Skip to content

chore: ADDON-80802 PSA implementation with uuid flag #906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

chore: ADDON-80802 PSA implementation with uuid flag #906

wants to merge 4 commits into from

Conversation

spanchal-crest
Copy link
Collaborator

Currently, PSA uses the raw event in the search query for the “test_requirements_fields” test. So, in order to run the test for SPL2 transformed events, the logs repo samples needs to be updated with the SPL2 transformed logs. To avoid updating the logs repo samples, we can update the search query in PSA to use a unique uuid instead of using the raw event by using the uuid flag.

JIRA: https://splunk.atlassian.net/browse/ADDON-80802

@spanchal-crest spanchal-crest marked this pull request as ready for review June 24, 2025 11:53
@spanchal-crest spanchal-crest requested a review from a team as a code owner June 24, 2025 11:53
@spanchal-crest spanchal-crest force-pushed the spanchal/ADDON-80802-psa-implementation-using-uuid branch from 91f22e9 to baf6cf0 Compare June 25, 2025 04:41
mgazda-splunk
mgazda-splunk previously approved these changes Jun 25, 2025
View reviewed changes
Copy link

@mgazda-splunk mgazda-splunk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am OK with that. But not having full picture so owning team should verify.

pytest_splunk_addon/event_ingestors/hec_event_ingestor.py
@@ -115,20 +118,21 @@ def ingest(self, events, thread_count):

def __ingest(self, data):
try:
batch_data = "\n".join(json.dumps(obj) for obj in data)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to batch here?

Copy link
Collaborator Author

@spanchal-crest spanchal-crest Jun 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Michal, this change was done by you for sending the events to EP and merged to develop but it is not yet merged to main. My MR is against main and I wanted this code change to test the KO with SPL2 in workflow. So added this code in my MR.

Your MR: https://github.com/splunk/pytest-splunk-addon/pull/904/files

dvarasani-crest
dvarasani-crest reviewed Jun 30, 2025
View reviewed changes
dvarasani-crest
dvarasani-crest reviewed Jun 30, 2025
View reviewed changes
@spanchal-crest spanchal-crest force-pushed the spanchal/ADDON-80802-psa-implementation-using-uuid branch from 95b9198 to 3ef7f06 Compare July 8, 2025 06:26
@spanchal-crest spanchal-crest force-pushed the spanchal/ADDON-80802-psa-implementation-using-uuid branch from 3ef7f06 to 739878c Compare July 8, 2025 06:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spancholi-crest spancholi-crest Awaiting requested review from spancholi-crest

@asaste-splunk asaste-splunk Awaiting requested review from asaste-splunk

@lplonka-splunk lplonka-splunk Awaiting requested review from lplonka-splunk

@dvarasani-crest dvarasani-crest Awaiting requested review from dvarasani-crest

@mgazda-splunk mgazda-splunk Awaiting requested review from mgazda-splunk

@harshilgajera-crest harshilgajera-crest Awaiting requested review from harshilgajera-crest

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@spanchal-crest @dvarasani-crest @mgazda-splunk