def get_scheme(self): """overloaded splunklib modularinput method""" scheme = super(ModInputbigfix_infrastructure, self).get_scheme() scheme.title = ("BigFix Infrastructure") scheme.description = ( "Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu." ) scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.add_argument( smi.Argument("name", title="Name", description="", required_on_create=True)) """ For customized inputs, hard code the arguments here to hide argument detail from users. For other input types, arguments should be get from input_module. Defining new input types could be easier. """ scheme.add_argument( smi.Argument("global_account", title="Global Account", description="", required_on_create=True, required_on_edit=False)) return scheme
def get_scheme(self): """Creates modular input scheme. Returns: modularinput.Scheme object. """ scheme = modularinput.Scheme(SPLUNK_MI_NAME) scheme.description = SPLUNK_MI_DESC scheme.use_external_validation = True card_id = modularinput.Argument('card_id') card_id.data_type = modularinput.Argument.data_type_number card_id.description = 'Monobank Card ID' card_id.required_on_create = True scheme.add_argument(card_id) token = modularinput.Argument('token') token.data_type = modularinput.Argument.data_type_string token.description = 'Monobank token' token.required_on_create = True scheme.add_argument(token) init_date = modularinput.Argument('init_date') init_date.data_type = modularinput.Argument.data_type_string init_date.description = 'Initial date for getting transactions list. Format: YYYY-MM-DD' init_date.required_on_create = True scheme.add_argument(init_date) log_level = modularinput.Argument('log_level') log_level.data_type = modularinput.Argument.data_type_string log_level.description = 'Log level (DEBUG|INFO)' log_level.required_on_create = True scheme.add_argument(log_level) return scheme
def get_scheme(self): scheme = modularinput.Scheme("Socrata Data Feed") scheme.description = "Retrieve events from a Socrata-run government data site" scheme.use_single_instance = False scheme.use_external_validation = False url_arg = modularinput.Argument("url") url_arg.data_type = modularinput.Argument.data_type_string url_arg.description = "The Socrata SODA API resource URL" url_arg.required_on_create = True scheme.add_argument(url_arg) date_field_arg = modularinput.Argument("date_field") date_field_arg.data_type = modularinput.Argument.data_type_string date_field_arg.description = "Date field to sort on (and index by)" date_field_arg.required_on_create = True scheme.add_argument(date_field_arg) default_date_arg = modularinput.Argument("default_checkpoint_date") default_date_arg.data_type = modularinput.Argument.data_type_string default_date_arg.description = "Earliest date to index (in isoformat, like 2016-01-01)" default_date_arg.required_on_create = True scheme.add_argument(default_date_arg) limit_arg = modularinput.Argument("limit") limit_arg.data_type = modularinput.Argument.data_type_number limit_arg.description = "Number of events to pull per request" limit_arg.required_on_create = False scheme.add_argument(url_arg) return scheme
def get_scheme(self): scheme = smi.Scheme('geoipupdate') scheme.description = 'geoipupdate' scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.use_single_instance = True scheme.add_argument( smi.Argument('name', title='Name', description='Name', required_on_create=True)) scheme.add_argument(smi.Argument( 'interval', required_on_create=True, )) scheme.add_argument( smi.Argument( 'edition_ids', required_on_create=True, )) scheme.add_argument( smi.Argument( 'global_account', required_on_create=True, )) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = smi.Scheme("AWS Evident.io") scheme.description = ("Collect notifications produced by AWS Evident.io." "The feature must be enabled and its SNS topic must be subscribed to an SQS queue.") scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.use_single_instance = False # defaults != documented scheme defaults, so I'm being explicit. scheme.add_argument(smi.Argument("name", title="Name", description="Choose an ID or nickname for this configuration", required_on_create=True)) scheme.add_argument(smi.Argument("aws_account", title="AWS Account", description="AWS account", required_on_create=True, required_on_edit=True)) scheme.add_argument(smi.Argument("aws_region", title="SQS Queue Region", description=("Name of the AWS region in which the" " notification queue is located. Regions should be entered as" " e.g., us-east-1, us-west-2, eu-west-1, ap-southeast-1, etc."), required_on_create=True, required_on_edit=True)) scheme.add_argument(smi.Argument("sqs_queue", title="SQS Queue Name", description=("Name of queue to which notifications of AWS Evident.io" " are sent. The queue should be subscribed" " to the AWS Evident.io SNS topic."), required_on_create=True, required_on_edit=True)) scheme.add_argument(smi.Argument("enable_additional_notifications", title="Enable Debug", description=("Index additional SNS/SQS events to help with troubleshooting."), data_type=smi.Argument.data_type_boolean, required_on_create=False)) return scheme
def get_scheme(self): scheme = super(STRAVA_API, self).get_scheme() scheme.title = ("Strava Activities") scheme.description = 'Strava Activities' scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.use_single_instance = False scheme.add_argument( smi.Argument('name', title='Name', description='Name', required_on_create=True)) scheme.add_argument( smi.Argument( 'access_code', required_on_create=True, )) scheme.add_argument( smi.Argument( 'start_time', required_on_create=False, )) scheme.add_argument( smi.Argument( 'reindex_data', required_on_create=False, )) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = smi.Scheme("SigsciEvent") scheme.title = ("Sigsci Events") scheme.description = ("") scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.use_single_instance = True scheme.add_argument( smi.Argument("name", title="Name", description="", required_on_create=True)) scheme.add_argument( smi.Argument("delta", title="Time Delta", description="Time interval in minutes", required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument("site", title="Dashboard Site", description="Name of the SigSci Dashboard Site", required_on_create=True, required_on_edit=True)) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = super(ModInputbigfix_actions, self).get_scheme() scheme.title = ("BigFix Actions") scheme.description = ("Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu.") scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.add_argument(smi.Argument("name", title="Name", description="", required_on_create=True)) """ For customized inputs, hard code the arguments here to hide argument detail from users. For other input types, arguments should be get from input_module. Defining new input types could be easier. """ scheme.add_argument(smi.Argument("global_account", title="Global Account", description="", required_on_create=True, required_on_edit=False)) scheme.add_argument(smi.Argument("set_batch_value", title="Set Batch Value", description="Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.", required_on_create=True, required_on_edit=False)) return scheme
def get_scheme(self): scheme = smi.Scheme('lansweeper_input') scheme.description = 'Lansweeper Input' scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.use_single_instance = False scheme.add_argument( smi.Argument('name', title='Name', description='Name', required_on_create=True)) scheme.add_argument(smi.Argument( 'site', required_on_create=True, )) scheme.add_argument( smi.Argument( 'account_name', required_on_create=True, )) return scheme
def get_scheme(self): scheme = smi.Scheme('example_input_two') scheme.description = 'Example Input Two' scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.use_single_instance = True scheme.add_argument( smi.Argument('name', title='Name', description='Name', required_on_create=True)) scheme.add_argument(smi.Argument( 'interval', required_on_create=True, )) scheme.add_argument(smi.Argument( 'account', required_on_create=True, )) scheme.add_argument( smi.Argument( 'input_two_multiple_select', required_on_create=True, )) scheme.add_argument( smi.Argument( 'input_two_checkbox', required_on_create=False, )) scheme.add_argument( smi.Argument( 'input_two_radio', required_on_create=False, )) scheme.add_argument( smi.Argument( 'use_existing_checkpoint', required_on_create=False, )) scheme.add_argument( smi.Argument( 'start_date', required_on_create=False, )) scheme.add_argument( smi.Argument( 'example_help_link', required_on_create=False, )) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = smi.Scheme("Statuscake_Alerts") scheme.title = ("Status Cake Alerts") scheme.description = ("Status Cake Alerts") scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.use_single_instance = False scheme.add_argument(smi.Argument("name", title="Name", description="", required_on_create=True)) scheme.add_argument(smi.Argument("placeholder", title="Placeholder", description="Do not set any value to this", required_on_create=False)) return scheme
def get_input_arguments(): arguments = [] arguments.append( smi.Argument("docker_api_version", title="Docker API version", description="e.g. v1.39", required_on_create=True, required_on_edit=False)) return arguments
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = super(ModInputdmarc_imap, self).get_scheme() scheme.title = ("DMARC imap") scheme.description = ("Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu.") scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.add_argument(smi.Argument("name", title="Name", description="", required_on_create=True)) """ For customized inputs, hard code the arguments here to hide argument detail from users. For other input types, arguments should be get from input_module. Defining new input types could be easier. """ scheme.add_argument(smi.Argument("global_account", title="Global Account", description="Use the account configured in the setup tab", required_on_create=True, required_on_edit=False)) scheme.add_argument(smi.Argument("imap_server", title="IMAP server", description="Connect to the specified IMAP server with TLS (port 993)", required_on_create=True, required_on_edit=False)) scheme.add_argument(smi.Argument("resolve_ip", title="Resolve IP", description="Resolve the source_ip field in the DMARC aggregate reports.", required_on_create=False, required_on_edit=False)) scheme.add_argument(smi.Argument("validate_xml", title="Validate XML", description="Validate the aggregate reports against the DMARC XSD. Results are included in the field vendor_rua_xsd_validation.", required_on_create=False, required_on_edit=False)) scheme.add_argument(smi.Argument("validate_dkim", title="Validate DKIM", description="(Beta) Validate the DKIM signatures in the mail headers. Results are currently only available in DEBUG log.", required_on_create=False, required_on_edit=False)) scheme.add_argument(smi.Argument("imap_mailbox", title="IMAP mailbox", description="Select the IMAP mailbox to poll. Default: INBOX", required_on_create=True, required_on_edit=False)) scheme.add_argument(smi.Argument("output_format", title="Output format", description="", required_on_create=True, required_on_edit=False)) scheme.add_argument(smi.Argument("batch_size", title="Batch size", description="Max number of messages to fetch per batch to prevent connection timeouts and resets", required_on_create=False, required_on_edit=False)) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = smi.Scheme("autofocus_export") scheme.title = ("AutoFocus Export List") scheme.description = ("Retrieve export list from AutoFocus") scheme.use_external_validation = True scheme.streaming_mode_xml = False scheme.use_single_instance = True scheme.add_argument( smi.Argument("name", title="Name", description="", required_on_create=True)) scheme.add_argument( smi.Argument("label", title="label", description="", required_on_create=True, required_on_edit=True)) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = super(ModInputcrypto_settings, self).get_scheme() scheme.title = ("crypto_settings") scheme.description = ( "Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu." ) scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.add_argument( smi.Argument("name", title="Name", description="", required_on_create=True)) """ For customized inputs, hard code the arguments here to hide argument detail from users. For other input types, arguments should be get from input_module. Defining new input types could be easier. """ scheme.add_argument( smi.Argument( "type_of_data", title="Type of Data", description= "Select if you are creating a new key file for encryption/decryption or a new salt file for hashing.", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument("key_salt", title="Key / Salt", description="Paste your key or salt here.", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument( "rsa_key_encryption_password", title="RSA key encryption password", description= "Optional: If you are uploading an AES-256-CBC, DES-CBC or DES-EDE3-CBC encrypted private RSA key file, specify the corresponding password here. Leave blank otherwise.", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument( "authorized_roles", title="Authorized Roles", description= "Specify which roles should be authorized to use this key/salt file.", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument( "authorized_users", title="Authorized Users", description= "Specify which users should be authorized to use this key/salt file.", required_on_create=False, required_on_edit=False)) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = super(ModInputdmarc_directory, self).get_scheme() scheme.title = ("DMARC directory") scheme.description = ( "Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu." ) scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.add_argument( smi.Argument("name", title="Name", description="", required_on_create=True)) """ For customized inputs, hard code the arguments here to hide argument detail from users. For other input types, arguments should be get from input_module. Defining new input types could be easier. """ scheme.add_argument( smi.Argument( "dmarc_directory", title="Directory", description="Directory containing DMARC aggregate reports", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument( "quiet_time", title="Quiet time", description= "Ignore files that have a modification time of less than n seconds ago.", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument( "resolve_ip", title="Resolve IP", description= "Resolve the source_ip field in the DMARC XML aggregate report", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument( "validate_xml", title="Validate XML", description= "Validate the aggregate report XML against the DMARC XSD. Results are included in the field vendor_rua_xsd_validation.", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument("output_format", title="Output format", description="", required_on_create=True, required_on_edit=False)) return scheme
def get_scheme(self): """ Overloaded splunklib modularinput method """ scheme = smi.Scheme('em_entity_manager') scheme.title = ('Splunk Insights for Infrastructure - Entity Manager') scheme.description = ( 'Entity Manager helps to discover and manage your entities') log_level = 'The logging level of the modular input. Defaults to DEBUG' scheme.add_argument( smi.Argument('log_level', title='Log Level', description=log_level, required_on_create=False)) return scheme
def get_scheme(self): """ Overloaded splunklib modularinput method """ scheme = smi.Scheme('aws_input_restarter') scheme.title = ( 'Splunk Insights for Infrastructure - AWS Input Restarter') scheme.description = ( 'Restarts certain AWS inputs to workaround TA-AWS bugs') log_level = 'The logging level of the modular input. Defaults to DEBUG' scheme.add_argument( smi.Argument('log_level', title='Log Level', description=log_level, required_on_create=False)) return scheme
def get_scheme(self): scheme = modularinput.Scheme("Hello World SDK") scheme.description = "A simple demonstration of a modular input using the SDK" scheme.use_external_validation = True name_arg = modularinput.Argument( name="name_to_greet", data_type=modularinput.Argument.data_type_string, description="Name to use in greeting", required_on_create=True, title="Who to Greet" ) # If the validation message uses single quotes a very cryptic error is returned: "Expecting different token" name_arg.validation = "validate(match('name_to_greet', '^(?![Bb]ob)'), \"We don't like Bob.\")" scheme.add_argument(name_arg) return scheme
def get_scheme(self): scheme = super(STRAVA_WEBHOOK, self).get_scheme() scheme.description = 'Strava Webhook' scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.add_argument( smi.Argument( 'name', title='Name', description='Name', required_on_create=True ) ) scheme.add_argument( smi.Argument( 'port', required_on_create=True, ) ) scheme.add_argument( smi.Argument( 'verify_token', required_on_create=True, ) ) scheme.add_argument( smi.Argument( 'callback_url', required_on_create=True, ) ) scheme.add_argument( smi.Argument( 'cert_file', required_on_create=True, ) ) scheme.add_argument( smi.Argument( 'key_file', required_on_create=True, ) ) return scheme
def get_scheme(self): scheme = splunk.Scheme("Jamf Modular Input") scheme.description = "Retrieves computer data from Jamf Pro." scheme.use_external_validation = True username_argument = splunk.Argument("jss_username") username_argument.data_type = splunk.Argument.data_type_string username_argument.description = "Jamf Pro Username" username_argument.required_on_create = True scheme.add_argument(username_argument) password_argument = splunk.Argument("jss_password") password_argument.data_type = splunk.Argument.data_type_string password_argument.description = "Jamf Pro Password" password_argument.required_on_create = True scheme.add_argument(password_argument) api_argument = splunk.Argument("api_call") api_argument.data_type = splunk.Argument.data_type_string api_argument.description = "Type of Advanced Search to call" api_argument.required_on_create = True scheme.add_argument(api_argument) search_name_argument = splunk.Argument("search_name") search_name_argument.data_type = splunk.Argument.data_type_string search_name_argument.description = "Preconfigured Advanced Search to call" search_name_argument.required_on_create = True scheme.add_argument(search_name_argument) url_argument = splunk.Argument("jss_url") url_argument.data_type = splunk.Argument.data_type_string url_argument.description = "Jamf Pro URL" url_argument.required_on_create = True scheme.add_argument(url_argument) index_argument = splunk.Argument("index") index_argument.data_type = splunk.Argument.data_type_string index_argument.description = "Destination index" host_argument = splunk.Argument("host") host_argument.data_type = splunk.Argument.data_type_string host_argument.description = "Host" return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = smi.Scheme("jira") scheme.title = ("jira") scheme.description = ("") scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.use_single_instance = False desc_server = "JIRA server" scheme.add_argument(smi.Argument("server", title="server", description=desc_server, required_on_create=True)) desc_username = '******' scheme.add_argument(smi.Argument("username", title="username", description=desc_username, required_on_create=True)) desc_password = '******' scheme.add_argument(smi.Argument("password", title="password", description=desc_password, required_on_create=True)) desc_protocol = 'REST API protocol, e.g., https' scheme.add_argument(smi.Argument("protocol", title="protocol", description=desc_protocol, required_on_create=True)) desc_port = 'REST API port, e.g., 443' scheme.add_argument(smi.Argument("port", title="port", description=desc_port, required_on_create=True)) desc_jql = "JQL query to filter tickets which are indexed, " \ "e.g., issueType in (epic, story)" scheme.add_argument(smi.Argument("jql", title="jql", description=desc_jql, required_on_create=True)) desc_fields = "Fields to be indexed, a comma separated field list" \ "e.g., key, summary, project, updated" scheme.add_argument(smi.Argument("fields", title="fields", description=desc_fields, required_on_create=True)) return scheme
def get_input_arguments(): arguments = [] arguments.append( smi.Argument("device_ip", title="Device IP", description="", required_on_create=True, required_on_edit=False)) arguments.append( smi.Argument( "script_timeout", title="Script Timeout", description= "The script is smart enough to know if a copy of itself is already running. Use this timeout to shut down the script and allow the normal input interval to restart the script.", required_on_create=False, required_on_edit=False)) arguments.append( smi.Argument("collect_node_info_", title="Collect Node Info?", description="", required_on_create=False, required_on_edit=False)) arguments.append( smi.Argument("node_info_interval", title="Node Info Interval", description="", required_on_create=True, required_on_edit=False)) arguments.append( smi.Argument("collect_mesh_info_", title="Collect Mesh Info?", description="", required_on_create=False, required_on_edit=False)) arguments.append( smi.Argument("mesh_info_interval", title="Mesh Info Interval", description="", required_on_create=True, required_on_edit=False)) return arguments
def get_scheme(self): scheme = smi.Scheme("Zenoss Events") scheme.description = "Modular input to pull events from Zenoss API" scheme.use_external_validation = True scheme.use_single_instance = False zenoss_username = smi.Argument("zenoss_username") zenoss_username.data_type = smi.Argument.data_type_string zenoss_username.required_on_edit = True zenoss_username.required_on_create = True scheme.add_argument(zenoss_username) zenoss_realm = smi.Argument("zenoss_realm") zenoss_realm.data_type = smi.Argument.data_type_string zenoss_realm.required_on_edit = False zenoss_realm.required_on_create = False scheme.add_argument(zenoss_realm) zenoss_server = smi.Argument("zenoss_server") zenoss_server.data_type = smi.Argument.data_type_string zenoss_server.required_on_edit = True zenoss_server.required_on_create = True scheme.add_argument(zenoss_server) no_ssl_cert_check = smi.Argument("no_ssl_cert_check") no_ssl_cert_check.data_type = smi.Argument.data_type_boolean no_ssl_cert_check.required_on_edit = True no_ssl_cert_check.required_on_create = True scheme.add_argument(no_ssl_cert_check) cafile = smi.Argument("cafile") cafile.data_type = smi.Argument.data_type_string cafile.required_on_edit = False cafile.required_on_create = False scheme.add_argument(cafile) device = smi.Argument("device") device.data_type = smi.Argument.data_type_string device.required_on_edit = False device.required_on_create = False scheme.add_argument(device) tzone = smi.Argument("tzone") tzone.data_type = smi.Argument.data_type_string tzone.required_on_edit = False tzone.required_on_create = False scheme.add_argument(tzone) start_date = smi.Argument("start_date") start_date.data_type = smi.Argument.data_type_string start_date.required_on_edit = False start_date.required_on_create = False scheme.add_argument(start_date) index_closed = smi.Argument("index_closed") index_closed.data_type = smi.Argument.data_type_boolean index_closed.required_on_edit = False index_closed.required_on_create = False scheme.add_argument(index_closed) index_cleared = smi.Argument("index_cleared") index_cleared.data_type = smi.Argument.data_type_boolean index_cleared.required_on_edit = False index_cleared.required_on_create = False scheme.add_argument(index_cleared) index_archived = smi.Argument("index_archived") index_archived.data_type = smi.Argument.data_type_boolean index_archived.required_on_edit = False index_archived.required_on_create = False scheme.add_argument(index_archived) index_suppressed = smi.Argument("index_suppressed") index_suppressed.data_type = smi.Argument.data_type_boolean index_suppressed.required_on_edit = False index_suppressed.required_on_create = False scheme.add_argument(index_suppressed) index_repeats = smi.Argument("index_repeats") index_repeats.data_type = smi.Argument.data_type_boolean index_repeats.required_on_edit = False index_repeats.required_on_create = False scheme.add_argument(index_repeats) archive_threshold = smi.Argument("archive_threshold") archive_threshold.data_type = smi.Argument.data_type_string archive_threshold.required_on_edit = False archive_threshold.required_on_create = False scheme.add_argument(archive_threshold) checkpoint_delete_threshold = smi.Argument( "checkpoint_delete_threshold") checkpoint_delete_threshold.data_type = smi.Argument.data_type_string checkpoint_delete_threshold.required_on_edit = False checkpoint_delete_threshold.required_on_create = False scheme.add_argument(checkpoint_delete_threshold) proxy_uri = smi.Argument("proxy_uri") proxy_uri.data_type = smi.Argument.data_type_string proxy_uri.required_on_edit = False proxy_uri.required_on_create = False scheme.add_argument(proxy_uri) proxy_username = smi.Argument("proxy_username") proxy_username.data_type = smi.Argument.data_type_string proxy_username.required_on_edit = False proxy_username.required_on_create = False scheme.add_argument(proxy_username) proxy_realm = smi.Argument("proxy_realm") proxy_realm.data_type = smi.Argument.data_type_string proxy_realm.required_on_edit = False proxy_realm.required_on_create = False scheme.add_argument(proxy_realm) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = super(ModInputjamfcomputers, self).get_scheme() scheme.title = ("JamfComputers") scheme.description = ("Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu.") scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.add_argument(smi.Argument("name", title="Name", description="", required_on_create=True)) """ For customized inputs, hard code the arguments here to hide argument detail from users. For other input types, arguments should be get from input_module. Defining new input types could be easier. """ scheme.add_argument(smi.Argument("name_of_the_modular_input", title="Name of the Modular Input", description="", required_on_create=False, required_on_edit=False)) scheme.add_argument(smi.Argument("jss_url", title="JSS URL", description="", required_on_create=True, required_on_edit=False)) scheme.add_argument(smi.Argument("jss_username", title="Username", description="", required_on_create=True, required_on_edit=False)) scheme.add_argument(smi.Argument("jss_password", title="Password", description="", required_on_create=True, required_on_edit=False)) scheme.add_argument(smi.Argument("excludeNoneManaged", title="Exclude Non Managed Devices", description="If a device is not managed Exclude it", required_on_create=False, required_on_edit=False)) scheme.add_argument(smi.Argument("sections", title="Sections", description="General and User_and_Location are included by default: Excluded are Fonts, Services, Package Receipts, Content Caching, iBeacons, Plugins, and Attachments.", required_on_create=False, required_on_edit=False)) scheme.add_argument(smi.Argument("days_since_contact", title="Days Since Contact", description="Exclude devices that haven\'t been contacted in the above days. Suggest 7, 14, 30, 90 days. Refer to your own environment. 0 = Unlimited", required_on_create=False, required_on_edit=False)) scheme.add_argument(smi.Argument("event_time_format", title="Event Time format", description="Write the \"TIME\" field as either when the device inventoried, was last contacted, or when the Script runs", required_on_create=False, required_on_edit=False)) scheme.add_argument(smi.Argument("host_as_device_name", title="Host as Device Name", description="Writes the devices name as the Host Name.", required_on_create=False, required_on_edit=False)) scheme.add_argument(smi.Argument("use_proxy", title="Use proxy", description="Use the System or Per-App Proxy", required_on_create=False, required_on_edit=False)) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = super(ModInputjamf, self).get_scheme() scheme.title = ("jamf") scheme.description = ( "Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu." ) scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.add_argument( smi.Argument("name", title="Name", description="", required_on_create=True)) """ For customized inputs, hard code the arguments here to hide argument detail from users. For other input types, arguments should be get from input_module. Defining new input types could be easier. """ scheme.add_argument( smi.Argument("name_of_the_modular_input", title="Name of the Modular Input", description="Unique Input Name for the data", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument("jss_url", title="JSS URL", description="Base URL for JAMF instance", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument("username", title="Username", description="", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument("password", title="Password", description="", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument("api_call", title="API Call Name", description="API Call Name", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument( "search_name", title="Search Name", description= "Preconfigured Advanced Search to call or Custom API call, refer to documentation", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument("custom_host_name", title="Custom Host Name", description="", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument("custom_index_name", title="Custom Index Name", description="", required_on_create=False, required_on_edit=False)) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = smi.Scheme("AWS CloudTrail") scheme.description = ( "Collect and index log files produced by AWS CloudTrail." " CloudTrail logging must be enabled and published to SNS topics and an SQS queue." ) scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.use_single_instance = False # defaults != documented scheme defaults, so I'm being explicit. scheme.add_argument( smi.Argument( "name", title="Name", description="Choose an ID or nickname for this configuration", required_on_create=True)) scheme.add_argument( smi.Argument("aws_account", title="AWS Account", description="AWS account", required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument( "aws_region", title="SQS Queue Region", description= ("Name of the AWS region in which the" " notification queue is located. Regions should be entered as" " e.g., us-east-1, us-west-2, eu-west-1, ap-southeast-1, etc." ), required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument( "sqs_queue", title="SQS Queue Name", description= ("Name of queue to which notifications of new CloudTrail" " logs are sent. CloudTrail logging should be configured to" " publish to an SNS topic. The queue should be subscribed" " to the topics that notify of the desired logs. (Note that" " multiple topics from different regions can publish to a single" " queue if desired.)"), required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument( "exclude_describe_events", title="Exclude \"Describe*\" events", description=( "Do not index \"Describe\" events. These events typically" " constitute a high volume of calls, and indicate" " read-only requests for information."), data_type=smi.Argument.data_type_boolean, required_on_create=False)) scheme.add_argument( smi.Argument( "remove_files_when_done", title="Remove log files when done", description=( "Delete log files from the S3 bucket once they have been" "read and sent to the Splunk index"), data_type=smi.Argument.data_type_boolean, required_on_create=False)) scheme.add_argument( smi.Argument( "blacklist", title="Blacklist for Describe events", description= ("PCRE regex for specifying event names to be excluded. Leave blank" " to use the default set of read-only event names"), required_on_create=False)) scheme.add_argument( smi.Argument( "excluded_events_index", title="Excluded events index", description= ("Optional index in which to write the excluded events. Leave blank" " to use the default of simply deleting events. Specified indexes" " must be created in Splunk for this to be effective."), required_on_create=False)) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = smi.Scheme("AWS S3") scheme.description = ("Collect and index log files stored in AWS S3.") scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.use_single_instance = False scheme.add_argument( smi.Argument( "name", title="Name", description="Choose an ID or nickname for this configuration", required_on_create=True)) scheme.add_argument( smi.Argument("aws_account", title="AWS Account", description="AWS account", required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument("bucket_name", title="Bucket Name", description="Bucket name", required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument("key_name", title="Key Name", description="Key name", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument( "recursion_depth", title="Recursion Depth", description= "Only applies if key_name is a folder prefix (e.g., \"path/\")", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument("initial_scan_datetime", title="Initital Scan DateTime", description="Initial scan datetime.", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument("max_items", title="Max Items", description="Max trackable items.", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument( "max_retries", title="Max Item Retries", description= "Max number of retry attempts to stream incomplete items.", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument("whitelist", title="Whitelist Regex", description="Whitelist", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument("blacklist", title="Blacklist Regex", description="Blacklist", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument("host_name", title="S3 host name", description="S3 host name", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument("is_secure", title="whether to use secure connection", description="whether to use secure connection", required_on_create=False, required_on_edit=False)) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = smi.Scheme("AWS CloudWatch") scheme.description = ( "Collect and index metrics produced by AWS CloudWatch.") scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.use_single_instance = True # defaults != documented scheme defaults, so I'm being explicit. scheme.add_argument( smi.Argument( "name", title="Name", description="Choose an ID or nickname for this configuration", required_on_create=True)) scheme.add_argument( smi.Argument("aws_account", title="AWS Account", description="AWS account", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument( "aws_region", title="AWS CloudWatch Region", description= ("Name of the AWS region in which the metrics are located." " Regions should be entered as" " e.g., us-east-1, us-west-2, eu-west-1, ap-southeast-1, etc." ), required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument("metric_namespace", title="AWS CloudWatch Metric Namespace", description="Name of the AWS Metric Namespace.", required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument("metric_names", title="AWS CloudWatch Metric Names", description="Names of the AWS Metrics.", required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument("metric_dimensions", title="AWS CloudWatch Dimensions", description="JSON encoded", required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument( "statistics", title="AWS CloudWatch Metric Statistics Being Requested", description=("List of valid values (JSON encoded):" " Average, Sum, SampleCount, Maximum, Minimum"), required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument( "period", title="AWS CloudWatch Metric Granularity", description= ("The period in seconds. Must be at least 60 seconds, and a" " multiple of 60. The default value is 300. The maximum is 21600" ), required_on_create=True, required_on_edit=True)) scheme.add_argument( smi.Argument( "polling_interval", title="AWS CloudWatch Minimum Polling Interval", description=( "The period in seconds. Must be a multiple of period." " The default is the value of period. The maximum is 21600." ), required_on_create=True, required_on_edit=True)) return scheme
def get_scheme(self): """overloaded splunklib modularinput method""" scheme = super(ModInputjamfmobiledevices, self).get_scheme() scheme.title = ("jamfMobileDevices") scheme.description = ( "Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu." ) scheme.use_external_validation = True scheme.streaming_mode_xml = True scheme.add_argument( smi.Argument("name", title="Name", description="", required_on_create=True)) """ For customized inputs, hard code the arguments here to hide argument detail from users. For other input types, arguments should be get from input_module. Defining new input types could be easier. """ scheme.add_argument( smi.Argument("jssUrl", title="Jamf Pro URL", description="", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument("jssUsername", title="Jamf Pro Service Account", description="", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument("jssPassword", title="Jamf Pro Service Secret", description="", required_on_create=True, required_on_edit=False)) scheme.add_argument( smi.Argument("platforms", title="OS Platforms", description="Which Platforms to collect", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument( "excludeNoneManaged", title="Exclude None Managed", description= "Exclude devices not marked as Managed (don\'t collect)", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument( "daysSinceContact", title="daysSinceContact", description= "Devices older than this without contact will be excluded, 0= Infinity", required_on_create=False, required_on_edit=False)) scheme.add_argument( smi.Argument("sections", title="Device Details to Post", description="", required_on_create=False, required_on_edit=False)) return scheme