class ClusterMasterPeer(SplunkAppObjModel):
'''
Represents a master's cluster peer state
'''
resource = 'cluster/master/peers'
active_bundle_id = Field(is_mutable=False)
apply_bundle_status = DictField(is_mutable=False)
base_generation_id = IntField(is_mutable=False)
bucket_count = IntField(is_mutable=False)
bucket_count_by_index = DictField(is_mutable=False)
delayed_buckets_to_discard = ListField(is_mutable=False)
fixup_set = ListField(is_mutable=False)
host_port_pair = Field(is_mutable=False)
is_searchable = BoolField(is_mutable=False)
label = Field(is_mutable=False)
last_heartbeat = EpochField(is_mutable=False)
latest_bundle_id = Field(is_mutable=False)
pending_job_count = IntField(is_mutable=False)
primary_count = IntField(is_mutable=False)
primary_count_remote = IntField(is_mutable=False)
replication_count = IntField(is_mutable=False)
replication_port = IntField(is_mutable=False)
replication_use_ssl = BoolField(is_mutable=False)
search_state_counter = DictField(is_mutable=False)
site = Field(is_mutable=False)
status = Field(is_mutable=False)
status_counter = DictField(is_mutable=False)
class License(SplunkAppObjModel):
'''
Represents a single license object
'''
resource = 'licenser/licenses'
creation_time = EpochField()
expiration_time = EpochField()
features = ListField()
hash = Field(api_name='license_hash')
label = Field()
max_violations = IntField()
payload = Field()
quota_bytes = FloatField(api_name='quota')
sourcetypes = ListField()
stack_name = Field(api_name='stack_id')
status = Field()
type = Field()
window_period = IntField()
class SelfConfig(SplunkAppObjModel):
'''
Represents a Splunk license tracker (master) server
'''
resource = 'licenser/localslave'
resource_default = 'licenser/localslave/license'
connection_timeout = IntField(is_mutable=False)
features = DictField(is_mutable=False)
last_master_contact_attempt_time = EpochField(is_mutable=False)
last_master_contact_success_time = EpochField(is_mutable=False)
last_trackerdb_service_time = EpochField(is_mutable=False)
license_keys = ListField(is_mutable=False)
master_guid = Field(is_mutable=False)
master_uri = Field()
receive_timeout = IntField(is_mutable=False)
send_timeout = IntField(is_mutable=False)
slave_name = Field(api_name='slave_id', is_mutable=False)
slave_label = Field(is_mutable=False)
squash_threshold = IntField(is_mutable=False)
class Message(SplunkAppObjModel):
'''
Represnts a licenser message
'''
resource = 'licenser/messages'
category = Field(is_mutable=False)
create_time = EpochField()
description = Field()
pool_name = Field(api_name='pool_id')
severity = Field(default_value='ERROR')
slave_name = Field(api_name='slave_id')
stack_name = Field(api_name='stack_id')
class Summarization(SplunkAppObjModel):
'''
Represents an auto-summarization for a saved search
'''
resource = 'admin/summarization'
saved_searches = DictField('saved_searches', is_mutable=False)
saved_searches_count = Field('saved_searches.count')
buckets = Field('summary.buckets', is_mutable=False)
complete = Field('summary.complete', is_mutable=False)
hash = Field('summary.hash', is_mutable=False)
regularHash = Field('summary.regularHash', is_mutable=False)
normHash = Field('summary.normHash', is_mutable=False)
unique_id = Field('summary.id', is_mutable=False)
regular_id = Field('summary.regular_id', is_mutable=False)
normalized_id = Field('summary.normalized_id', is_mutable=False)
chunks = Field('summary.chunks', is_mutable=False)
earliest_time = Field('summary.earliest_time', is_mutable=False)
latest_time = Field('summary.latest_time', is_mutable=False)
time_range = Field('summary.time_range', is_mutable=False)
load_factor = Field('summary.load_factor', is_mutable=False)
total_time = Field('summary.total_time', is_mutable=False)
run_stats = ListField('summary.run_stats', is_mutable=False)
last_error = ListField('summary.last_error', is_mutable=False)
mod_time = Field('summary.mod_time', is_mutable=False)
access_time = Field('summary.access_time', is_mutable=False)
access_count = Field('summary.access_count', is_mutable=False)
size = Field('summary.size', is_mutable=False)
timespan = Field('summary.timespan', is_mutable=False)
is_inprogress = BoolField('summary.is_inprogress', is_mutable=False)
is_suspended = BoolField('summary.is_suspended', is_mutable=False)
suspend_expiration = EpochField('summary.suspend_expiration',
is_mutable=False)
verification_buckets_failed = Field('verification_buckets_failed',
is_mutable=False)
verification_buckets_skipped = Field('verification_buckets_skipped',
is_mutable=False)
verification_buckets_passed = Field('verification_buckets_passed',
is_mutable=False)
verification_state = Field('verification_state', is_mutable=False)
verification_time = Field('verification_time', is_mutable=False)
verification_error = Field('verification_error', is_mutable=False)
verification_progress = Field('verification_progress', is_mutable=False)
class FiredAlert(SplunkAppObjModel):
'''
Represents a Splunk fired/triggered alert
'''
resource = 'alerts/fired_alerts/-'
actions = ListField()
alert_type = Field()
savedsearch_name = Field()
sid = Field()
severity = IntField()
trigger_time = EpochField()
# these are rendered time string in the current user's timezone
trigger_time_rendered = Field()
expiration_time_rendered = Field()
digest_mode = BoolField()
triggered_alerts = IntField()
def get_savedsearch(self):
from splunk.models.saved_search import SavedSearch
return SavedSearch.get(self.entity.getLink('savedsearch'))
def get_job(self):
job_id = self.entity.getLink('job')
#TODO: return a search job object
return None
@classmethod
def get_alerts(cls, alerts_id):
'''
Returns a SplunkQuerySet that can be used to access the alerts fired by the given id.
The SplunkQuerySet can be modified to include a search, custom ordering etc..
example alerts_id:
absolute: https://localhost:8089/servicesNS/nobody/search/aalerts/fired_alerts/AlertTest1
relative: /servicesNS/nobody/search/alerts/fired_alerts/AlertTest1
'''
k = SplunkQuerySet(FiredAlert.manager(), 30)
k._uri = alerts_id
return k
class Index(SplunkAppObjModel):
'''
Represents an Splunk index
'''
resource = 'data/indexes'
assureUTF8 = BoolField()
blockSignatureDatabase = Field()
blockSignSize = IntField()
bucketRebuildMemoryHint = Field()
coldPath = Field()
coldPath_expanded = Field()
coldToFrozenDir = Field()
coldToFrozenScript = Field()
compressRawdata = BoolField()
currentDBSizeMB = IntField()
defaultDatabase = Field()
disabled = BoolField()
enableOnlineBucketRepair = BoolField()
enableRealtimeSearch = BoolField()
frozenTimePeriodInSecs = IntField()
homePath = Field()
homePath_expanded = Field()
indexThreads = Field()
isInternal = BoolField()
isReady = BoolField()
isVirtual = BoolField()
lastInitSequenceNumber = IntField()
lastInitTime = EpochField()
maxBloomBackfillBucketAge = Field()
maxBucketSizeCacheEntries = IntField()
maxConcurrentOptimizes = IntField()
maxDataSize = Field()
maxHotBuckets = IntField()
maxHotIdleSecs = IntField()
maxHotSpanSecs = IntField()
maxMemMB = IntField()
maxMetaEntries = IntField()
maxRunningProcessGroups = IntField()
maxRunningProcessGroupsLowPriority = IntField()
maxTime = Field()
maxTimeUnreplicatedNoAcks = IntField()
maxTimeUnreplicatedWithAcks = IntField()
maxTotalDataSizeMB = IntField()
maxWarmDBCount = IntField()
memPoolMB = Field()
minRawFileSyncSecs = Field()
minStreamGroupQueueSize = IntField()
minTime = Field()
partialServiceMetaPeriod = IntField()
processTrackerServiceInterval = IntField()
quarantineFutureSecs = IntField()
quarantinePastSecs = IntField()
rawChunkSizeBytes = IntByteField()
repFactor = IntField()
rotatePeriodInSecs = IntField()
serviceMetaPeriod = IntField()
serviceOnlyAsNeeded = BoolField()
serviceSubtaskTimingPeriod = IntField()
suppressBannerList = BoolField()
sync = BoolField()
syncMeta = BoolField()
thawedPath = Field()
thawedPath_expanded = Field()
throttleCheckPeriod = IntField()
totalEventCount = IntField()
class HDFSExport(SavedSearch):
resource = 'hdfs_export'
search = Field()
uri = Field()
base_path = Field()
starttime = IntField()
next_scheduled_time = Field()
cron_schedule = Field()
parallel_searches = Field()
partition_fields = Field()
status = Field()
compress_level = Field()
firstevent = EpochField('status.earliest')
lastevent = EpochField('status.latest')
jobexporterrors = Field('status.jobs.errors')
jobprogess = FloatField('status.jobs.progress')
jobruntime = FloatField('status.jobs.runtime')
jobstart = EpochField('status.jobs.starttime')
jobend = EpochField('status.jobs.endtime')
jobearliest = EpochField('status.jobs.earliest')
load = Field('status.load')
export_sids = Field('status.jobs.sids') # comma delimited list
scheduled_sid = Field('status.jobs.psid')
maxspan = Field()
minspan = Field()
roll_size = Field()
format = Field()
fields = Field()
def get_export_factor(self):
if self.load == None or len(self.load) == 0:
return 0
loads = self.load.split(',')
return float(loads[0])
def get_percent_complete(self):
'''
returns the percentage of index times attempted to be exported
compared to today.
'''
try:
indexTimeSpan = time.mktime(
self.lastevent.timetuple()) - time.mktime(
self.firstevent.timetuple())
exportedIndexTimeSpan = time.time() - time.mktime(
self.firstevent.timetuple())
return indexTimeSpan / exportedIndexTimeSpan
except:
return 0
def getErrors(self):
if self.jobexporterrors == None or len(self.jobexporterrors) == 0:
return []
err = self.jobexporterrors.split(',')
return err
def isPaused(self):
return not self.schedule.is_scheduled
def execute_action(self, action_name):
if not self.action_links:
return False
url = None
url_base = None
for item in self.action_links:
if action_name == item[0]:
url = item[1]
break
elif item[0] == 'list':
url_base = item[1]
# ghetto way to build the action url when not provided by endpoint
if url == None and url_base != None:
url = url_base + '/' + action_name
if url == None:
return False
response, content = rest.simpleRequest(url, method='POST')
return response.status == 200
def pause(self):
return self.execute_action('pause')
def resume(self):
return self.execute_action('resume')
def force(self):
#TODO: return the actual search id of the spawned search job
return self.execute_action('force')
def hasPartitionField(self, field):
fields = self.partition_fields.split(',')
return field in fields
@classmethod
def parse_except_messages(cls, e):
return HDFSAppObjModel.parse_except_messages(e)