From 3573824b7e94968d23855dca8877f2aee2ebc78b Mon Sep 17 00:00:00 2001
From: Tony Cihak <tcihak@splunk.com>
Date: Wed, 31 Jan 2024 16:33:33 -0800
Subject: [PATCH 1/2] PAPP-32609 changed logic in run_query action in order to
 decrease memory usage

---
 splunk.json         | 5 ++++-
 splunk_connector.py | 9 +++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/splunk.json b/splunk.json
index f4f19ed..0718041 100644
--- a/splunk.json
+++ b/splunk.json
@@ -27,11 +27,14 @@
         },
         {
             "name": "Bartosz Debek"
+        },
+        {
+            "name": "Tony Cihak"
         }
     ],
     "type": "siem",
     "main_module": "splunk_connector.py",
-    "app_version": "2.16.0",
+    "app_version": "2.16.1",
     "utctime_updated": "2022-09-08T08:47:45.000000Z",
     "package_name": "phantom_splunk",
     "product_name": "Splunk Enterprise",
diff --git a/splunk_connector.py b/splunk_connector.py
index bd0bc0e..ef574f8 100644
--- a/splunk_connector.py
+++ b/splunk_connector.py
@@ -1321,15 +1321,12 @@ def _run_query(self, search_query, action_result, attach_result=False, kwargs_cr
                 error_text=self._get_error_message_from_exception(e))
             return action_result.set_status(phantom.APP_ERROR, error_text)
 
-        data = []
-
         for result in results:
 
             if not isinstance(result, dict):
                 continue
 
             action_result.add_data(result)
-            data.append(result)
 
             result_index += 1
 
@@ -1338,13 +1335,13 @@ def _run_query(self, search_query, action_result, attach_result=False, kwargs_cr
                 self.send_progress(status)
 
         if attach_result:
-            self.add_json_result(action_result, data)
+            self.add_json_result(action_result)
 
         summary[consts.SPLUNK_JSON_TOTAL_EVENTS] = result_index
         self.debug_print('Done run query')
         return action_result.set_status(phantom.APP_SUCCESS)
 
-    def add_json_result(self, action_result, data):
+    def add_json_result(self, action_result):
 
         fd, path = tempfile.mkstemp(dir=Vault.get_vault_tmp_dir(), text=True)
         vault_attach_dict = {}
@@ -1354,7 +1351,7 @@ def add_json_result(self, action_result, data):
 
         try:
             with open(path, 'w') as f:
-                json.dump(data, f)
+                json.dump(action_result.get_data(), f)
 
         except Exception as e:
             self._dump_error_log(e, "Error occurred while adding file to Vault.")

From 0de885c77703c73da234d515d695ed3119a690e2 Mon Sep 17 00:00:00 2001
From: splunk-soar-connectors-admin <admin@splunksoar>
Date: Thu, 1 Feb 2024 00:34:29 +0000
Subject: [PATCH 2/2] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f6f6e8b..3331491 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 # Splunk
 
 Publisher: Splunk  
-Connector Version: 2.16.0  
+Connector Version: 2.16.1  
 Product Vendor: Splunk Inc.  
 Product Name: Splunk Enterprise  
 Product Version Supported (regex): ".\*"