class NetworkToolsConfig(SplunkAppObjModel): """ Represents the network_tools.conf custom conf file. """ resource = '/admin/network_tools' index = Field()
class ClusterMasterGeneration(SplunkAppObjModel): ''' Represents a master's generation info ''' resource = '/cluster/master/generation' generation_id = IntField(is_mutable=False) generation_peers = DictField(is_mutable=False) last_complete_generation_id = IntField(is_mutable=False) multisite_error = Field(is_mutable=False) pending_generation_id = IntField(is_mutable=False) pending_last_attempt = IntField(is_mutable=False) pending_last_reason = Field(is_mutable=False) replication_factor_met = BoolField(is_mutable=False) search_factor_met = BoolField(is_mutable=False) was_forced = BoolField(is_mutable=False)
class Input(SplunkRESTModel): resource = 'data/inputs' disabled = BoolField(is_mutable=False) host = Field() index = Field() queue = Field() rcvbuf = IntField(api_name='_rcvbuf', is_mutable=False) source = Field() sourcetype = Field() def _reload(self): path = '/'.join([self.id.rsplit('/', 1)[0], '_reload']) response, content = rest.simpleRequest(path, method='POST') if response.status == 200: return True return False
class Input(SplunkAppObjModel): resource = 'data/inputs' disabled = BoolField(is_mutable=False) host = Field() index = Field() sourcetype = Field() def _reload(self): path = '/'.join([self.id.rsplit('/', 1)[0], '_reload']) response, content = rest.simpleRequest(path, method='POST') if response.status == 200: return True return False def enable(self): if not self.action_links: return True for item in self.action_links: if 'enable' in item: response, content = rest.simpleRequest(item[1], method='POST') if response.status == 200: return True return False def disable(self): if not self.action_links: return True for item in self.action_links: if 'disable' in item: response, content = rest.simpleRequest(item[1], method='POST') if response.status == 200: return True return False def delete(self): if not self.action_links: return False for item in self.action_links: if 'remove' in item: response, content = rest.simpleRequest(item[1], method='DELETE') if response.status == 200: return True return False
class CookedTCPInput(SocketInput): resource = 'data/inputs/tcp/cooked' compressed = BoolField() enable_s2s_heartbeat = BoolField() input_shutdown_timeout = IntField() # TODO: cast to RouteField() route = Field() s2s_heartbeat_timeout = IntField()
class App(SplunkAppObjModel): """ Represents a Splunk app """ resource = 'apps/local' is_disabled = BoolField('disabled') is_configured = BoolField('configured') label = Field()
class ClusterMasterBucket(SplunkAppObjModel): ''' Represents a master's cluster bucket state ''' resource = 'cluster/master/buckets' bucket_size = IntField(is_mutable=False) constrain_to_origin_site = BoolField(is_mutable=False) force_roll = BoolField(is_mutable=False) frozen = BoolField(is_mutable=False) index = Field(is_mutable=False) origin_site = Field(is_mutable=False) peers = DictField(is_mutable=False) primaries_by_site = DictField(is_mutable=False) rep_count_by_site = DictField(is_mutable=False) search_count_by_site = DictField(is_mutable=False) service_after_time = IntField(is_mutable=False) standalone = BoolField(is_mutable=False)
class FiredAlert(SplunkAppObjModel): ''' Represents a Splunk fired/triggered alert ''' resource = 'alerts/fired_alerts/-' actions = ListField() alert_type = Field() savedsearch_name = Field() sid = Field() severity = IntField() trigger_time = EpochField() # these are rendered time string in the current user's timezone trigger_time_rendered = Field() expiration_time_rendered = Field() digest_mode = BoolField() triggered_alerts = IntField() def get_savedsearch(self): from splunk.models.saved_search import SavedSearch return SavedSearch.get(self.entity.getLink('savedsearch')) def get_job(self): job_id = self.entity.getLink('job') #TODO: return a search job object return None @classmethod def get_alerts(cls, alerts_id): ''' Returns a SplunkQuerySet that can be used to access the alerts fired by the given id. The SplunkQuerySet can be modified to include a search, custom ordering etc.. example alerts_id: absolute: https://localhost:8089/servicesNS/nobody/search/aalerts/fired_alerts/AlertTest1 relative: /servicesNS/nobody/search/alerts/fired_alerts/AlertTest1 ''' k = SplunkQuerySet(FiredAlert.manager(), 30) k._uri = alerts_id return k
class HydraCacheStanza(SOLNAppObjModel): ''' Provides object mapping for the hydra cache stanzas This can be used as an example when making your own cache models The conf file should NEVER be managed manually, it is a datastore for the shared session objects Field Meanings: string_data - This is a string representing some string data python_data - This is the serialized python object representing some serialized python data worker - This is a pointer to the worker that is currently editing the cache, workers will use this field to 'lock' this session to avoid collisions ''' resource = 'configs/conf-hydra_cache' use_model_as_spec = True string_data = Field() python_data = PythonObjectField() worker = Field() last_lock_time = ISODateTimeField()
class SelfConfig(SplunkAppObjModel): ''' Represents a Splunk license tracker (master) server ''' resource = 'licenser/localslave' resource_default = 'licenser/localslave/license' connection_timeout = IntField(is_mutable=False) features = DictField(is_mutable=False) last_master_contact_attempt_time = EpochField(is_mutable=False) last_master_contact_success_time = EpochField(is_mutable=False) last_trackerdb_service_time = EpochField(is_mutable=False) license_keys = ListField(is_mutable=False) master_guid = Field(is_mutable=False) master_uri = Field() receive_timeout = IntField(is_mutable=False) send_timeout = IntField(is_mutable=False) slave_name = Field(api_name='slave_id', is_mutable=False) slave_label = Field(is_mutable=False) squash_threshold = IntField(is_mutable=False)
class Slave(SplunkAppObjModel): ''' Represents a Splunk license slave server ''' resource = 'licenser/slaves' added_usage_parsing_warnings = BoolField() pool_names = ListField(api_name='pool_ids', is_mutable=False) stack_names = ListField(api_name='stack_ids', is_mutable=False) warning_count = IntField() label = Field()
class SplunkLookupTableFile(SplunkAppObjModel): '''Class for Splunk lookup table files. Note that on save(), the "path" is actually the file that will be copied into place to replace the existing lookup table. ''' resource = '/data/lookup-table-files' name = Field() path = Field(api_name="eai:data") @staticmethod def reload( session_key=None ): path = SplunkLookupTableFile.resource + "/" + '_reload' response, content = rest.simpleRequest(path, method='GET', sessionKey=session_key) if response.status == 200: return True return False
class ClusterMasterPeer(SplunkAppObjModel): ''' Represents a master's cluster peer state ''' resource = 'cluster/master/peers' active_bundle_id = Field(is_mutable=False) apply_bundle_status = DictField(is_mutable=False) base_generation_id = IntField(is_mutable=False) bucket_count = IntField(is_mutable=False) bucket_count_by_index = DictField(is_mutable=False) delayed_buckets_to_discard = ListField(is_mutable=False) fixup_set = ListField(is_mutable=False) host_port_pair = Field(is_mutable=False) is_searchable = BoolField(is_mutable=False) label = Field(is_mutable=False) last_heartbeat = EpochField(is_mutable=False) latest_bundle_id = Field(is_mutable=False) pending_job_count = IntField(is_mutable=False) primary_count = IntField(is_mutable=False) primary_count_remote = IntField(is_mutable=False) replication_count = IntField(is_mutable=False) replication_port = IntField(is_mutable=False) replication_use_ssl = BoolField(is_mutable=False) search_state_counter = DictField(is_mutable=False) site = Field(is_mutable=False) status = Field(is_mutable=False) status_counter = DictField(is_mutable=False)
class App(SplunkAppObjModel): ''' Represents a Splunk app. ''' resource = 'apps/local' check_for_updates = BoolField() is_configured = BoolField(api_name='configured') is_disabled = BoolField('disabled') is_visible = BoolField(api_name='visible') label = Field() requires_restart = BoolField(api_name='state_change_requires_restart')
class TAVMwareVCenterForwarderStanza(SOLNAppObjModel): ''' Provides object mapping for the vcenter forwarder stanzas The conf file is for storing information on accessing splunk forwarders. Note that by convention the name of these stanzas must match the vc stanza in ta_vmware_collection.conf Field Meanings: host - The routable address of the virtual center splunk forwarder management, e.g. https://vcenter.splunk.com:8089 user - The user to use when administering the forwarder credential_validation - boolean indicating the credentials have been validated addon_validation - boolean indicating the addon (TA-vcenter) has been validated as installed ''' resource = 'configs/conf-vcenter_forwarder' use_model_as_spec = True host = Field() user = Field() #The field stores the state of VC log collection vc_collect_logs = BoolField() credential_validation = BoolField() addon_validation = BoolField()
class DispatchField(StructuredField): ''' Represents the splunk search dispatch parameters ''' buckets = Field() earliest_time = Field() latest_time = Field() lookups = BoolField() max_count = Field() max_time = Field() reduce_freq = Field() spawn_process = BoolField() time_format = Field() ttl = Field()
class MonitorInput(Input): resource = 'data/inputs/monitor' blacklist = Field() check_index = BoolField(api_name='check-index') check_path = BoolField(api_name='check-path') crc_salt = Field(api_name='crc-salt') follow_tail = BoolField(api_name='followTail') host_regex = Field() host_segment = Field() ignore_older_than = Field(api_name='ignore-older-than') recursive = BoolField() rename_source = Field(api_name='rename-source') whitelist = Field()
class Dashboard(SplunkAppObjModel): ''' Represents a simple XML dashboard. This is a wrapper model class for the view objects previously defined in /models/legacy_views. ''' resource = 'data/ui/views' # # properties # data = Field('eai:data') def get_label(self): return self._obj.label def set_label(self, label): self._obj.label = label label = property(get_label, set_label) # # constructor # def __init__(self, namespace, owner, name, entity=None, **kwargs): super(Dashboard, self).__init__(namespace, owner, name, entity=entity, **kwargs) self._obj = dashboard.SimpleDashboard() # # internal adapters # def from_entity(self, entity): super(Dashboard, self).from_entity(entity) data = entity['eai:data'] if data: root = et.fromstring(unicode(data).encode('utf-8')) self._obj = dashboard.SimpleDashboard() try: self._obj.fromXml(root) except Exception, e: logger.warn('Could not load xml %s' % e)
class AutoSummarizeField(StructuredField): ''' Represents the auto-summarrize related parameters ''' enabled = BoolField('auto_summarize') can_summarize = Field(is_mutable=False) is_good_summarization_candidate = Field(is_mutable=False) cron_schedule = Field() earliest_time = Field('auto_summarize.dispatch.earliest_time') latest_time = Field('auto_summarize.dispatch.latest_time') timespan = Field(is_mutable=False)
class AlertOverlay(SplunkAppObjModel): resource = 'unix/alert_overlay' description = Field() business_impact = Field() remediation = Field() escalation = Field() threshold_max = IntField() threshold_min = IntField() threshold_type = Field() threshold_unit = Field()
class TAVMwareCacheStanza(SOLNAppObjModel): ''' Provides object mapping for the TA-vmware cache stanzas The conf file should NEVER be managed manually, it is a datastore for the shared objects ''' resource = 'configs/conf-ta_vmware_cache' use_model_as_spec = True #This is the serialized python object representing inv_data inv_data = PythonObjectField() inv_time = ISODateTimeField() #This is a pointer to the worker that is currently editing the cache, #workers will use this field to 'lock' this session to avoid collisions worker = Field() last_lock_time = ISODateTimeField()
class ClusterMasterInfo(SplunkAppObjModel): ''' Represents a master node's state ''' resource = 'cluster/master/info' active_bundle = DictField(is_mutable=False) apply_bundle_status = DictField(is_mutable=False) indexing_ready_flag = BoolField(is_mutable=False) initialized_flag = BoolField(is_mutable=False) label = Field(is_mutable=False) latest_bundle = DictField(is_mutable=False) maintenance_mode = BoolField(is_mutable=False) multisite = BoolField(is_mutable=False) rolling_restart_flag = BoolField(is_mutable=False) service_ready_flag = BoolField(is_mutable=False) start_time = IntField(is_mutable=False)
class TAVMwareSyslogForwarderStanza(SOLNAppObjModel): ''' Provides object mapping for the syslog forwarder stanzas The conf file is for storing configuration information related to syslog forwarding. Note that by convention the name of stanzas must match the vc stanza in ta_vmware_collection.conf Field Meanings: status - boolean on/off switch for data collection validation_status - boolean indicating if validation has passed syslog_uri - csv list of target ssylog forwarders ''' resource = 'configs/conf-ta_vmware_syslog_forwarder' use_model_as_spec = True status = BoolField() validation_status = BoolField() uri = CSVField() config_status_msg = Field()
class MonitorInput(Input): resource = 'data/inputs/monitor' always_open_file = BoolField() blacklist = Field() crc_salt = Field(api_name='crcSalt') file_count = IntField(api_name='filecount', is_mutable=False) follow_symlink = BoolField(api_name='followSymlink') follow_tail = BoolField() host_regex = Field() host_segment = Field() # TODO : cast to TimeField() ignore_older_than = Field() move_policy = Field() recursive = BoolField() time_before_close = IntField() whitelist = Field()
class Message(SplunkAppObjModel): ''' Represnts a licenser message ''' resource = 'licenser/messages' category = Field(is_mutable=False) create_time = EpochField() description = Field() pool_name = Field(api_name='pool_id') severity = Field(default_value='ERROR') slave_name = Field(api_name='slave_id') stack_name = Field(api_name='stack_id')
class EmailActionField(StructuredField): ''' Represents the email alert action configuration ''' enabled = BoolField('action.email') format = Field() inline = BoolField() sendresults = BoolField() to = Field() subject = Field() pdfview = Field() #TODO: use splunk.models.server_config.PDFConfig.is_enabled instead sendpdf = BoolField() papersize = Field() paperorientation = Field()
class ClusterConfig(SplunkAppObjModel): ''' Represents the current node ''' resource = 'cluster/config' cxn_timeout = IntField() disabled = BoolField() forwarderdata_rcv_port = IntField() forwarderdata_use_ssl = BoolField() heartbeat_period = IntField() heartbeat_timeout = IntField() master_uri = Field() max_peer_build_load = IntField() max_peer_rep_load = IntField() mode = Field() multisite = BoolField() percent_peers_to_restart = IntField() ping_flag = BoolField() quiet_period = IntField() rcv_timeout = IntField() register_forwarder_address = Field() register_replication_address = Field() register_search_address = Field() rep_cxn_timeout = IntField() rep_max_rcv_timeout = IntField() rep_max_send_timeout = IntField() rep_rcv_timeout = IntField() rep_send_timeout = IntField() replication_factor = IntField() replication_port = IntField() replication_use_ssl = BoolField() restart_timeout = IntField() search_factor = IntField() search_files_retry_timeout = IntField() secret = Field() send_timeout = IntField() site = Field()
class License(SplunkAppObjModel): ''' Represents a single license object ''' resource = 'licenser/licenses' creation_time = EpochField() expiration_time = EpochField() features = ListField() hash = Field(api_name='license_hash') label = Field() max_violations = IntField() payload = Field() quota_bytes = FloatField(api_name='quota') sourcetypes = ListField() stack_name = Field(api_name='stack_id') status = Field() type = Field() window_period = IntField()
class User(SplunkAppObjModel): ''' Represents a Splunk user object. ''' resource = 'authentication/users' default_app = Field('defaultApp') default_app_is_user_override = BoolField('defaultAppIsUserOverride', is_mutable=False) default_app_source_role = Field('defaultAppSourceRole', is_mutable=False) email = Field() password = Field() realname = Field() create_role = Field('createrole', is_mutable=False) roles = ListField(is_mutable=False) type = Field(is_mutable=False) @classmethod def get(self, uname): ''' Overriden function lets retrieving user objects by user name instead of id ''' return super(User, self).get('%s/%s' % (self.resource, uname))
class AlertField(StructuredField): ''' Represents the saved search alerting configuration ''' class SuppressAlertField(StructuredField): ''' Represents the suppression configuration for saved search alerting configuration ''' enabled = BoolField('alert.suppress') period = Field() fieldlist = Field('alert.suppress.fields') type = Field('alert_type') comparator = Field('alert_comparator') threshold = Field('alert_threshold') condition = Field('alert_condition') suppress = SuppressAlertField() digest_mode = BoolField() expires = Field() severity = Field() fired_count = IntField('triggered_alert_count') track = BoolField()