Merge pull request #43 from splunk-soar-connectors/tcihak-PAPP-32609

PAPP-32609 changed logic in run_query action in order to decrease mem…
splunk-soar-connectors · Feb 6, 2024 · e0c0d99 · e0c0d99
2 parents 3bb4b3c + 0de885c
commit e0c0d99
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 # Splunk
 
 Publisher: Splunk  
-Connector Version: 2.16.0  
+Connector Version: 2.16.1  
 Product Vendor: Splunk Inc.  
 Product Name: Splunk Enterprise  
 Product Version Supported (regex): ".\*"  

diff --git a/splunk.json b/splunk.json
@@ -27,11 +27,14 @@
         },
         {
             "name": "Bartosz Debek"
+        },
+        {
+            "name": "Tony Cihak"
         }
     ],
     "type": "siem",
     "main_module": "splunk_connector.py",
-    "app_version": "2.16.0",
+    "app_version": "2.16.1",
     "utctime_updated": "2022-09-08T08:47:45.000000Z",
     "package_name": "phantom_splunk",
     "product_name": "Splunk Enterprise",

diff --git a/splunk_connector.py b/splunk_connector.py
@@ -1321,15 +1321,12 @@ def _run_query(self, search_query, action_result, attach_result=False, kwargs_cr
                 error_text=self._get_error_message_from_exception(e))
             return action_result.set_status(phantom.APP_ERROR, error_text)
 
-        data = []
-
         for result in results:
 
             if not isinstance(result, dict):
                 continue
 
             action_result.add_data(result)
-            data.append(result)
 
             result_index += 1
 
@@ -1338,13 +1335,13 @@ def _run_query(self, search_query, action_result, attach_result=False, kwargs_cr
                 self.send_progress(status)
 
         if attach_result:
-            self.add_json_result(action_result, data)
+            self.add_json_result(action_result)
 
         summary[consts.SPLUNK_JSON_TOTAL_EVENTS] = result_index
         self.debug_print('Done run query')
         return action_result.set_status(phantom.APP_SUCCESS)
 
-    def add_json_result(self, action_result, data):
+    def add_json_result(self, action_result):
 
         fd, path = tempfile.mkstemp(dir=Vault.get_vault_tmp_dir(), text=True)
         vault_attach_dict = {}
@@ -1354,7 +1351,7 @@ def add_json_result(self, action_result, data):
 
         try:
             with open(path, 'w') as f:
-                json.dump(data, f)
+                json.dump(action_result.get_data(), f)
 
         except Exception as e:
             self._dump_error_log(e, "Error occurred while adding file to Vault.")