Merge branch 'maintenance' into develop

certtools · May 25, 2021 · 0750a3d · 0750a3d
2 parents 0b61842 + 03d9caa
commit 0750a3d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -140,6 +140,8 @@ Update allowed classification fields to 2020-01-28 version (#1409, #1476). Old n
   - Add support for the new feeds *Honeypot-Amplification-DDoS-Events*, *Honeypot-Brute-Force-Events*, *Honeypot-Darknet*, *IP-Spoofer-Events*, *Sinkhole-Events*, *Sinkhole-HTTP-Events* (PR#1950, PR#1952, PR#1953 and PR#1954 by Birger Schacht and Sebastian Wagner).
 
 #### Experts
+- `intelmq.bots.experts.splunk_saved_search.expert`:
+  - fixed erroneous string formatting (PR#1960 by Karl-Johan Karlsson).
 
 #### Outputs
 - `intelmq.bots.outputs.smtp.output`:

diff --git a/intelmq/bots/experts/splunk_saved_search/expert.py b/intelmq/bots/experts/splunk_saved_search/expert.py
@@ -133,7 +133,7 @@ def process(self):
 
         query = '|savedsearch "{saved_search}"'.format(saved_search=self.saved_search)
         for field, parameter in self.search_parameters.items():
-            query += ' "{parameter}"="{event[field]}"'.format(parameter=parameter, event=event)
+            query += ' "{parameter}"="{field}"'.format(parameter=parameter, field=event[field])
         if "limit" in self.multiple_result_handling:
             query += " | head 1"