In script action alert type for my data, what should be the format of entering field names in my python script file for sumologic to recognize those field names?
-
Official comment
Looks as if this has gone a while without an answer. Apologies for the delay.
I'm not 100% sure I'm following the question but will take a stab. Sumo Logic doesn't need to understand what you write in Python, it's the other way around. When a script alert is executed by the collector it will pass a first parameter that is a JSON file path. In Python you can use sys.argv[1] to get that file name and start reading its contents. Code might look something like the following:
import sys, json
with open(sys.argv[1]) as json_file:
data = json.load(json_file)
results = data['queryResults']
for r in results:
# now varies based on your query, e.g. r['field_name_from_sumo_query']
Please sign in to leave a comment.
Comments
1 comment