Tokens for variable substition using Splunk REST API modular input

tokens.py

from datetime import datetime, timedelta
# imports the required python libs
# helper function to get the end of the most recent hour
# as a python datetime object
#
# e.g. if the script calls this on 12/18 at 16:05
# this returns a python date object for 12/18 at 15:59:59
#
def most_recent_hour_end():
  return datetime.now().replace(minute=59, second=59, microsecond=0)

# function to be used as a variable
# returns the start of the most recent hour in ISO8601 format
#
# e.g. if the script calls this on 12/18 at 16:05
# this returns 2015-12-18T15:00:00
#
# usage:
# add URL arguments / querystring params referencing the function name
# start=$start_datetime$
#
def start_datetime():
  most_recent_hour_start = most_recent_hour_end() - timedelta(hours=1) + timedelta(seconds=1)
  return most_recent_hour_start.isoformat()

# function to be used as a variable
# returns the end of the most recent hour in ISO8601 format
#
# e.g. if the script calls this on 12/18 at 16:05
# this returns 2015-12-18T15:59:59
#
# usage:
# add URL arguments / querystring params referencing the function name
# end=$end_datetime$
#
def end_datetime():
  return most_recent_hour_end().isoformat()

# returns currently supported date-only format for testing
# 12/18/2015
#
def current_date():
  return most_recent_hour_end().strftime('%m/%d/%Y')