diff --git a/README.md b/README.md index f6f6e8b..3331491 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # Splunk Publisher: Splunk -Connector Version: 2.16.0 +Connector Version: 2.16.1 Product Vendor: Splunk Inc. Product Name: Splunk Enterprise Product Version Supported (regex): ".\*" diff --git a/splunk.json b/splunk.json index f4f19ed..0718041 100644 --- a/splunk.json +++ b/splunk.json @@ -27,11 +27,14 @@ }, { "name": "Bartosz Debek" + }, + { + "name": "Tony Cihak" } ], "type": "siem", "main_module": "splunk_connector.py", - "app_version": "2.16.0", + "app_version": "2.16.1", "utctime_updated": "2022-09-08T08:47:45.000000Z", "package_name": "phantom_splunk", "product_name": "Splunk Enterprise", diff --git a/splunk_connector.py b/splunk_connector.py index bd0bc0e..ef574f8 100644 --- a/splunk_connector.py +++ b/splunk_connector.py @@ -1321,15 +1321,12 @@ def _run_query(self, search_query, action_result, attach_result=False, kwargs_cr error_text=self._get_error_message_from_exception(e)) return action_result.set_status(phantom.APP_ERROR, error_text) - data = [] - for result in results: if not isinstance(result, dict): continue action_result.add_data(result) - data.append(result) result_index += 1 @@ -1338,13 +1335,13 @@ def _run_query(self, search_query, action_result, attach_result=False, kwargs_cr self.send_progress(status) if attach_result: - self.add_json_result(action_result, data) + self.add_json_result(action_result) summary[consts.SPLUNK_JSON_TOTAL_EVENTS] = result_index self.debug_print('Done run query') return action_result.set_status(phantom.APP_SUCCESS) - def add_json_result(self, action_result, data): + def add_json_result(self, action_result): fd, path = tempfile.mkstemp(dir=Vault.get_vault_tmp_dir(), text=True) vault_attach_dict = {} @@ -1354,7 +1351,7 @@ def add_json_result(self, action_result, data): try: with open(path, 'w') as f: - json.dump(data, f) + json.dump(action_result.get_data(), f) except Exception as e: self._dump_error_log(e, "Error occurred while adding file to Vault.")