new custom functions

splunk · kbouchardherjavecgroup · Sep 23, 2025 · Sep 23, 2025 · Oct 9, 2025 · Oct 9, 2025
commit 09756285810d14507f266c08d67e9cc8b8ed2382
@@ -0,0 +1,25 @@
+{
+    "create_time": "2025-06-27T16:58:50.260630+00:00",
+    "custom_function_id": "2ef5fc852a4c91328480c3d373481fbe91cfcc39",
+    "description": "Sanitize the provided string to remove carriage return/line feed characters (LF, \\n).",
+    "draft_mode": false,
+    "inputs": [
+        {
+            "contains_type": [],
+            "description": "The string to replace LF characters from.",
+            "input_type": "item",
+            "name": "input_string",
+            "placeholder": "string to sanitize"
+        }
+    ],
+    "outputs": [
+        {
+            "contains_type": [],
+            "data_path": "sanitized_string",
+            "description": "The sanitized string."
+        }
+    ],
+    "outputs_type": "item",
+    "platform_version": "6.4.1.342",
+    "python_version": "3.9"
+}
@@ -0,0 +1,28 @@
+def string_remove_crlf(input_string=None, **kwargs):
+    """
+    Sanitize the provided string to remove carriage return/line feed characters (LF, \n).
+
+    Args:
+        input_string: The string to replace LF characters from.
+
+    Returns a JSON-serializable object that implements the configured data paths:
+        sanitized_string: The sanitized string.
+    """
+    ############################ Custom Code Goes Below This Line #################################
+    import json
+    import phantom.rules as phantom
+
+    outputs = {}
+
+    try:
+        sanitized_string = input_string.replace('\n', '')
+    except AttributeError:
+        raise ValueError('input_string must be a string or unicode')
+
+    outputs = {"sanitized_string": sanitized_string.strip()}
+
+    # Return a JSON-serializable object
+    assert json.dumps(outputs)  # Will raise an exception if the :outputs: object is not JSON-serializable
+    return outputs
+
+
@@ -0,0 +1,25 @@
+{
+    "create_time": "2025-07-30T18:18:16.991915+00:00",
+    "custom_function_id": "0db183c85d111765993faa406edbf00873fda5b5",
+    "description": "Decodes a URI-encoded string to a plain text string.",
+    "draft_mode": false,
+    "inputs": [
+        {
+            "contains_type": [],
+            "description": "The URI encoded string to decode",
+            "input_type": "item",
+            "name": "input_string",
+            "placeholder": "The URI encoded string to decode"
+        }
+    ],
+    "outputs": [
+        {
+            "contains_type": [],
+            "data_path": "decoded_string",
+            "description": "The decoded, plain text string"
+        }
+    ],
+    "outputs_type": "item",
+    "platform_version": "6.4.1.356",
+    "python_version": "3.9"
+}
@@ -0,0 +1,27 @@
+def string_uri_decode(input_string=None, **kwargs):
+    """
+    Decodes a URI-encoded string to a plain text string.
+
+    Args:
+        input_string: The URI encoded string to decode
+
+    Returns a JSON-serializable object that implements the configured data paths:
+        decoded_string: The decoded, plain text string
+    """
+    ############################ Custom Code Goes Below This Line #################################
+    import json
+    import urllib.parse
+    import phantom.rules as phantom
+
+    outputs = {}
+
+    try:
+        decoded_string = urllib.parse.unquote(input_string)
+    except TypeError:
+        raise ValueError('input_string must be a string or bytes')
+
+    outputs = {"decoded_string": decoded_string}
+
+    # Return a JSON-serializable object
+    assert json.dumps(outputs)  # Will raise an exception if the :outputs: object is not JSON-serializable
+    return outputs