def main(): client = actconfig.setup() # Parse arguments opts, kwargs = Intersplunk.getKeywordsAndOptions() if not opts: Intersplunk.generateErrorResult( "Usage: | actadd <field1> ... <fieldN> [fact_type=<fact type>] [fact_value=<fact value]" ) return events, _, _ = Intersplunk.getOrganizedResults() # Annotate events for event in events: object_value = [] for field in opts: if event.get(field): object_value.append(event[field]) if not object_value: continue event.update(fact_search(client, object_value, **kwargs)) Intersplunk.outputResults(events)
def run(results, fields): try: values = set() for result in results: field = None for f, v in result.items(): if f not in ['count', 'percent']: field = f break else: continue value = result[field] if value.lower() == "other": value = ' '.join([ 'NOT %s="%s" ' % (field, v.replace('"', '\\"')) for v in values ]) + ' %s=*' % field elif value.lower() == "null": value = 'NOT %s=*' % field else: values.add(value) value = '%s="%s"' % (field, v.replace('"', '\\"')) result['_drilldown'] = value if '_drilldown' not in fields: fields.append('_drilldown') si.outputResults(results, {}, fields=fields) except Exception, e2: stack2 = traceback.format_exc() si.generateErrorResults("Error '%s'. %s" % (e2, stack2))
def error(msg): # for some reason the old style generateErrorResults aren't making their way into the ui. # si.generateErrorResults("Usage: searchtxn <transaction_type> <transaction_search>. Ex: searchtxn loginsessions user=bob") messages = {} si.addErrorMessage(messages, msg) si.outputResults([], messages) exit(0)
def run(results, fields): try: values = set() for result in results: field = None for f,v in result.items(): if f not in ['count','percent']: field = f break else: continue value = result[field] if value.lower() == "other": value = ' '.join(['NOT %s="%s" ' % (field, v.replace('"','\\"')) for v in values]) + ' %s=*' % field elif value.lower() == "null": value = 'NOT %s=*' % field else: values.add(value) value = '%s="%s"' % (field, v.replace('"','\\"')) result['_drilldown'] = value if '_drilldown' not in fields: fields.append('_drilldown') si.outputResults(results, {}, fields=fields) except Exception, e2: stack2 = traceback.format_exc() si.generateErrorResults("Error '%s'. %s" % (e2, stack2))
def run(spantext, seriesmode, results): try: secsPerSpan, scalar, unit = parseSpan(spantext) maxtime = -1 # for each results time_data = {} fields_seen = {} span = None latest = None for result in results: if maxtime < 0: try: maxtime = int(float(result['info_max_time'])) except: maxtime = int(time.time()) maxtime -= 1 # not inclusive if '_time' not in result: raise Exception("Missing required _time field on data") if span == None and '_span' in result: span = result['_span'] mytime = int(float(result['_time'])) spansago = int((maxtime - mytime) / secsPerSpan) new_time = mytime + (spansago * secsPerSpan) if new_time not in time_data: time_data[new_time] = {'_time': new_time, '_span': span} this_row = time_data[new_time] spanstart = maxtime - ((spansago + 1) * secsPerSpan) + 1 series = seriesName(series_mode, scalar, spansago, unit, spanstart) if spansago == 0: latest = series acount = len(result) for k, v in result.items(): if k not in [ '_time', 'info_sid', 'info_max_time', 'info_min_time', 'info_search_time', 'info_sid', '_span' ]: if k == 'count': attr = series else: attr = '%s_%s' % (k, series) this_row[attr] = result[k] fields_seen[attr] = spansago field_order = fields_seen.items() field_order.sort(lambda x, y: cmp(x[1], y[1])) field_order = [f for f, v in field_order] field_order.insert(0, '_time') field_order.append('_span') results = time_data.values() results.sort(lambda x, y: cmp(x['_time'], y['_time'])) si.outputResults(results, {}, fields=field_order) except Exception, e2: stack2 = traceback.format_exc() si.generateErrorResults("Error '%s'. %s" % (e2, stack2))
def run(spantext, seriesmode, results): try: secsPerSpan, scalar, unit = parseSpan(spantext) maxtime = -1 # for each results time_data = {} fields_seen = {} span = None latest = None for result in results: if maxtime < 0: try: maxtime = int(float(result['info_max_time'])) except: maxtime = int(time.time()) maxtime -= 1 # not inclusive if '_time' not in result: raise Exception("Missing required _time field on data") if span == None and '_span' in result: span = result['_span'] mytime = int(float(result['_time'])) spansago = int((maxtime-mytime) / secsPerSpan) new_time = mytime + (spansago * secsPerSpan) if new_time not in time_data: time_data[new_time] = { '_time': new_time, '_span': span } this_row = time_data[new_time] spanstart = maxtime - ((spansago+1)*secsPerSpan) + 1 series = seriesName(series_mode, scalar, spansago, unit, spanstart) if spansago == 0: latest = series acount = len(result) for k,v in result.items(): if k not in ['_time', 'info_sid', 'info_max_time', 'info_min_time', 'info_search_time', 'info_sid', '_span']: if k == 'count': attr = series else: attr = '%s_%s' % (k, series) this_row[attr] = result[k] fields_seen[attr] = spansago field_order = fields_seen.items() field_order.sort(lambda x,y: cmp(x[1], y[1])) field_order = [f for f,v in field_order] field_order.insert(0,'_time') field_order.append('_span') results = time_data.values() results.sort(lambda x,y: cmp(x['_time'], y['_time'])) si.outputResults(results, {}, fields=field_order) except Exception, e2: stack2 = traceback.format_exc() si.generateErrorResults("Error '%s'. %s" % (e2, stack2))
def main(): try: search_results, dummy_results, settings = intersplunk.getOrganizedResults() if len(search_results) > 0: output_results = cal_utilization(search_results) intersplunk.outputResults(output_results, fields=output_results[0].keys()) except: stack = traceback.format_exc() results = intersplunk.generateErrorResults("Error : Traceback: " + str(stack)) intersplunk.outputResults(results)
def main(): # get config from config file config = ConfigParser.ConfigParser() if os.path.exists(os.path.join('..', 'local', 'slack.conf')): config.readfp(open(os.path.join('..', 'local', 'slack.conf'))) else: config.readfp(open(os.path.join('..', 'default', 'slack.conf'))) # username and icon can only be set by conf username = config.get('config', 'username') icon = config.get('config', 'icon') # update args if user speicify them in search channel = kwargs.get('channel', config.get('config', 'channel')) if not channel.startswith('#'): channel = '#' + channel if config.get('config', 'allow_user_set_slack_url').lower() in TRUE_VALUES: url = kwargs.get('url', config.get('config', 'url')) else: url = config.get('config', 'url') # no url specified, dont procceed. if not url: raise Exception("Not slack url specified!") # read search results results = sis.readResults(None, None, True) https_proxy = config.get('config', 'proxy') proxyDict = { "https" : https_proxy } # prepare data to be sent to slack data = { 'text': get_pretty_table(results), 'username': username, 'channel': channel, 'icon_url': icon, 'mrkdwn': True, } if https_proxy != "": # send data to slack. r = requests.post(url, data=json.dumps(data), proxies=proxyDict) else: r = requests.post(url, data=json.dumps(data)) if r.status_code == 200: sis.outputResults(results) else: err_msg = ("Error sending results to slack, reason: {r}, {t}".format( r=r.reason, t=r.text)) sis.generateErrorResults(err_msg)
def main(): # get config from config file config = ConfigParser.ConfigParser() config.readfp(open(os.path.join('..', 'default', 'hipchat.conf'))) # update args if user speicify them in search room = kwargs.get('room', config.get('default', 'room')) color = kwargs.get('color', config.get('default', 'color')) notify = kwargs.get('notify', config.get('default', 'notify')) msg_fmt = kwargs.get('message_format', config.get('default', 'message_format')) if config.get('default', 'allow_users_set_base_url').lower() in TRUE_VALUES: base_url = kwargs.get('base_url', config.get('default', 'base_url')) else: base_url = config.get('default', 'base_url') # check if auth token is set properly try: auth_token = {"auth_token": config.get(room, 'auth_token')} except ConfigParser.NoSectionError as e: raise Exception("Room not set, please set the room stanza") except ConfigParser.NoOptionError as e: raise Exception("Auth token not set, please set auth token for room") # construct url url = base_url + "{s}{r}/notification".format( s='' if base_url.endswith('/') else '/', r=room) # read search results results = sis.readResults(None, None, True) # prepare data to be sent data = { 'message': get_pretty_table(results, msg_fmt), 'message_format': msg_fmt, 'color': color, 'notify': notify.lower() in TRUE_VALUES } # send data headers = {'Content-type': 'application/json'} r = requests.post(url, data=json.dumps(data), params=auth_token, headers=headers) if r.status_code == 204: sis.outputResults(results) else: err_msg = ("Error sending results to slack, reason: {r}, {t}".format( r=r.reason, t=r.text)) sis.generateErrorResults(err_msg)
def main(): # get config from config file config = ConfigParser.ConfigParser() if os.path.exists(os.path.join('..', 'local', 'slack.conf')): config.readfp(open(os.path.join('..', 'local', 'slack.conf'))) else: config.readfp(open(os.path.join('..', 'default', 'slack.conf'))) # username and icon can only be set by conf username = config.get('config', 'username') icon = config.get('config', 'icon') # update args if user speicify them in search channel = kwargs.get('channel', config.get('config', 'channel')) if not channel.startswith('#'): channel = '#' + channel if config.get('config', 'allow_user_set_slack_url').lower() in TRUE_VALUES: url = kwargs.get('url', config.get('config', 'url')) else: url = config.get('config', 'url') # no url specified, dont procceed. if not url: raise Exception("Not slack url specified!") # read search results results = sis.readResults(None, None, True) https_proxy = config.get('config', 'proxy') proxyDict = {"https": https_proxy} # prepare data to be sent to slack data = { 'text': get_pretty_table(results), 'username': username, 'channel': channel, 'icon_url': icon, 'mrkdwn': True, } if https_proxy != "": # send data to slack. r = requests.post(url, data=json.dumps(data), proxies=proxyDict) else: r = requests.post(url, data=json.dumps(data)) if r.status_code == 200: sis.outputResults(results) else: err_msg = ("Error sending results to slack, reason: {r}, {t}".format( r=r.reason, t=r.text)) sis.generateErrorResults(err_msg)
def main(): client = actconfig.setup() # Parse arguments from splunk search opts, kwargs = Intersplunk.getKeywordsAndOptions() results = [] if opts and "keywords" not in kwargs: kwargs["keywords"] = " ".join(opts) results += fact_search(client, **kwargs) Intersplunk.outputResults(results)
def main(): try: output_fields = ['_time'] output_results = [] search_results, dummyresults, settings = intersplunk.getOrganizedResults( ) if search_results is None or len(search_results) == 0: intersplunk.outputResults(output_results, fields=output_fields) return fields = search_results[0].keys() is_field_valid, is_detection_needed = check_fields(fields) if not is_field_valid: intersplunk.parseError( 'This visualization requires timestamped, evenly spaced numeric time-series data. Try using the timechart command in your query.' ) if not is_detection_needed: intersplunk.outputResults(search_results, fields=search_results[0].keys()) return output_results, output_fields = wrap_anomaly_detection(search_results) intersplunk.outputResults(output_results, fields=output_fields) except: stack = traceback.format_exc() results = intersplunk.generateErrorResults("Error : Traceback: " + str(stack)) intersplunk.outputResults(results)
def return_results(module): try: results, dummy_results, settings = InterSplunk.getOrganizedResults() if isinstance(results, list) and len(results) > 0: new_results = module.process_iocs(results) elif len(sys.argv) > 1: new_results = module.process_iocs(None) except: stack = traceback.format_exc() new_results = InterSplunk.generateErrorResults("Error: " + str(stack)) InterSplunk.outputResults(new_results) return
def _do_handle(self): self.logger.info("Start of ServiceNow script") results = [] for event in self._get_events(): if event is None: break result = self._handle_event(event) if result: result["_time"] = time.time() results.append(result) si.outputResults(results) self.logger.info("End of ServiceNow script")
def main(): p = pdns.PDNS() # Parse arguments from splunk search opts, kwargs = Intersplunk.getKeywordsAndOptions() limit = int(kwargs.get("limit", 25)) events, _, _ = Intersplunk.getOrganizedResults() # Annotate events for event in events: value = [] for field in opts: if event.get(field): value.append(event[field]) if not value: continue query = {} answer = {} for val in value: try: for res in p.query(val, limit=limit): if res["query"] != value: query[res["query"]] = True if res["answer"] != value: answer[res["answer"]] = True except pdns.connectionError as e: Intersplunk.parseError(str(e)) return except pdns.resourceLimitExceeded as e: Intersplunk.parseError(str(e)) return if query: if "query" not in event: event["query"] = query.keys() if answer: if "answer" not in event: event["answer"] = answer.keys() Intersplunk.outputResults(events)
def main(dist, env): pm_config, config = load_pyden_config() pyden_location = pm_config.get('appsettings', 'location') if dist: if dist in config.sections(): write_pyden_config(pyden_location, config, "default-pys", "distribution", dist) else: Intersplunk.generateErrorResults( "The Python version %s is not installed yet." % dist) sys.exit(1) if env: if env in config.sections(): write_pyden_config(pyden_location, config, "default-pys", "environment", env) else: Intersplunk.generateErrorResults( "The virtual environment %s does not exist." % env) sys.exit(1) Intersplunk.outputResults([{"message": "Successfully changed defaults"}])
def main(): """ """ lookup_path = '/opt/splunk/etc/apps/osweep/lookups' file_path = '{}/urlhaus_url_feed.csv'.format(lookup_path) if sys.argv[1].lower() == 'feed': data_feed = urlhaus.get_feed() urlhaus.write_file(data_feed, file_path) exit(0) try: results, dummy_results, settings = InterSplunk.getOrganizedResults() if isinstance(results, list) and len(results) > 0: new_results = process_master(results) elif len(sys.argv) > 1: new_results = process_master(None) except: stack = traceback.format_exc() new_results = InterSplunk.generateErrorResults("Error: " + str(stack)) InterSplunk.outputResults(new_results) return
def main(): p = pdns.PDNS() # Parse arguments from splunk search opts, kwargs = Intersplunk.getKeywordsAndOptions() # Get limit from kwargs, but default to 25 if not specified limit = int(kwargs.get("limit", 25)) results = [] for value in opts: try: result = p.query(value, limit = limit) except pdns.connectionError as e: Intersplunk.parseError(str(e)) return except pdns.resourceLimitExceeded as e: Intersplunk.parseError(str(e)) return results += result Intersplunk.outputResults(results)
def run(messages, count, mapping): results = si.readResults(None, None, True) ORS = [] seenValues = set() # dedup rows for i, result in enumerate(results): if count > 0 and i >= count: break ANDS = [] for j, (renamed, attr) in enumerate(mapping): val = str(result.get(attr, '')) if renamed == None or renamed == '': if val != '': ANDS.append(val) else: ANDS.append('%s="%s"' % (renamed, val)) andstr = str(ANDS) if len(ANDS) > 0 and andstr not in seenValues: ORS.append(ANDS) seenValues.add(andstr) output = "" if len(ORS) > 1: output += "(" for i, OR in enumerate(ORS): if i > 0: output += ") OR (" for j, AND in enumerate(OR): if j > 0: output += " " #" AND " output += AND if len(ORS) > 1: output += ")" si.outputResults([{'search': output}], messages)
def run(messages, count, mapping): results = si.readResults(None, None, True) ORS = [] seenValues = set() # dedup rows for i, result in enumerate(results): if count > 0 and i >= count: break ANDS = [] for j, (renamed, attr) in enumerate(mapping): val = str(result.get(attr,'')) if renamed == None or renamed == '': if val != '': ANDS.append(val) else: ANDS.append('%s="%s"' % (renamed, val)) andstr = str(ANDS) if len(ANDS) > 0 and andstr not in seenValues: ORS.append(ANDS) seenValues.add(andstr) output = "" if len(ORS) > 1: output += "(" for i, OR in enumerate(ORS): if i > 0: output += ") OR (" for j, AND in enumerate(OR): if j > 0: output += " " #" AND " output += AND if len(ORS) > 1: output += ")" si.outputResults([{'search': output}], messages)
def main(): try: search_results, dummyresults, settings = intersplunk.getOrganizedResults( ) output_fields = ['_time', '_span'] output_results = [] if search_results is None or len(search_results) == 0: intersplunk.outputResults(output_results, fields=output_fields) else: fields = search_results[0].keys() detected_fields = list( filter(lambda x: x != '_time' and x != '_span', fields)) search_results_length = range(len(search_results)) timestamp = [ int(str(search_results[i]['_time'])) for i in search_results_length ] output_results = [{ '_time': timestamp[i], '_span': search_results[i]['_span'] } for i in search_results_length] for cur_field in detected_fields: data = [ str(search_results[i][cur_field]) for i in search_results_length ] if preprocess(data, timestamp, search_results_length, output_results, cur_field): output_fields.append(cur_field) intersplunk.outputResults(output_results, fields=output_fields) except: stack = traceback.format_exc() results = intersplunk.generateErrorResults("Error : Traceback: " + str(stack)) intersplunk.outputResults(results)
if arg_on_and_enabled(argvals, "metadata", is_bool=True): logger.info( 'arg=metadata is set to true, will return feed metadata only; will ignore all other arguments/settings' ) quandl_show_info = True quandl_uri = "https://www.quandl.com/api/v3/datasets/%s/%s/metadata.json" % ( quandl_database, set) logger.debug('effective uri="%s"' % quandl_uri) create_time = True if arg_on_and_enabled(argvals, "convert_time", rex="^(?:f|false|0|no)$"): create_time = False set_payload = getDataPayload(quandl_uri) if set_payload is not "": quandl_data = json.loads(set_payload) uber += quandl2splunk(quandl_data, quandl_show_info, create_time) # keeping all data into single array is waste of memory; need to figure out how to call outputResults multiple times, without adding header each time logger.info('sending events to splunk count="%s"' % len(uber)) si.outputResults(uber) except Exception, e: logger.error('error while processing events, exception="%s"' % e) si.generateErrorResults(e) raise Exception(e) finally: logger.info('exiting, execution duration=%s seconds' % (time.time() - eStart))
for value_field in value_fields: cur_field = value_field[6:] outlier_field = 'outlier_' + cur_field severity_field = 'severity_' + cur_field if outlier_field in search_results[i] and str(search_results[i][outlier_field]) == 'True': if len(str(search_results[i][severity_field])) > 0: severity_value = search_results[i][severity_field] else: severity_value = -1 cur_row = {'Field name': cur_field, 'Value': input[i][value_field], 'Severity': severity_value} cur_row.update({k: input[i][k] for k in OUTPUT_ATTRIBUTE_FIELDS if k in input[i]}) output.append(cur_row) sorted(output, key=comparator) return output try: output_fields = ['_time', 'Job name', 'Field name', 'Value', 'Severity'] output_results = [] search_results, dummyresults, settings = intersplunk.getOrganizedResults() if search_results is None or len(search_results) == 0: intersplunk.outputResults(output_results) output_results = parse_table(search_results) intersplunk.outputResults(output_results[:OUTPUT_COUNT], fields=OUTPUT_ATTRIBUTE_FIELDS.extend(['Field name', 'Value', 'Severity'])) except: stack = traceback.format_exc() results = intersplunk.generateErrorResults("Error : Traceback: " + str(stack)) intersplunk.outputResults(results)
def _do_handle(self): self._logger.info("Start of %s", self._get_log_file()) result = self._handle_events() si.outputResults(result) self._logger.info("End of %s", self._get_log_file())
output += AND if len(ORS) > 1: output += ")" si.outputResults([{'search': output}], messages) if __name__ == '__main__': messages = {} try: (isgetinfo, sys.argv) = si.isGetInfo(sys.argv) argtext = ' '.join(sys.argv[1:]) count, mapping = parseArgs(argtext) if isgetinfo: reqsop = True preop = "head %s" % count fields = [field for alias, field in mapping] if len(fields) > 0: preop += " | fields %s" % ', '.join(fields) si.outputInfo(False, False, False, reqsop, preop) # calls sys.exit() run(messages, count, mapping) except Exception, e: import traceback stack = traceback.format_exc() si.addErrorMessage( messages, "%s. Traceback: %s" % (e, stack.replace('\n', '\\n'))) si.outputResults([], messages)
#!/opt/splunk/bin/python ############################################################ # # GET /agents/summary # ############################################################ import sys import splunk.Intersplunk as si import requests import json try: request = requests.get( sys.argv[1] + "/en-US/custom/SplunkAppForWazuh/agents/summary?ip=" + sys.argv[2] + "&port=" + sys.argv[3] + "&user="******"&pass="******"Error : Traceback: " + str(stack)) si.outputResults(data)
from utils import load_pyden_config from splunk import Intersplunk import re from splunk_logger import setup_logging if __name__ == "__main__": logger = setup_logging() pm_config, config = load_pyden_config() pyden_location = pm_config.get('appsettings', 'location') sections = config.sections() logger.debug(sections) if "default-pys" in sections: sections.remove("default-pys") regex = re.compile(r"""\d\.\d{1,2}\.\d{1,2}""") venvs = [env for env in sections if not regex.match(env)] results = [{"environment": env} for env in venvs] for result in results: result['version'] = config.get(result['environment'], 'version') result["is_default"] = 1 if result['environment'] == config.get( "default-pys", "environment") else 0 Intersplunk.outputResults(results)
def main(): try: search_results, dummyresults, settings = intersplunk.getOrganizedResults( ) session_key = settings['sessionKey'] if len(sys.argv) == 2: # update aws price info if sys.argv[1] == 'info': task = AwsInfoTask(session_key) task.execute() elif len(sys.argv) == 5: # obtain price detail region = sys.argv[1] instance_type = sys.argv[2] product_os = sys.argv[3] tenancy = sys.argv[4] on_demand_hourly, reserved_one_all_yearly, reserved_one_partial_yearly, reserved_one_partial_hourly, reserved_one_no_hourly, currency = read_price( region, instance_type, product_os, tenancy, session_key) intersplunk.outputResults([{ PRICE_ON_DEMAND_HOURLY: on_demand_hourly, PRICE_RESERVED_ONE_ALL_YEARLY: reserved_one_all_yearly, PRICE_RESERVED_ONE_PARTIAL_YEARLY: reserved_one_partial_yearly, PRICE_RESERVED_ONE_PARTIAL_HOURLY: reserved_one_partial_hourly, PRICE_RESERVED_ONE_NO_HOURLY: reserved_one_no_hourly, CURRENCY: currency }], fields=[ PRICE_ON_DEMAND_HOURLY, PRICE_RESERVED_ONE_ALL_YEARLY, PRICE_RESERVED_ONE_PARTIAL_YEARLY, PRICE_RESERVED_ONE_PARTIAL_HOURLY, PRICE_RESERVED_ONE_NO_HOURLY, CURRENCY ]) elif len(sys.argv) == 7: # calculate optimal RI, RI cost and on demand cost base = sys.argv[1] region = sys.argv[2] instance_type = sys.argv[3] purchase_option = sys.argv[4] product_os = sys.argv[5] tenancy = sys.argv[6] valid_days, message = get_valid_days_from_conf(session_key) if valid_days < 0: ri = 'N/A' ri_cost = 'N/A' instance_hours = [] on_demand_hourly = 0 currency = '$' if re.match( r'cn-.*', region) == None else '\xc2\xa5'.decode('utf8') else: history_len, instance_hours = get_instance_hours( base, search_results) # read price on_demand_hourly, reserved_one_all_yearly, reserved_one_partial_yearly, reserved_one_partial_hourly, reserved_one_no_hourly, currency = read_price( region, instance_type, product_os, tenancy, session_key) if valid_days * HOURS_OF_DAY > history_len: ri = 'N/A' ri_cost = 'N/A' message = 'It\'s required to have %d days\' data at least. You can update the setting in recommendation.conf' % ( valid_days) else: if purchase_option == 'all': ri, ri_cost, message = ri_wrap( instance_hours, on_demand_hourly, reserved_one_all_yearly / HOURS_OF_YEAR) elif purchase_option == 'partial': ri, ri_cost, message = ri_wrap( instance_hours, on_demand_hourly, reserved_one_partial_yearly / HOURS_OF_YEAR + reserved_one_partial_hourly) else: ri, ri_cost, message = ri_wrap(instance_hours, on_demand_hourly, reserved_one_no_hourly) instance_hours_len = max(1, len(instance_hours)) outputResults = [] cur_line = {} cur_line[ON_DEMAND_COST] = int( round(on_demand_hourly * sum(instance_hours) / instance_hours_len * HOURS_OF_YEAR)) # on demand cost cur_line[RI] = ri cur_line[RI_COST] = 'N/A' if ri_cost == 'N/A' else int( round(ri_cost / instance_hours_len * HOURS_OF_YEAR)) # RI cost cur_line[MESSAGE] = message cur_line[CURRENCY] = currency outputResults.append(cur_line) intersplunk.outputResults( outputResults, fields=[RI, RI_COST, ON_DEMAND_COST, MESSAGE, CURRENCY]) else: intersplunk.parseError( "Arguments should be recommendation base, AZ, instance type, purchase option, os and tenancy." ) except: stack = traceback.format_exc() results = intersplunk.generateErrorResults("Error : Traceback: " + str(stack)) intersplunk.outputResults(results)
stdinArgs = urllib.unquote(stdinArgs).decode('utf8') match = re.search(r'<authToken>([^<]+)</authToken>', stdinArgs) sessionKey = match.group(1) incident_id = sys.argv[1] query = {} query['incident_id'] = incident_id uri = '/servicesNS/nobody/alert_manager/storage/collections/data/incident_results?query=%s' % urllib.quote(json.dumps(query)) serverResponse, serverContent = rest.simpleRequest(uri, sessionKey=sessionKey) data = json.loads(serverContent) #sys.stderr.write("data: %s" % data) field_list = None results = [] for result in data: if "field_list" in result: field_list = result["field_list"] for line in result["fields"]: if type(field_list) is list: ordered_line = collections.OrderedDict() for field in field_list: ordered_line[field] = line[field] results.append(ordered_line) else: results.append(line) intersplunk.outputResults(results)
for i in range(1, len(sys.argv)): func = py.parse_func(sys.argv[i]) logger.debug("func = %s" % func) recs = get_inputs(records, func.arguments) logger.debug("get_inputs = %s" % recs) f = py.find_func(func) f._sessionKey_ = sessionKey try: if len(func.arguments)==0: rf = f() else: rf = f(*tuple(recs)) except Exception as ex: logger.critical("fneval: ex = %s" % ex) print "%s" % ex rf = ex logger.debug("rf = %s" % rf) nm = func.name if func.alias!=None: nm = func.alias ret[nm] = rf logger.debug("ret = %s" % ret) logger.debug("records = %s" % records) si.outputResults([ret])
logger.debug('Ending Output') #if not proc_err == '': # raise Exception("prestrace returned something in stderr: '%s'" % proc_err) lines = proc_err.split("\n") results = [] re_time = re.compile(r'^(\d+\.\d\d\d)\d+\s+(\w+).*\<(\d+\.\d+)\>') for line in lines: if line != '': res = {} res['_raw'] = line m = re_time.match(line) if m: res['_time'] = m.group(1) res['call'] = m.group(2) res['duration'] = m.group(3) results.append(res) logger.debug(pprint.pformat(results)) si.outputResults(results, fields=['_raw']) logger.debug("exited __main__") except Exception, e: si.generateErrorResults(e)
if __name__ == '__main__': stdin = None if not os.isatty(0): stdin = sys.stdin settings = dict() records = si.readResults(settings = settings, has_header = True) sessionKey = settings['sessionKey'] for i in range(1, len(sys.argv)): logger.debug("query = %s" % sys.argv[i]) func = parse_func(sys.argv[i]) logger.debug("func arguments = %s" % func.arguments) for rec in records: # it is good pratice to always pass sessionKey to functions rf = run_func (func, sessionKey=sessionKey, **rec) if isinstance(rf, dict): rec.update(rf) else: nm = func.alias if func.alias!=None else func.name rec.update({nm:rf}) si.outputResults(records)
results = [] now = str(int(time.mktime(time.gmtime()))) start = 0 # google rest api returns very few results, get many pages of a small number of results for loop in range(0, 20): try: # Define the query to pass to Google Search API query = urllib.urlencode({'q' : search, 'start' : start}) # Fetch the results and convert to JSON search_results = urllib2.urlopen(GOOGLE_REST_URL % query) data = json.loads(search_results.read()) hits = data['responseData']['results'] for h in hits: raw = stripCommonHTML(sax.unescape(h['content'])) title = stripCommonHTML(h['titleNoFormatting']) url = h['unescapedUrl'] results.append({'title' : title , 'url' : url , '_time' : now, 'description' : raw, '_raw' : title + "... " + raw}) start += len(hits) if len(results) > maxresults: break except: break si.outputResults(results[:maxresults]) except Exception, e: import traceback stack = traceback.format_exc() si.generateErrorResults("Error '%s'. %s" % (e, stack))
+"* DateTime: " + datetime\ +"\r\n\r\n* Sensors: "+sensors\ +"\r\n\r\n* Signatures:\r\n\r\n"+signatures\ +"\r\n\r\n* PCAP Attached: "\ +"\r\n\r\n**SOURCE**\r\n\r\n"\ +"\r\n Source IP(s): "+sourceip\ +"\r\n X-Forward-For : (Please Confirm with PCAP) "+xforward\ +"Ports: "+sport\ +"\r\n Hostname: "\ +"\r\n\r\n**Destination**\r\n\r\n"\ +"\r\n Destination IP(s): "+destip\ +"Ports: "+dport\ +"\r\n Hostname: "\ +"\r\n\r\n**Add RAW data as a Nugget**\r\n\r\n", "plan" : "0", "concerned_business_lines" : [1], "severity": "3", "is_incident" : "true", "status" : "O", "subject": "IDS Event: " } response = requests.post(FIR_API_URL+"incidents", headers=headers, data=json.dumps(data), verify=False) outputresults.append({'fir_api' : result['dest'], 'push_status' : 'ok'}) i=1 si.outputResults(outputresults) except Exception, e: import traceback stack = traceback.format_exc() si.generateErrorResults("Error '%s'. %s" % (e, stack))
# e.g., '/data/inputs/monitor' entity = keywords[0] logger.info("Entity: %s Args: %s" % (entity, args)) results = [] # we don't care about incoming results try: entitys = en.getEntities(entity, sessionKey=sessionKey, owner=owner, namespace=namespace, count=-1) for name, entity in entitys.items(): try: myapp = entity["eai:acl"]["app"] if namespace != None and myapp != namespace: continue except: continue # if no eai:acl/app, filter out result = entityToResult(name, entity) results.append(result) except splunk.ResourceNotFound, e2: pass si.outputResults(results, messages) except Exception, e: import traceback stack = traceback.format_exc() logger.error(str(e) + ". Traceback: " + str(stack)) si.generateErrorResults(str(e)) if __name__ == "__main__": execute()
gpath = gpath.replace('\]', ']') # find all files matching complete_path = os.path.expanduser( os.path.expandvars(gpath)) glob_matches = glob.glob(complete_path) logger.error("complete path: %s" % complete_path) logger.error("glob matches: %s" % glob_matches) if len(glob_matches)==0: logger.error("No file matching %s" % complete_path) raise Exception("No files matching %s." % complete_path) for pfile in glob_matches: logger.error("parsing file: %s" % pfile) results += parse_pstack_file(pfile, separator, fileorderindex) #return results return results # noinspection PyUnreachableCode if __name__ == '__main__': try: si.outputResults(parse_pstacks(), messages, fields) except Exception, e: import traceback stack = traceback.format_exc() si.generateErrorResults("Following error occurred while parsing pstack: '%s'." % (e)) logger.error("%s. %s" % (e, stack))
log("MAXTERMS: %s MAKEORS: %s eventsOnly: %s" % (maxTerms, makeORs, eventsOnly)) log("tsearch: %s" % tsearch) results = [] try: results = findTransaction(tname, tsearch, makeORs, eventsOnly, maxTerms, messages, **kwargs) except Exception, e: error(e) events = [] log("RESULTS: %s" % len(results)) for result in results: # api fail event = {} for field in result: if field == '_time': event['_time'] = util.dt2epoch(util.parseISO(str(result['_time']))) else: event[field] = result[field] events.append(event) si.outputResults(events, messages) if __name__ == '__main__': try: main() except Exception, e: error(e)
if len(regexes) == 0: si.generateErrorResults( 'Unable to learn any extractions. Provide different examples, counterexamples, or searchresults' ) exit(0) rex = regexes[0] rex = rex.replace("?P<FIELDNAME>", "?P<%s>" % keywords[0]) si.addInfoMessage( messages, 'Successfully learned regex. Consider using: | rex "%s"' % rex.replace('"', '\\"')) # for each result for result in results: val = result.get(fromfield, None) # match regex and put values in match = re.search(rex, val) if match: extractions = match.groupdict() for k, v in extractions.items(): result[k] = v si.outputResults(results, messages) except Exception, e: stack = traceback.format_exc() si.generateErrorResults("Error '%s'" % e) logger.error("Exception encountered: %s" % e) logger.info("Traceback: %s" % stack)
"Usage: indextimerange <earliest_time_epoch> <latest_time_epoch>") a = 0 b = 0 try: a = int(sys.argv[1]) b = int(sys.argv[2]) if (b < a): raise ValueError except: isp.parseError("Invalid earliest and/or latest epoch times") disjuncts = [] while a < b: level = 10 while a % level == 0 and (a + level) <= b: level = level * 10 level = level / 10 disjuncts.append('_indextime=%d%s' % (a / level, level > 1 and '*' or '')) a = a + level results = [{'search': " OR ".join(disjuncts)}] isp.outputResults(results)
def main(): output = [] def Log(s, verb_level, code=1, extra=None, force_print=False): if verb_level <= log.getverbosity(): output.extend(s.split("\n")) # def PrintCollectionStatus(col_stats, force_print=False): # # raise ValueError(type(col_stats.matched_chain_pair[1])) # output.append({ # "num_backup_sets": # }) # log.PrintCollectionStatus = PrintCollectionStatus results = None try: settings = dict() Intersplunk.readResults(None, settings, True) dup_time.setcurtime() archive_dir = os.path.join(app_dir, "local", "data", "archive") try: os.makedirs(archive_dir) except: pass if sys.argv[1] == "splunk-last-backups": ap = argparse.ArgumentParser() ap.add_argument("--time", type=int) ap.add_argument("backend") args = ap.parse_args(sys.argv[2:]) dup_globals.gpg_profile = gpg.GPGProfile() dup_globals.gpg_profile.passphrase = os.environ["PASSPHRASE"] backend.import_backends() dup_globals.backend = backend.get_backend(args.backend) if dup_globals.backup_name is None: dup_globals.backup_name = commandline.generate_default_backup_name( args.backend) commandline.set_archive_dir(archive_dir) results = [] time = args.time col_stats = dup_collections.CollectionsStatus( dup_globals.backend, dup_globals.archive_dir_path, "list-current").set_values() try: sig_chain = col_stats.get_backup_chain_at_time(time) except dup_collections.CollectionsError: results.append({ "last_full_backup_time": 0, "last_incr_backup_time": 0, }) else: if sig_chain.incset_list: last_incr_backup_time = max( [incset.end_time for incset in sig_chain.incset_list]) else: last_incr_backup_time = 0 results.append({ "last_full_backup_time": col_stats.get_last_full_backup_time(), "last_incr_backup_time": last_incr_backup_time }) elif sys.argv[1] == "splunk-file-list": ap = argparse.ArgumentParser() ap.add_argument("--time") ap.add_argument("backend") args = ap.parse_args(sys.argv[2:]) args.time = int(args.time.split(".")[0]) dup_time.setcurtime(args.time) dup_globals.restore_time = args.time dup_globals.gpg_profile = gpg.GPGProfile() dup_globals.gpg_profile.passphrase = os.environ["PASSPHRASE"] backend.import_backends() dup_globals.backend = backend.get_backend(args.backend) if dup_globals.backup_name is None: dup_globals.backup_name = commandline.generate_default_backup_name( args.backend) commandline.set_archive_dir(archive_dir) results = [] col_stats = dup_collections.CollectionsStatus( dup_globals.backend, dup_globals.archive_dir_path, "list-current").set_values() time = args.time sig_chain = col_stats.get_signature_chain_at_time(time) path_iter = diffdir.get_combined_path_iter( sig_chain.get_fileobjs(time)) for path in path_iter: if path.difftype != u"deleted" and path.index: mode = bin(path.mode)[2:] perms = "" for p, val in enumerate(mode): if p in (0, 3, 6): c = "r" elif p in (1, 4, 7): c = "w" elif p in (2, 5, 8): c = "x" perms += c if int(val) else "-" if path.type == "dir": perms = "d" + perms elif path.type == "sym": perms = "l" + perms else: perms = "-" + perms results.append({ "perms": perms, "owner": path.stat.st_uid, "group": path.stat.st_gid, "size": path.stat.st_size, "modtime": path.stat.st_mtime, "filename": os.path.join(*path.index), }) else: args = ["--archive-dir", archive_dir] + sys.argv[1:] action = commandline.ProcessCommandLine(args) log.Log = Log try: dup_main.do_backup(action) except dup_collections.CollectionsError: results = [] except SystemExit: pass except Exception as e: import traceback # sys.stderr.write(traceback.format_exc()) Intersplunk.generateErrorResults("Traceback: %s" % traceback.format_exc()) return if output and not results: import time results = [{"_raw": "\n".join(output), "_time": time.time()}] if results: try: Intersplunk.outputResults(results) except Exception: import traceback sys.stderr.write(traceback.format_exc()) results = Intersplunk.generateErrorResults("Traceback: %s" % traceback.format_exc()) Intersplunk.outputResults(results)
def main(): if len(sys.argv) < 3: usage() tname = sys.argv[1] #log("args") #for v in sys.argv: # log(v) options = ["max_terms", "use_disjunct", "eventsonly"] srchargs = [] log("ARGS: %s" % sys.argv[2:]) for arg in sys.argv[2:]: for option in options: if arg.startswith(option): break else: srchargs.append(arg) if len(srchargs) == 0: usage() tsearch = ' '.join(srchargs) log("SEARCH: %s" % tsearch) results, dummyresults, settings = si.getOrganizedResults() results = [] # we don't care about incoming results ########TEST##################### if 'sessionKey' not in settings: settings['owner'] = 'admin' settings['password'] = '******' settings['namespace'] = 'search' settings['sessionKey'] = splunk.auth.getSessionKey('admin', 'changeme') ########TEST#################### kwargs = {} for f in ['owner', 'namespace', 'sessionKey', 'hostPath']: if f in settings: kwargs[f] = settings[f] messages = {} try: maxTerms = int(settings.get("max_terms", MAX_SEARCH_COMPLEXITY)) if maxTerms > MAX_SEARCH_COMPLEXITY or maxTerms < 1: si.addWarnMessage( messages, "max_terms must be between 1 and %s. Using default." % MAX_SEARCH_COMPLEXITY) maxTerms = MAX_SEARCH_COMPLEXITY except Exception as e: maxTerms = MAX_SEARCH_COMPLEXITY dummy, options = si.getKeywordsAndOptions() makeORs = isTrue(options.get("use_disjunct", "t")) eventsOnly = isTrue(options.get("eventsonly", "f")) log("MAXTERMS: %s MAKEORS: %s eventsOnly: %s" % (maxTerms, makeORs, eventsOnly)) log("tsearch: %s" % tsearch) results = [] try: results = findTransaction(tname, tsearch, makeORs, eventsOnly, maxTerms, messages, **kwargs) except Exception as e: error(e) events = [] log("RESULTS: %s" % len(results)) for result in results: # api fail event = {} for field in result: if field == '_time': event['_time'] = util.dt2epoch( util.parseISO(str(result['_time']))) else: event[field] = result[field] events.append(event) si.outputResults(events, messages)
if '__mv_' + k not in header: header.append('__mv_' + k) elif len(v) == 1: row[k] = v[0].text # Add a _time field by converting updated into a timestamp. This is helpful if you're piping results to collect. # if 'updated' in keys: #updated = re.sub(r' (\+|-)\d+$', '', elem.findtext('updated')) #timestamp = time.mktime(datetime.datetime.strptime(updated, "%a, %d %b %Y %H:%M:%S").timetuple()) #row['_time'] = timestamp row['host'] = hostname row['index'] = 'jira' row['source'] = 'jql' row['sourcetype'] = 'jira' row['_raw'] = row row['_time'] = int(time.time()) results.append(row) if added_count > 0: offset = offset + added_count if added_count < count: break isp.outputResults(results, None, header) except Exception, e: logger.exception(str(e)) isp.generateErrorResults(str(e))
output += " " #" AND " output += AND if len(ORS) > 1: output += ")" si.outputResults([{'search': output}], messages) if __name__ == '__main__': messages = {} try: (isgetinfo, sys.argv) = si.isGetInfo(sys.argv) argtext = ' '.join(sys.argv[1:]) count, mapping = parseArgs(argtext) if isgetinfo: reqsop = True preop = "head %s" % count fields = [field for alias, field in mapping] if len(fields) > 0: preop += " | fields %s" % ', '.join(fields) si.outputInfo(False, False, False, reqsop, preop) # calls sys.exit() run(messages, count, mapping) except Exception, e: import traceback stack = traceback.format_exc() si.addErrorMessage(messages, "%s. Traceback: %s" % (e, stack.replace('\n','\\n'))) si.outputResults([], messages)
def jpath(): try: keywords, options = si.getKeywordsAndOptions() legacy_args_fixer(options) defaultval = options.get('default', None) fn_input = options.get('input', options.get('field', '_raw')) fn_output = options.get('output', 'jpath') if len(keywords) != 1: si.generateErrorResults('Requires exactly one path argument.') sys.exit(0) path = keywords[0] # Handle literal (escaped) quotes. Presumably necessary because of raw args? path = path.replace(r'\"', '"') if "*" in fn_output: apply_output = output_to_wildcard else: apply_output = output_to_field try: jp = jmespath.compile(path) except ParseError as e: # Todo: Consider stripping off the last line " ^" pointing to the issue. # Not helpful since Splunk wraps the error message in a really ugly way. si.generateErrorResults( "Invalid JMESPath expression '{}'. {}".format(path, e)) sys.exit(0) results, dummyresults, settings = si.getOrganizedResults() # for each results for result in results: # get field value ojson = result.get(fn_input, None) added = False if ojson is not None: if isinstance(ojson, (list, tuple)): # XXX: Add proper support for multivalue input fields. Just use first value for now ojson = ojson[0] try: json_obj = json.loads(ojson) except ValueError: # Invalid JSON. Move on, nothing to see here. continue try: values = jp.search(json_obj, options=jp_options) apply_output(values, fn_output, result) result[ERROR_FIELD] = None added = True except UnknownFunctionError as e: # Can't detect invalid function names during the compile, but we want to treat # these like syntax errors: Stop processing immediately si.generateErrorResults( "Issue with JMESPath expression. {}".format(e)) sys.exit(0) except JMESPathError as e: # Not 100% sure I understand what these errors mean. Should they halt? result[ERROR_FIELD] = "JMESPath error: {}".format(e) except Exception as e: result[ERROR_FIELD] = "Exception: {}".format(e) if not added and defaultval is not None: result[fn_output] = defaultval si.outputResults(results) except Exception as e: import traceback stack = traceback.format_exc() si.generateErrorResults("Error '%s'. %s" % (e, stack))
if sys.argv[1] == 'filters': filters = client.service.getFavouriteFilters(auth) keys = (('author', None), ('id', None), ('name', None)) results = [] for filter in filters: row = jiracommon.flatten(filter, keys) logger.info(time.time()) row['host'] = hostname row['source'] = "jira_soap" row['sourcetype'] = "jira_filters" row['_time'] = int(time.time()) results.append(row) isp.outputResults(results) sys.exit(0) elif sys.argv[1] == 'issues': filter_id = sys.argv[-1] issues = client.service.getIssuesFromFilter(auth, filter_id) # TODO this 1000 issue max isn't working as expected - if there are more than 1000 results, no results are returned elif sys.argv[1] == 'search': search = sys.argv[-1] issues = (client.service.getIssuesFromTextSearch(auth, search, 1000) ) elif sys.argv[1] == 'jqlsearch': jql = sys.argv[-1] issues = (client.service.getIssuesFromJqlSearch(auth, jql, 1000) ) else: logger.fatal('invalid command') sys.exit(1)
for _t in threads: _t.join() _iops = sum(results) bandwidth = int(blocksize*_iops) #print " %sB blocks: %6.1f IO/s, %sB/s (%sbit/s)" % (greek(blocksize), _iops, greek(bandwidth, 1), greek(8*bandwidth, 1, 'si')) #print strftime("%Y-%m-%d %H:%M:%S") + " location=%s, capacity=%s, threads=%d, block_size=%s, iops=%s" % (dev, mediasize(dev), num_threads, blocksize, _iops) #blocksize *= 2 runs-=1 now = str(int(time.mktime(time.localtime()))) def hello(results, settings): result = {} #result['string'] = strftime("%Y-%m-%d %H:%M:%S") + " location=%s, storage_type=%s, file_size_kb=%s, threads=%d, block_size=%s, iops=%s" % (dev, storage_type, file_size_kb, num_threads, blocksize, _iops) #results.append({'_time' : now, 'location' : dev, 'run_time_sec' : t, 'storage_type' : storage_type, 'file_size_kb' : file_size_kb, 'threads' : num_threads, 'block_size' : blocksize, 'iops' : _iops}) results.append({'_time' : now, 'location' : dev, 'run_time_sec' : t, 'threads' : num_threads, 'block_size' : blocksize, 'iops' : _iops}) return results results, dummyresults, settings = si.getOrganizedResults() results = hello(results, settings) si.outputResults(results) except IOError, (err_no, err_str): raise SystemExit(err_str) except KeyboardInterrupt: print "caught ctrl-c, bye." # eof.
# #f.close() # ############################# args = 'select_list ' + tableName + ' ' for arg in rowkey: args = args + arg + ' ' process = subprocess.Popen('./etu_hq.sh ' + args, shell=True, stdout=subprocess.PIPE) #f = open('/root/result','w') while(True): line = process.stdout.readline() if line: tmp = [] tmp.append(json.loads(line)) # f.write(str(tmp)) isp.outputResults(json.loads(line)) else: break #f.close()
raise Exception("prebtool returned something in stderr: '%s'" % proc_err) host = socket.gethostname() stanza = '' lines = proc_out.split("\n") re_index = re.compile("^(.*).conf\s+\[(.*)\]") re_kv = re.compile("^(.*)\s+(\S+)\s+=\s+(.*)") results = [] for line in lines: if line != '': res = {} index = re_index.match(line.strip()) kv = re_kv.match(line.strip()) if index: stanza = index.group(2) elif kv: res['host'] = host res['conf'] = conf res['file'] = kv.group(1) res['stanza'] = stanza res['key'] = kv.group(2) res['value'] = kv.group(3) results.append(res) logger.debug(pprint.pformat(results)) si.outputResults(results, fields=['host','conf','file','stanza','key','value']) logger.debug("exited __main__") except Exception, e: si.generateErrorResults(e)
if __name__ == '__main__': puppet_private_key = puppet_config('hostprivkey') puppet_client_cert = puppet_config('hostcert') puppet_master = puppet_config('inventory_server') puppet_master_port = puppet_config('inventory_port') conn = httplib.HTTPSConnection(puppet_master, puppet_master_port, key_file=puppet_private_key, cert_file=puppet_client_cert) conn.request('GET', '/production/facts_search/search', None, {'Accept': 'pson'}) resp = conn.getresponse() if resp.status == 200: puppet_hosts = json.loads(resp.read()) puppet_hosts.sort() puppet_host_tab = [ dict((('fqdn',fqdn), ('host',fqdn.split('.')[0]))) \ for fqdn in puppet_hosts ] si.outputResults(puppet_host_tab) else: si.generateErrorResults("Error: Status '%d', Reason '%s'" % (resp.status, resp.reason))
reltime = "unknown" elif utc == None: reltime = "unknown" else: diff = int(now - float(utc)) if diff < -60: reltime = "future" elif diff < 0: # handle weird case of client clock off slightly reltime = "now" elif diff == 0: reltime = "now" elif diff < MINUTE: reltime = unitval("second", diff) elif diff < HOUR: reltime = unitval("minute", diff / MINUTE) elif diff < DAY: reltime = unitval("hour", diff / HOUR) elif diff < MONTH: reltime = unitval("day", diff / DAY) elif diff < YEAR: reltime = unitval("month", diff / MONTH) else: reltime = unitval("year", diff / YEAR) result['reltime'] = reltime si.outputResults(results) except Exception as e: import traceback stack = traceback.format_exc() si.generateErrorResults("Error '%s'" % e)
logger.error("gpath = %s" % gpath) # find all files matching complete_path = os.path.expanduser( os.path.expandvars(gpath)) glob_matches = glob.glob(complete_path) logger.debug("complete path: %s" % complete_path) logger.debug("glob matches: %s" % glob_matches) if len(glob_matches)==0: logger.error("No file matching %s" % complete_path) raise Exception("No files matching %s." % complete_path) for pfile in glob_matches: logger.error("parsing file: %s" % pfile) results += parse_raw_pstack(pfile, thread_id, reverse, separator, fileorderindex) #return results return results # noinspection PyUnreachableCode if __name__ == '__main__': try: si.outputResults(raw_pstack(), messages, fields) except Exception, e: import traceback stack = traceback.format_exc() si.generateErrorResults("Following error occurred while parsing pstack: '%s'." % (e)) logger.error("%s. %s" % (e, stack))