- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-03-2022 10:30 AM - edited 05-03-2022 10:46 AM
Hey there,
Running a query -
But when i try list functions it says it is a dict. but when i try to do dict functions I get a non hashable error.
I want to use the query object, preferable as a set, to filter a dataframe. So what python type is a query result?
Downloaded as a file. it is an odd | delimited file.
This appears to be neither a dict or a list. Anyone have a link or gist on how to best deal with this data to get it in a list, or set?
Thanks for your time.
05-03-2022 12:34 PM
So the parameters for "query" aren't going to be listed under the documentation for "execute_command". "execute_command" is just a function to call a specific command within XSOAR. The command that you are calling is "query". You can see the parameters that are accepted for that command in the XSOAR GUI by first clicking the "!" next to the cli at the bottom of the page
And then you can search for the command you are running, then click run.
This will show you the available arguments for the command that is selected.
You can also view the command arguments by viewing the integration code on the settings page, but the Commands and Scripts view via the GUI CLI is "prettier".
In this case I believe you would want the "limit" argument, which defaults to 50. So the code would look like this:
current_unique_IDs = execute_command("query", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL", "limit":30000})
Also of note, the "query" command from the Generic SQL Integration is deprecated. Looks like it's recommended to use "sql-command" in place. It looks like the command arguments are the same so you should be able to just replace "query" with "sql-command".
current_unique_IDs = execute_command("sql-command", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL", "limit":30000})
05-03-2022 11:03 AM
The return of demisto.execute() is a list of dicts. You can use pformat() to view the structure of the return object.
from pprint import pformat
demisto.results(pformat(current_unique_IDs))
I like pformat() because it prints the output with clear spacing.
The results you are after are probably going to be in
current_unique_IDs[0]["Contents"]
I would also suggest taking a look at execute_command(), it does some additional error checking for you and extracts the contents from the returned data so you don't have to do `current_unique_IDs[0]["Contents"]`, it does it for you. It's a drop in replacement for demisto.executeCommand(), so it would look like
current_unique_IDs = execute_command("query", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL"})
Lastly, demisto.results() is deprecated. The recommendation now is to use return_results(). Which from your example above, would just be this
return_results(type(current_unique_IDs))
05-03-2022 11:24 AM - edited 05-03-2022 12:18 PM
great response Tyler. Appreciate you learning my up a bit.
Everything worked as expected. I will mark the response as resolved. But one more question.
I searched for documentation on execute_command("query" and
Any chance you have a link that document the query execute_command or let me the attribute syntax for size?
05-03-2022 12:34 PM
So the parameters for "query" aren't going to be listed under the documentation for "execute_command". "execute_command" is just a function to call a specific command within XSOAR. The command that you are calling is "query". You can see the parameters that are accepted for that command in the XSOAR GUI by first clicking the "!" next to the cli at the bottom of the page
And then you can search for the command you are running, then click run.
This will show you the available arguments for the command that is selected.
You can also view the command arguments by viewing the integration code on the settings page, but the Commands and Scripts view via the GUI CLI is "prettier".
In this case I believe you would want the "limit" argument, which defaults to 50. So the code would look like this:
current_unique_IDs = execute_command("query", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL", "limit":30000})
Also of note, the "query" command from the Generic SQL Integration is deprecated. Looks like it's recommended to use "sql-command" in place. It looks like the command arguments are the same so you should be able to just replace "query" with "sql-command".
current_unique_IDs = execute_command("sql-command", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL", "limit":30000})
05-03-2022 05:41 PM
Hi @Tripper, Just to add on to @tyler_bailey response.
Downloaded as a file. it is an odd | delimited file. - This is a markdown file.
So you would need to output the response like this.
return_results({
'Type': entryTypes['note'],
'ContentsFormat': formats['markdown'],
'Contents': current_unique_IDs, outputTable)
})
You can also force the string like below.
demisto.results(str(current_unique_IDs))
05-04-2022 08:09 AM
that's pretty Clean. Appreciate that snippet!
05-04-2022 08:10 AM
appreciate the depth of the response!!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!