Is a query result a lit or or a dict?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is a query result a lit or or a dict?

L1 Bithead

Hey there, 

 

Running a query - 

current_unique_IDs = demisto.executeCommand("query", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL"})
 
when i execute - 
demisto.results(type(current_unique_IDs)
 
I get Tripper_0-1651598898339.png

 

But when i try list functions it says it is a dict. but when i try to do dict functions I get a non hashable error. 

 

I want to use the query object, preferable as a set, to filter a dataframe. So what python type is a query result?

 

Downloaded as a file. it is an odd | delimited file.

Tripper_0-1651599849700.png

This appears to be neither a dict or a list. Anyone have a link or gist on how to best deal with this data to get it in a list, or set?

 

Thanks for your time.

 
1 accepted solution

Accepted Solutions

L2 Linker

So the parameters for "query" aren't going to be listed under the documentation for "execute_command". "execute_command" is just a function to call a specific command within XSOAR. The command that you are calling is "query". You can see the parameters that are accepted for that command in the XSOAR GUI by first clicking the "!" next to the cli at the bottom of the page

tyler_bailey_1-1651606006980.png

 


And then you can search for the command you are running, then click run.

tyler_bailey_0-1651605975912.png

This will show you the available arguments for the command that is selected.

 

You can also view the command arguments by viewing the integration code on the settings page, but the Commands and Scripts view via the GUI CLI is "prettier".

 

In this case I believe you would want the "limit" argument, which defaults to 50. So the code would look like this:

current_unique_IDs = execute_command("query", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL", "limit":30000})

 

Also of note, the "query" command from the Generic SQL Integration is deprecated. Looks like it's recommended to use "sql-command" in place. It looks like the command arguments are the same so you should be able to just replace "query" with "sql-command".

current_unique_IDs = execute_command("sql-command", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL", "limit":30000})

 

View solution in original post

6 REPLIES 6

L2 Linker

The return of demisto.execute() is a list of dicts. You can use pformat() to view the structure of the return object.

from pprint import pformat
demisto.results(pformat(current_unique_IDs))

I like pformat() because it prints the output with clear spacing.

 

The results you are after are probably going to be in

current_unique_IDs[0]["Contents"]

 

I would also suggest taking a look at execute_command(), it does some additional error checking for you and extracts the contents from the returned data so you don't have to do `current_unique_IDs[0]["Contents"]`, it does it for you. It's a drop in replacement for demisto.executeCommand(), so it would look like

current_unique_IDs = execute_command("query", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL"})

 

Lastly, demisto.results() is deprecated. The recommendation now is to use return_results(). Which from your example above, would just be this

return_results(type(current_unique_IDs))

 

great response Tyler.  Appreciate you learning my up a bit.

Everything worked as expected. I will mark the response as resolved. But one more question.

 

I searched for documentation on execute_command("query" and 

 demisto.executeCommand("query looking specificaly for attribute for the query command, but couldn't find a reference for it. I am looking to set the size of the return set.
 
i tried 
execute_command("query", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL", "size"=30000})
 
but that failed
Tripper_0-1651605448824.png

 

Any chance you have a link that document the query execute_command or let me the attribute syntax for size?

 

L2 Linker

So the parameters for "query" aren't going to be listed under the documentation for "execute_command". "execute_command" is just a function to call a specific command within XSOAR. The command that you are calling is "query". You can see the parameters that are accepted for that command in the XSOAR GUI by first clicking the "!" next to the cli at the bottom of the page

tyler_bailey_1-1651606006980.png

 


And then you can search for the command you are running, then click run.

tyler_bailey_0-1651605975912.png

This will show you the available arguments for the command that is selected.

 

You can also view the command arguments by viewing the integration code on the settings page, but the Commands and Scripts view via the GUI CLI is "prettier".

 

In this case I believe you would want the "limit" argument, which defaults to 50. So the code would look like this:

current_unique_IDs = execute_command("query", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL", "limit":30000})

 

Also of note, the "query" command from the Generic SQL Integration is deprecated. Looks like it's recommended to use "sql-command" in place. It looks like the command arguments are the same so you should be able to just replace "query" with "sql-command".

current_unique_IDs = execute_command("sql-command", {"query":get_current_uniqueIDs_query_SQL, "using-brand":"Generic SQL", "limit":30000})

 

L5 Sessionator

Hi @Tripper, Just to add on to @tyler_bailey response. 

 

 

Downloaded as a file. it is an odd | delimited file. - This is a markdown file.

 

So you would need to output the response like this.

return_results({
    'Type': entryTypes['note'],
    'ContentsFormat': formats['markdown'],
    'Contents': current_unique_IDs, outputTable)
    })

 

You can also force the string like below.

demisto.results(str(current_unique_IDs))

 

 

that's pretty Clean. Appreciate that snippet!

appreciate the depth of the response!! 

  • 1 accepted solution
  • 3592 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!