LukeMurphey · October 22, 2018 17:30
diff --git a/get_asset.py b/get_asset.py

 import splunk.auth
 import splunk.search
 import time

 def get_asset(host, session_key):
    # Declare some static vars
    search = '| stats count | eval asset="%s" | fields asset | `get_asset(asset)`' % host
    latest_time = "now"
    earliest_time = "0"

    # Kick off the search
    search_job = splunk.search.dispatch(search, earliest_time=earliest_time, latest_time=latest_time, sessionKey=session_key)
    # https://code.google.com/p/corey-projects/source/browse/trunk/python2/splunk/splunk_stat_cmd.py?spec=svn289&r=289

    # Wait for the search to complete
    while search_job.isDone != True:
        time.sleep(1)

    # Try to process the results
    searchID = search_job.sid

    # This is mostly a copy from the notable event REST handler:
    job = splunk.search.getJob(searchID, sessionKey=session_key)

    # Get the results so that we can process them
    dataset = getattr(job, 'results')

    # We are going to do some conversion of the field names and will store the results here
    processed_events = {}

    # Strip the leading 'asset_' from the field names since the macro adds this
    for event in dataset:
        for key in event.keys():

            # Strip the leading 'asset' part of the string if it exists
            if 'asset_' in key:
                processed_events[key[6:]] = event[key]
            else:
                processed_events[key] = event[key]
        
        break # Stop at the first result

    return processed_events

 # Authenticate
 session_key = splunk.auth.getSessionKey(username='admin', password='changeme')

 print get_asset("HOST-003", session_key)

	import splunk.auth
	import splunk.search
	import time

	def get_asset(host, session_key):
	# Declare some static vars
	search = '\| stats count \| eval asset="%s" \| fields asset \| `get_asset(asset)`' % host
	latest_time = "now"
	earliest_time = "0"

	# Kick off the search
	search_job = splunk.search.dispatch(search, earliest_time=earliest_time, latest_time=latest_time, sessionKey=session_key)
	# https://code.google.com/p/corey-projects/source/browse/trunk/python2/splunk/splunk_stat_cmd.py?spec=svn289&r=289

	# Wait for the search to complete
	while search_job.isDone != True:
	time.sleep(1)

	# Try to process the results
	searchID = search_job.sid

	# This is mostly a copy from the notable event REST handler:
	job = splunk.search.getJob(searchID, sessionKey=session_key)

	# Get the results so that we can process them
	dataset = getattr(job, 'results')

	# We are going to do some conversion of the field names and will store the results here
	processed_events = {}

	# Strip the leading 'asset_' from the field names since the macro adds this
	for event in dataset:
	for key in event.keys():

	# Strip the leading 'asset' part of the string if it exists
	if 'asset_' in key:
	processed_events[key[6:]] = event[key]
	else:
	processed_events[key] = event[key]

	break # Stop at the first result

	return processed_events

	# Authenticate
	session_key = splunk.auth.getSessionKey(username='admin', password='changeme')

	print get_asset("HOST-003", session_key)