Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Few fix splunk driver #688

Merged
merged 9 commits into from
Aug 8, 2023
Merged

Few fix splunk driver #688

merged 9 commits into from
Aug 8, 2023

Conversation

Tatsuya-hasegawa
Copy link
Contributor

@Tatsuya-hasegawa Tatsuya-hasegawa commented Jul 27, 2023
edited
Loading

I found an error in splunk driver of 2.6.0 and this PR is a fix for the error.

---------------------------------------------------------------------------
TypeError                                 Traceback (most recent call last)
/Users/hacket/Myprojects/programming_practice/JupiterLab/msticpy_practice/dfirsummit2023-msticpy_example.ipynb Cell 16 in ()
----> 1 implement_df = splunk_prov.SplunkGeneral.get_events_parameterized("debug",
      2     index="botsv2",
      3     source="WinEventLog:Microsoft-Windows-Sysmon/Operational",
      4     timeformat='"%Y-%m-%d %H:%M:%S"',
      5     start="2017-08-25 00:00:00",
      6     end="2017-08-25 10:00:00",
      7     add_query_items='',
      8     count=0
      9 )
     10 len(implement_df)

File ~/opt/anaconda3/envs/msticpy/lib/python3.9/site-packages/msticpy/data/core/data_providers.py:312, in QueryProvider._execute_query(self, *args, **kwargs)
    308 query_options.update(self._get_query_options(params, kwargs))
    309 logger.info(
    310     "Running query '%s...' with params: %s", query_str[:40], query_options
    311 )
--> 312 return self.exec_query(query_str, query_source=query_source, **query_options)

File ~/opt/anaconda3/envs/msticpy/lib/python3.9/site-packages/msticpy/data/core/data_providers.py:244, in QueryProvider.exec_query(self, query, **kwargs)
    242 logger.info("Executing query '%s...'", query[:40])
    243 if not self._additional_connections:
--> 244     return self._query_provider.query(
...
--> 258     resp_rows, reader = self._exec_async_search(query_job, page_size, **kwargs)
    260 if len(resp_rows) == 0 or not resp_rows:
    261     print("Warning - query did not return any results.")

TypeError: _exec_async_search() got an unexpected keyword argument 'default_time_params'

PoC screen shot: before this fix
image

PoC screen shot: after this fix
image

The code change is just to remove **kargs argument from _exec_async_search() since it doesn't be used in the function in fact.

Best regards,

@Tatsuya-hasegawa
Copy link
Contributor Author

added a commit to pass the timeout option to _exec_async_search().

pass timeout option to _exec_async_search()

@ianhelle ianhelle merged commit 08c89f4 into microsoft:main Aug 8, 2023
9 checks passed
@Tatsuya-hasegawa Tatsuya-hasegawa deleted the few_fix_splunk_driver branch August 8, 2023 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ianhelle ianhelle ianhelle approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Tatsuya-hasegawa @ianhelle