search

eurica / splunk_app_pagerduty

PagerDuty Alert - Trigger PagerDuty Incidents from Splunk Alerts.
http://splunk-base.splunk.com/apps/55908/splunk-app-for-pagerduty
Other
8 stars 7 forks source link

pagerduty.py script fails when saved search results do not contain "_raw" field #4

Closed mrabbitt closed 11 years ago

mrabbitt commented 11 years ago

Using version 1.1.0 of the app, I could not get the script failed to create incidents when triggered by a search whose results did not contain the _raw field; e.g. a search that pipes results through the top or stats Splunk commands. I modified the script to log exceptions thrown by main() to a separate log file, and got this:

Traceback (most recent call last):
  File "/mnt/splunk-datastore/splunkhome/bin/scripts/pagerduty.py", line 163, in <module>
    main()
  File "/mnt/splunk-datastore/splunkhome/bin/scripts/pagerduty.py", line 155, in main
    description = os.environ.get('SPLUNK_ARG_5', details['events'][0]['_raw'])
KeyError: '_raw'

Wether or not the SPLUNK_ARG_5 environment variable is defined, the expression details['events'][0]['_raw'] is evaluated.

ampledata commented 11 years ago

Thanks for the Issue and PR Michael, I'm going to test, merge and release this ASAP.

Also, in the future if it's not too much in the hassle, I try to stick to the Google Python Style Guide: http://google-styleguide.googlecode.com/svn/trunk/pyguide.html