From c0c7cdad8c18e09008ec7d4327fd20fc7aa4a763 Mon Sep 17 00:00:00 2001
From: manwefm <florian.martin@ipfyx.fr>
Date: Fri, 13 Nov 2020 12:03:45 +0100
Subject: [PATCH] FIX issue #896 TypeError in Splunk Analyzer

---
 analyzers/Splunk/splunk.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/analyzers/Splunk/splunk.py b/analyzers/Splunk/splunk.py
index b0f02fc9f..1a47be073 100755
--- a/analyzers/Splunk/splunk.py
+++ b/analyzers/Splunk/splunk.py
@@ -1,6 +1,7 @@
 #!/usr/bin/env python3
 # encoding: utf-8
 
+
 import splunklib.client as client
 from time import sleep
 from cortexutils.analyzer import Analyzer
@@ -138,7 +139,7 @@ def SplunkSearch(self, **kwargs_savedsearch):
 
               
               if jobResult["resultCount"] > self.MAX_COUNT:
-                  jobResult["note"] = "Only the first "+str(self.MAX_COUNT)+" results were recovered over "+jobResult["resultCount"]+" to avoid any trouble on TheHive/Cortex. This parameter (max_count) can be changed in the analyzer configuration."
+                  jobResult["note"] = "Only the first {} results were recovered over {} to avoid any trouble on TheHive/Cortex. This parameter (max_count) can be changed in the analyzer configuration.".format(self.MAX_COUNT, jobResult["resultCount"])
 
               jobResult["search"] = job_infos["search"]
               jobResult["savedsearch"] = saved_search