App: Intersplunk for Perl

Intersplunk for Perl

Compatible with Splunk 3.x

Author: araitz	Date Added:	Jan 20, 2009	Flag as Miscategorized Mistyped Inappropriate
Downloads:71	Last Updated:	Jan 20, 2009
Type: Search Commands, Other	License:	Creative Commons
Type: Search Commands, Other	Price:	Free

Version: 1.0

Free Download

By downloading from Splunkbase, you agree to our Downloading Terms and Conditions »

Most of the applications and content on Splunkbase are submitted by parties other than us. That third-party content is the sole responsibility of the originator of that content. We are not responsible for any third-party content, whether or not we reviewed or moderated such content. You agree that you bear all risks ass ociated with using or relying on applications and content on Splunkbase. We do not in any way warrant the accuracy, reliability, completeness, usefulness, non-infringement, or quality of any applications or content on Splunkbase, regardless of who originated that content (including our employees, partners, affiliates or moderators), and even if an application is designated as "certified". We hereby disclaim all warranties, including but not limited to any implied warranties of merchantability or fitness for a particular purpose, relating to such applications or content. We shall not be liable or responsible in any way for any losses or damage of any kind, including lost profits or other indirect or consequential damages, relating to your use of or reliance upon any applications or content on Splunkbase.

Description

A perl version of the python Intersplunk module that ships with Splunk.

There are two modules of use:

Intersplunk::getOrganizedResults reads from stdin and turns the csv into an array of hashes. There is one entry in the array per event, and each entry is a pointer to a hash of the events key/value pairs.
Intersplunk::outputResults takes a pointer to an array of hashes (such as the one generated by getOrganizedResults) as spits it back to STDOUT as a CSV.

NB: Make sure that you add perl to your path or edit the first line of the script to reflect the proper path.

In your perl search processors, you would use it as follows:

#!/path/to/perl
use intersplunk.pl;

$my_results = Intersplunk::getOrganizedResults();
@results = @{$my_results};

#print the "_raw" field for each event
foreach (@results) {
     print $_->{‘”_raw”’};
}

#now pretend you’ve made some changes to the results in the @results and want to send the results back to Splunk

$my_pointer = \@results;
$my_return = Intersplunk::outputResults($my_pointer);

If you have problems with this code, please send details of the problem as well as some sample data to reproduce the problem to my username at splunk dot com.

Your Rating

(0 votes)

Categories

Types

App: Intersplunk for Perl

Intersplunk for Perl

Categories:

Description

Your Rating

Preview App: