PrintResultMessage( updateNotableEvents( sessionKey = sessionKey, comment = 'Just adding a comment via a search', searchID = job. Print "Updating the notable events in the completed search" Print "Search is done, result count is", job. dispatch( "search `notable` | head 2", sessionKey = sessionKey, earliest = '-7d') Print "Updating some notable events by processing the results from a search." PrintResultMessage( updateNotableEvents( sessionKey = sessionKey, comment = 'Just adding a comment', eventIDs =[ Example 2: updating all notables that match a search Print "Updating some notable events but this time just leaving some comments." PrintResultMessage( updateNotableEvents( sessionKey = sessionKey, comment = 'This is a test of the REST endpoint', status = 5, urgency = 'high', owner = 'admin', eventIDs =[ Update some events by just adding a comment (leaves the assignee and urgency and status alone) # Update some events and reassigning them, changing the status and urgency Print "Some failures were noted: " + str( response_info) If 'failure_count' in response_info and response_info > 0: getSessionKey( username = 'admin', password = 'changeme') # Get a session ID and make a function for outputting the results for the examples below # Return the information about the request Raise Exception( "Server response indicates that the request failed") simpleRequest( '/services/notable_update', sessionKey = sessionKey, postargs = args) # If you want to manipulate the notable events returned by a search then include the search ID # Provide the list of event IDs that you want to change: # These the arguments to the REST handler Raise Exception( "Either eventIDs of a searchID must be provided (or both)") If eventIDs is None and searchID is None: # Make sure that rule IDs and/or a search ID is provided Raise Exception( "A session key was not provided") # Make sure that the session ID was provided Enterprise Certified Admin certification which includes advanced dashboards and visualization, building Splunk apps, developing with Splunks REST API. All of the events associated with this search will be modified unless a list of eventIDs are provided that limit the scope to a sub-set of the results. Owner - A nowner (only required if reassigning the event)ĮventIDs - A list of notable event IDs (must be provided if a search ID is not provided) Urgency - An urgency (only required if you are changing the urgency of the event) Status - A status (only required if you are changing the status of the event) Def updateNotableEvents( sessionKey, comment, status = None, urgency = None, owner = None, eventIDs = None, searchID = None):Ĭomment - A description of the change or some information about the notable events
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |