Skip to content

chore: ADDON-80802 PSA implementation with uuid flag #906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

chore: ADDON-80802 PSA implementation with uuid flag #906

wants to merge 2 commits into from

Conversation

spanchal-crest
Copy link
Collaborator

Currently, PSA uses the raw event in the search query for the “test_requirements_fields” test. So, in order to run the test for SPL2 transformed events, the logs repo samples needs to be updated with the SPL2 transformed logs. To avoid updating the logs repo samples, we can update the search query in PSA to use a unique uuid instead of using the raw event by using the uuid flag.

JIRA: https://splunk.atlassian.net/browse/ADDON-80802

@spanchal-crest spanchal-crest marked this pull request as ready for review June 24, 2025 11:53
@spanchal-crest spanchal-crest requested a review from a team as a code owner June 24, 2025 11:53
@spanchal-crest spanchal-crest force-pushed the spanchal/ADDON-80802-psa-implementation-using-uuid branch from 91f22e9 to baf6cf0 Compare June 25, 2025 04:41
mgazda-splunk
mgazda-splunk approved these changes Jun 25, 2025
View reviewed changes
Copy link

@mgazda-splunk mgazda-splunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am OK with that. But not having full picture so owning team should verify.

pytest_splunk_addon/event_ingestors/hec_event_ingestor.py
@@ -115,20 +118,21 @@ def ingest(self, events, thread_count):

def __ingest(self, data):
try:
batch_data = "\n".join(json.dumps(obj) for obj in data)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to batch here?

pytest_splunk_addon/splunk.py
dest="ingest_with_uuid",
default="False",
help=(
"Type of ingesting and searching the events into Splunk "
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure about this description. Maybe sth like" Use generated UUID for ingesting and searching events. Setting this parameter to True will lead to matching events in search by the ID and not by escaped _raw. Default is False.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mgazda-splunk mgazda-splunk mgazda-splunk approved these changes

@spancholi-crest spancholi-crest Awaiting requested review from spancholi-crest

@asaste-splunk asaste-splunk Awaiting requested review from asaste-splunk

@lplonka-splunk lplonka-splunk Awaiting requested review from lplonka-splunk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spanchal-crest @mgazda-splunk