splunklib.results¶
The splunklib.results module provides a streaming XML reader for Splunk search results.
Splunk search results can be returned in a variety of formats including XML, JSON, and CSV. To make it easier to stream search results in XML format, they are returned as a stream of XML fragments, not as a single XML document. This module supports incrementally reading one result record at a time from such a result stream. This module also provides a friendly iterator-based interface for accessing search results while avoiding buffering the result set, which can be very large.
To use the reader, instantiate JSONResultsReader on a search result stream
as follows::
reader = ResultsReader(result_stream)
for item in reader:
print(item)
print(f"Results are a preview: {reader.is_preview}")
-
class
splunklib.results.Message(type_, message)¶ This class represents informational messages that Splunk interleaves in the results stream.
Messagetakes two arguments: a string giving the message type (e.g., “DEBUG”), and a string giving the message itself.Example:
m = Message("DEBUG", "There's something in that variable...")
-
class
splunklib.results.JSONResultsReader(stream)¶ This class returns dictionaries and Splunk messages from a JSON results stream.
JSONResultsReaderis iterable, and returns adictfor results, or aMessageobject for Splunk messages. This class has one field,is_preview, which isTruewhen the results are a preview from a running search, orFalsewhen the results are from a completed search.This function has no network activity other than what is implicit in the stream it operates on.
Parameters: stream – The stream to read from (any object that supports``.read()``). Example:
import results response = ... # the body of an HTTP response reader = results.JSONResultsReader(response) for result in reader: if isinstance(result, dict): print(f"Result: {result}") elif isinstance(result, results.Message): print(f"Message: {result}") print(f"is_preview = {reader.is_preview}")