def run(self, params={}): query = params.get(Input.QUERY) log_name = params.get(Input.LOG) timeout = params.get(Input.TIMEOUT) time_from_string = params.get(Input.TIME_FROM) relative_time_from = params.get(Input.RELATIVE_TIME) time_to_string = params.get(Input.TIME_TO) # Time To is optional, if not specified, time to is set to now time_from, time_to = parse_dates(time_from_string, time_to_string, relative_time_from) if time_from > time_to: raise PluginException(cause="Time To input was chronologically behind Time From.", assistance="Please edit the step so Time From is chronologically behind (in the past) relative to Time To.\n", data=f"\nTime From: {time_from}\nTime To:{time_to}") log_id = self.get_log_id(log_name) # The IDR API will SOMETIMES return results immediately. # It will return results if it gets them. If not, we'll get a call back URL to work on callback_url, log_entries = self.maybe_get_log_entries(log_id, query, time_from, time_to) if not log_entries: log_entries = self.get_results_from_callback(callback_url, timeout) log_entries = komand.helper.clean(log_entries) for log_entry in log_entries: log_entry["message"] = json.loads(log_entry.get("message", "{}")) self.logger.info(f"Sending results to orchestrator.") return {Output.RESULTS: log_entries, Output.COUNT: len(log_entries)}
def test_parse_dates(self): time_test_rel = "Absolute Time To" time_test1 = "2005/10/31T17:11:09" time_test2 = "01-01-2020" time_test3 = "01-01-2020T18:01:01" time_test4 = "02/24/1978" time_test5 = "13:25" time_test6 = "01/27/2020 10:00 PM" time_test7 = "01-01-2020" time_test8 = "12-31-2020" res1, res2 = parse_dates(time_test1, time_test2, time_test_rel) res3, res4 = parse_dates(time_test3, time_test4, time_test_rel) res5, res6 = parse_dates(time_test5, time_test6, time_test_rel) res7, res8 = parse_dates(time_test7, time_test8, time_test_rel) self.assertEquals(res1, 1130800269000) self.assertEquals(res2, 1577858400000) self.assertEquals(res3, 1577923261000) self.assertEquals(res4, 257148000000) self.assertIsNotNone(res5) # This will be today @ 1:25 PM. self.assertEquals(res6, 1580184000000) self.assertEquals(res7, 1577858400000) self.assertEquals(res8, 1609394400000) not_used, now_result = parse_dates(time_test1, None, time_test_rel) self.assertIsNotNone(now_result) with self.assertRaises(PluginException): parse_dates("AAA", None, time_test_rel)
def test_parse_dates_relative_time_no_to_date_specified(self): time_from = "1/1/2000" # This shouldn't happen, but wanted to make sure there wasn't a crash. not_used, res2 = parse_dates(time_from, "", "") expected = int(time.time()) * 1000 # This is realtime, give us 1s leeway for expected results self.assertTrue(expected - 1000 < res2 < expected + 1000)
def test_parse_dates_relative_time(self): time_test1 = "2005/10/31T17:11:09" time_rel = "Absolute Time To" res1, _ = parse_dates(time_test1, time_test1, time_rel) self.assertEquals(res1, 1130800269000) time_rel = "Last 5 Minutes" res1, _ = parse_dates(time_test1, "", time_rel) expected = int(time.time()) * 1000 - 300000 actual = res1 self.assertTrue(expected - 1000 < actual < expected + 1000) time_rel = "Last 12 Hours" res1, _ = parse_dates(time_test1, "", time_rel) expected = int(time.time()) * 1000 - 4.32e+7 actual = res1 self.assertTrue(expected - 1000 < actual < expected + 1000)