target · DavidJBianco · Jun 9, 2020 · Jun 9, 2020 · Jun 9, 2020
diff --git a/huntlib/splunk.py b/huntlib/splunk.py
@@ -85,7 +85,7 @@ def search(self, spl, mode="normal", search_args=None, verbose=False,
                  by the search process will be printed to stdout.  The default is False
                  (suppress these messages).
         limit: An integer describing the max number of search results to return.
-                fields: A comma-separated string listing all of the fields to be returned in
+        fields: A comma-separated string listing all of the fields to be returned in
                 the results. If not 'None', this is appended to the end of the 'spl'
                 query, like so: "| fields field1,field2,field3".  The default is '*',
                 meaning all fields.

diff --git a/tox.ini b/tox.ini
@@ -32,7 +32,7 @@ commands_pre =
     bash -c 'docker run -it --name create_elastic_certs -e CERTS_DIR=/usr/share/elasticsearch/config/certificates -v `pwd`/support/certs:/certs -v `pwd`/support/certificates:/usr/share/elasticsearch/config/certificates docker.elastic.co/elasticsearch/elasticsearch:7.6.2 bash -c "yum install -y -q -e 0 unzip; ls -la /certs ; ls -la /usr/share/elasticsearch/config/certificates ;if [[ ! -f /certs/bundle.zip ]]; then bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/bundle.zip; unzip /certs/bundle.zip -d /certs; fi; chown -R 1000:0 /certs"'
 
     echo "****** Starting Splunk Enterprise via Docker ******"
-    bash -c 'docker run -it -d --name splunk_test -e 'SPLUNK_START_ARGS=--accept-license' -e 'SPLUNK_LICENSE_URI=/tmp/splunk.lic' -e 'SPLUNK_PASSWORD=testpass' -p 8000:8000 -p 8089:8089 -v `pwd`/support/Splunk.License:/tmp/splunk.lic -v `pwd`/support/test-data.json:/tmp/test-data.json splunk/splunk:latest'
+    bash -c 'docker run -it -d --name splunk_test -e SPLUNK_START_ARGS=--accept-license -e SPLUNK_LICENSE_URI=/tmp/splunk.lic -e SPLUNK_PASSWORD=testpass -p 8000:8000 -p 8089:8089 -v `pwd`/support/Splunk.License:/tmp/splunk.lic -v `pwd`/support/test-data.json:/tmp/test-data.json splunk/splunk:latest'
     echo "****** Starting Elastic via Docker ******"
     bash -c 'docker run -d -it --name elastic_test -e node.name=es01 -e cluster.initial_master_nodes=es01 -e xpack.license.self_generated.type=trial -e xpack.security.enabled=true -e xpack.security.http.ssl.enabled=true -e xpack.security.http.ssl.key=/usr/share/elasticsearch/config/certificates/elastic_test/elastic_test.key -e xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt -e xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/certificates/elastic_test/elastic_test.crt -v `pwd`/support/certs:/usr/share/elasticsearch/config/certificates -p 9200:9200 docker.elastic.co/elasticsearch/elasticsearch:7.6.2'
     echo "****** Sleeping to allow containers to start ******"