def test_checks(self): self.maxDiff = None config = { 'init_config': { 'default_restart_history_time_seconds': 3600, 'default_max_query_chunk_seconds': 3600 }, 'instances': [ { 'url': 'http://localhost:13001', 'username': "******", 'password': "******", 'saved_searches': [{ "name": "empty", "parameters": {}, 'max_restart_history_seconds': 3600, 'max_query_chunk_seconds': 3600 }], 'tags': ["checktag:checktagvalue"] } ] } # Used to validate which searches have been executed test_data = { "time": 0, "earliest_time": "" } def _mocked_current_time_seconds(): return test_data["time"] def _mocked_dispatch_saved_search_dispatch(*args, **kwargs): earliest_time = args[2]['dispatch.earliest_time'] if test_data["earliest_time"] != "": self.assertEquals(earliest_time, test_data["earliest_time"]) return "empty" test_mocks = { '_auth_session': _mocked_auth_session, '_dispatch': _mocked_dispatch_saved_search_dispatch, '_search': _mocked_search, '_current_time_seconds': _mocked_current_time_seconds, '_saved_searches': _mocked_saved_searches } # Initial run with initial time test_data["time"] = time_to_seconds('2017-03-08T00:00:00.000000+0000') test_data["earliest_time"] = '2017-03-08T00:00:00.000000+0000' self.run_check(config, mocks=test_mocks) self.assertEqual(len(self.events), 0) # Restart check and recover data, taking into account the max restart history test_data["time"] = time_to_seconds('2017-03-08T12:00:00.000000+0000') test_data["earliest_time"] = '2017-03-08T11:00:00.000000+0000' test_data["latest_time"] = '2017-03-08T11:00:00.000000+0000' self.run_check(config, mocks=test_mocks, force_reload=True)
def _extract_telemetry(self, saved_search, instance, result, sent_already): for data in result["results"]: # We need a unique identifier for splunk events, according to https://answers.splunk.com/answers/334613/is-there-a-unique-event-id-for-each-event-in-the-i.html # this can be (server, index, _cd) try: if not saved_search.unique_key_fields: # empty list, whole record current_id = tuple(data) else: current_id = tuple( data[field] for field in saved_search.unique_key_fields) timestamp = time_to_seconds(take_required_field("_time", data)) if timestamp > saved_search.last_observed_timestamp: saved_search.last_observed_telemetry = {current_id } # make a new set saved_search.last_observed_timestamp = timestamp elif timestamp == saved_search.last_observed_timestamp: saved_search.last_observed_telemetry.add(current_id) if current_id in sent_already: continue telemetry = saved_search.retrieve_fields(data) event_tags = [ "%s:%s" % (key, value) for key, value in self._filter_fields(data).iteritems() ] event_tags.extend(instance.tags) telemetry.update({"tags": event_tags, "timestamp": timestamp}) yield telemetry except Exception: yield None
def test_checks(self): self.maxDiff = None config = { 'init_config': { }, 'instances': [ { 'url': 'http://localhost:13001', 'username': "******", 'password': "******", 'saved_searches': [{ "name": "events", "parameters": {}, }], 'tags': ["checktag:checktagvalue"] } ] } # Used to validate which searches have been executed test_data = { "time": 0, "earliest_time": "" } def _mocked_current_time_seconds(): return test_data["time"] def _mocked_dispatch_saved_search_dispatch(*args, **kwargs): earliest_time = args[2]['dispatch.earliest_time'] if test_data["earliest_time"] != "": self.assertEquals(earliest_time, test_data["earliest_time"]) return "events" test_mocks = { '_auth_session': _mocked_auth_session, '_dispatch': _mocked_dispatch_saved_search_dispatch, '_search': _mocked_minimal_search, '_current_time_seconds': _mocked_current_time_seconds, '_saved_searches': _mocked_saved_searches } self.collect_ok = False # Run the check, collect will fail test_data["time"] = time_to_seconds('2017-03-08T11:00:00.000000+0000') test_data["earliest_time"] = '2017-03-08T11:00:00.000000+0000' self.run_check(config, mocks=test_mocks) self.assertEqual(len(self.events), 2) # Make sure we keep the same start time self.run_check(config, mocks=test_mocks)
def test_checks(self): self.maxDiff = None config = { 'init_config': { 'default_initial_history_time_seconds': 86400, 'default_max_query_chunk_seconds': 3600 }, 'instances': [{ 'url': 'http://localhost:13001', 'username': "******", 'password': "******", 'saved_searches': [{ "name": "empty", "parameters": {}, 'max_initial_history_seconds': 86400, 'max_query_chunk_seconds': 3600 }], 'tags': ["checktag:checktagvalue"] }] } # Used to validate which searches have been executed test_data = {"time": 0, "earliest_time": "", "latest_time": ""} def _mocked_current_time_seconds(): return test_data["time"] def _mocked_dispatch_saved_search_dispatch(*args, **kwargs): earliest_time = args[2]['dispatch.earliest_time'] if test_data["earliest_time"] != "": self.assertEquals(earliest_time, test_data["earliest_time"]) if test_data["latest_time"] is None: self.assertTrue('dispatch.latest_time' not in args[2]) elif test_data["latest_time"] != "": self.assertEquals(args[2]['dispatch.latest_time'], test_data["latest_time"]) return "events" test_mocks = { '_auth_session': _mocked_auth_session, '_dispatch': _mocked_dispatch_saved_search_dispatch, '_search': _mocked_minimal_search, '_current_time_seconds': _mocked_current_time_seconds, '_saved_searches': _mocked_saved_searches } test_data["time"] = time_to_seconds('2017-03-09T00:00:00.000000+0000') # Gather initial data for slice_num in range(0, 23): test_data["earliest_time"] = '2017-03-08T%s:00:00.000000+0000' % ( str(slice_num).zfill(2)) test_data["latest_time"] = '2017-03-08T%s:00:00.000000+0000' % ( str(slice_num + 1).zfill(2)) self.run_check(config, mocks=test_mocks) self.assertTrue( self.continue_after_commit, "As long as we are not done with history, the check should continue" ) # Now continue with real-time polling (earliest time taken from last event) test_data["earliest_time"] = '2017-03-08T23:00:00.000000+0000' test_data["latest_time"] = None self.run_check(config, mocks=test_mocks) self.assertEqual(len(self.events), 2) self.assertFalse( self.continue_after_commit, "As long as we are not done with history, the check should continue" )
def test_checks(self): self.maxDiff = None config = { 'init_config': {}, 'instances': [{ 'url': 'http://localhost:13001', 'username': "******", 'password': "******", 'saved_searches': [{ "name": "poll", "parameters": {}, "batch_size": 2 }], 'tags': ["checktag:checktagvalue"] }] } # Used to validate which searches have been executed test_data = { "expected_searches": ["poll"], "sid": "", "time": 0, "earliest_time": "", "throw": False } def _mocked_current_time_seconds(): return test_data["time"] def _mocked_polling_search(*args, **kwargs): sid = args[0] count = args[1].batch_size return json.loads( Fixtures.read_file("batch_%s_seq_%s.json" % (sid, count), sdk_dir=FIXTURE_DIR)) def _mocked_dispatch_saved_search_dispatch(*args, **kwargs): if test_data["throw"]: raise CheckException("Is broke it") earliest_time = args[2]['dispatch.earliest_time'] if test_data["earliest_time"] != "": self.assertEquals(earliest_time, test_data["earliest_time"]) return test_data["sid"] test_mocks = { '_auth_session': _mocked_auth_session, '_dispatch': _mocked_dispatch_saved_search_dispatch, '_search': _mocked_polling_search, '_current_time_seconds': _mocked_current_time_seconds, '_saved_searches': _mocked_saved_searches } # Initial run test_data["sid"] = "poll" test_data["time"] = time_to_seconds("2017-03-08T18:29:59.000000+0000") self.run_check(config, mocks=test_mocks) self.assertEqual(len(self.events), 4) self.assertEqual([e['event_type'] for e in self.events], ["0_1", "0_2", "1_1", "1_2"]) # respect earliest_time test_data["sid"] = "poll1" test_data["earliest_time"] = '2017-03-08T18:29:59.000000+0000' self.run_check(config, mocks=test_mocks) self.assertEqual(len(self.events), 1) self.assertEqual([e['event_type'] for e in self.events], ["2_1"]) # Throw exception during search test_data["throw"] = True thrown = False try: self.run_check(config, mocks=test_mocks) except CheckException: thrown = True self.assertTrue(thrown, "Expect thrown to be done from the mocked search") self.assertEquals( self.service_checks[1]['status'], 2, "service check should have status AgentCheck.CRITICAL")