Skip to content

Commit 1e6b5d7

Browse files
thomaspatzkethomaspatzke
authored
Merge pull request #54 from WizardlyCat/main
Datamodel improvement
2 parents 15218df + 2293cee commit 1e6b5d7

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

sigma/backends/splunk/splunk.py

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -408,13 +408,19 @@ def finalize_query_data_model(
408408
"No data model specified by processing pipeline"
409409
)
410410

411-
try:
412-
data_set = data_model_set.split(".")[1]
413-
except IndexError:
411+
if not data_model_set:
414412
raise SigmaFeatureNotSupportedByBackendError(
415413
"No data set specified by processing pipeline"
416414
)
417415

416+
if "." in data_model_set:
417+
parts = data_model_set.split(".")
418+
if len(parts) != 2 or not all(parts):
419+
raise SigmaFeatureNotSupportedByBackendError(
420+
"Expected format 'data_model.data_set', but got: {}".format(data_model_set)
421+
)
422+
data_set = parts[1]
423+
418424
try:
419425
fields = " ".join(state.processing_state["fields"])
420426
except KeyError:

0 commit comments

Comments
 (0)