Ignoring index_stats flag

splunk / splunk-add-on-microsoft-azure

Splunk Add-on for Microsoft Azure

Apache License 2.0

11 stars 9 forks source link

Ignoring index_stats flag #25

Closed EricMooreHays closed 3 weeks ago

EricMooreHays commented 1 year ago

I find that the app ignores the directive index_stats=0

the app sets the flag to 0 or 1, and at line 120 in azure_kql.py if tests this as

if (index_stats):
    headers = {
       "Prefer": "include-statistics=true"
     }

this fires regardless of the status of the directive.

the following is crude but works:

                if index_stats=="1" or index_stats.upper()=="TRUE": 
                    headers = {
                        "Prefer": "include-statistics=true"
                    }

JasonConger commented 3 weeks ago

KQL inputs have moved to the Splunk Add-on for Microsoft Cloud Services