From 6b8246b3102b435235ff3416642bd11f26a7566e Mon Sep 17 00:00:00 2001 From: 590802 Date: Tue, 7 Nov 2017 08:54:48 -0500 Subject: [PATCH 1/2] Added json exporter for the spl parser - used Sara's startup example - augmented with writeJson method - added cmd args and usage for user customization --- utils/splparserToJson.py | 89 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 utils/splparserToJson.py diff --git a/utils/splparserToJson.py b/utils/splparserToJson.py new file mode 100644 index 0000000..3a6a9cc --- /dev/null +++ b/utils/splparserToJson.py @@ -0,0 +1,89 @@ +############################################### +# initial code sample produced by: Sara Alspaugh +# date: 11/6/2017 +# modified by: BAH, Greg Schmidt +# - added cmd args and usage +# - added writeJson +# date: 11/6/2017 +############################################### + +import sys +sys.path.append('../') +import json +import getopt +import json +import io + + +############################################### +## usage for cmd args +############################################### +def usage(): + print 'python splparserToJson.py -h -s ' + print ' -h : help menu' + print ' -o : output filename' + print ' -s : Splunk search query' + print '-----------------------------------------------------' + print ' e.g. python splparserToJson.py -o testout.json -s "sourcetype=access method=GET learn"' + + +############################################### +## write data to json +############################################### +def writeJson(data, filename): + try: + to_unicode = unicode + except NameError: + to_unicode = str + + # Write JSON file + with io.open(filename, 'w', encoding='utf8') as outfile: + str_ = json.dumps(data, indent=2, sort_keys=True, separators=(',', ': '), ensure_ascii=False) + outfile.write(to_unicode(str_)) + + +############################################### +# global parameters +############################################### +query = "*" +outputfilename = "queryOutput.json" + +import splparser + + +############################################### +# process command arguments +############################################### +try: + opts, args = getopt.getopt(sys.argv[1:], "hs:o:") +except getopt.GetoptError: + usage() + sys.exit(2) +for opt, arg in opts: + if opt == '-h': + usage() + sys.exit(0) + elif opt == '-o': + outfilename = arg + elif opt == '-s': + query = arg + else: + usage() + sys.exit(2) + +print "Search query = " + query + + +############################################### +# main processing +############################################### + +parsetree = splparser.parse(query) +parsetree_as_json = parsetree.jsonify() + + +############################################### +# dump the json to file +############################################### + +writeJson(parsetree_as_json, outfilename) From 1f724a51b939e44cd8aec03bd6a8017ce79a39a2 Mon Sep 17 00:00:00 2001 From: 590802 Date: Tue, 7 Nov 2017 09:19:59 -0500 Subject: [PATCH 2/2] Moved the write json code from utils to scripts. Did not notice that dir before. No need to add a new utils dir --- {utils => scripts}/splparserToJson.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {utils => scripts}/splparserToJson.py (100%) diff --git a/utils/splparserToJson.py b/scripts/splparserToJson.py similarity index 100% rename from utils/splparserToJson.py rename to scripts/splparserToJson.py