:	text (`string`) – The XML text to load. match (`string`) – A tag name or path to match (optional).

splunklib.data.record(value=None)¶

This function returns a Record instance constructed with an initial value that you provide.

Parameters:	value (`dict`) – An initial record value.

class splunklib.data.Record¶

This generic utility class enables dot access to members of a Python dictionary.

Any key that is also a valid Python identifier can be retrieved as a field. So, for an instance of Record called r, r.key is equivalent to r['key']. A key such as invalid-key or invalid.key cannot be retrieved as a field, because - and . are not allowed in identifiers.

Keys of the form a.b.c are very natural to write in Python as fields. If a group of keys shares a prefix ending in ., you can retrieve keys as a nested dictionary by calling only the prefix. For example, if r contains keys 'foo', 'bar.baz', and 'bar.qux', r.bar returns a record with the keys baz and qux. If a key contains multiple ., each one is placed into a nested dictionary, so you can write r.bar.qux or r['bar.qux'] interchangeably.