def error(msg):
# for some reason the old style generateErrorResults aren't making their way into the ui.
# si.generateErrorResults("Usage: searchtxn <transaction_type> <transaction_search>. Ex: searchtxn loginsessions user=bob")
messages = {}
si.addErrorMessage(messages, msg)
si.outputResults([], messages)
exit(0)
def error(msg):
# for some reason the old style generateErrorResults aren't making their way into the ui.
# si.generateErrorResults("Usage: searchtxn <transaction_type> <transaction_search>. Ex: searchtxn loginsessions user=bob")
messages = {}
si.addErrorMessage(messages, msg)
si.outputResults([], messages)
exit(0)
def execute():
results = []
try:
results, dummyresults, settings = si.getOrganizedResults()
# default values
args = {"namespace": "search"}
# get commandline args
keywords, options = si.getKeywordsAndOptions()
# override default args with settings from search kernel
args.update(settings)
# override default args with commandline args
args.update(options)
sessionKey = args.get("sessionKey", None)
owner = args.get("owner", "admin")
namespace = args.get("namespace", None)
if namespace.lower() == "none":
namespace = None
messages = {}
if sessionKey == None:
# this shouldn't happen, but it's useful for testing.
try:
sessionKey = sa.getSessionKey("admin", "changeme")
si.addWarnMessage(
messages, "No session given to 'tune' command. Using default admin account and password."
)
except splunk.AuthenticationFailed, e:
si.addErrorMessage(messages, "No session given to 'tune' command.")
return
if len(keywords) != 1:
usage()
# e.g., '/data/inputs/monitor'
entity = keywords[0]
logger.info("Entity: %s Args: %s" % (entity, args))
results = [] # we don't care about incoming results
try:
entitys = en.getEntities(entity, sessionKey=sessionKey, owner=owner, namespace=namespace, count=-1)
for name, entity in entitys.items():
try:
myapp = entity["eai:acl"]["app"]
if namespace != None and myapp != namespace:
continue
except:
continue # if no eai:acl/app, filter out
result = entityToResult(name, entity)
results.append(result)
except splunk.ResourceNotFound, e2:
pass
output += AND
if len(ORS) > 1:
output += ")"
si.outputResults([{'search': output}], messages)
if __name__ == '__main__':
messages = {}
try:
(isgetinfo, sys.argv) = si.isGetInfo(sys.argv)
argtext = ' '.join(sys.argv[1:])
count, mapping = parseArgs(argtext)
if isgetinfo:
reqsop = True
preop = "head %s" % count
fields = [field for alias, field in mapping]
if len(fields) > 0:
preop += " | fields %s" % ', '.join(fields)
si.outputInfo(False, False, False, reqsop,
preop) # calls sys.exit()
run(messages, count, mapping)
except Exception, e:
import traceback
stack = traceback.format_exc()
si.addErrorMessage(
messages, "%s. Traceback: %s" % (e, stack.replace('\n', '\\n')))
si.outputResults([], messages)
output += " " #" AND "
output += AND
if len(ORS) > 1:
output += ")"
si.outputResults([{'search': output}], messages)
if __name__ == '__main__':
messages = {}
try:
(isgetinfo, sys.argv) = si.isGetInfo(sys.argv)
argtext = ' '.join(sys.argv[1:])
count, mapping = parseArgs(argtext)
if isgetinfo:
reqsop = True
preop = "head %s" % count
fields = [field for alias, field in mapping]
if len(fields) > 0:
preop += " | fields %s" % ', '.join(fields)
si.outputInfo(False, False, False, reqsop, preop) # calls sys.exit()
run(messages, count, mapping)
except Exception, e:
import traceback
stack = traceback.format_exc()
si.addErrorMessage(messages, "%s. Traceback: %s" % (e, stack.replace('\n','\\n')))
si.outputResults([], messages)
def execute():
results = []
try:
results, dummyresults, settings = si.getOrganizedResults()
# default values
args = {'namespace': 'search'}
# get commandline args
keywords, options = si.getKeywordsAndOptions()
# override default args with settings from search kernel
args.update(settings)
# override default args with commandline args
args.update(options)
sessionKey = args.get("sessionKey", None)
owner = args.get("owner", 'admin')
namespace = args.get("namespace", None)
if namespace.lower() == "none":
namespace = None
messages = {}
if sessionKey == None:
# this shouldn't happen, but it's useful for testing.
try:
sessionKey = sa.getSessionKey('admin', 'changeme')
si.addWarnMessage(
messages,
"No session given to 'tune' command. Using default admin account and password."
)
except splunk.AuthenticationFailed, e:
si.addErrorMessage(messages,
"No session given to 'tune' command.")
return
if len(keywords) != 1:
usage()
# e.g., '/data/inputs/monitor'
entity = keywords[0]
logger.info("Entity: %s Args: %s" % (entity, args))
results = [] # we don't care about incoming results
try:
entitys = en.getEntities(entity,
sessionKey=sessionKey,
owner=owner,
namespace=namespace,
count=-1)
for name, entity in entitys.items():
try:
myapp = entity["eai:acl"]["app"]
if namespace != None and myapp != namespace:
continue
except:
continue # if no eai:acl/app, filter out
result = entityToResult(name, entity)
results.append(result)
except splunk.ResourceNotFound, e2:
pass