def earliestTime(self):
# First optimization, we need only store earliest and latest
# as an offset of now if they're relative times
if self._earliestParsed is not None:
earliestTime = self.now() - self._earliestParsed
logger.debug("Using cached earliest time: %s" % earliestTime)
else:
if (self.earliest.strip()[0:1] == "+"
or self.earliest.strip()[0:1] == "-"
or self.earliest == "now"):
tempearliest = timeParser(self.earliest,
timezone=self.timezone)
temptd = self.now(realnow=True) - tempearliest
self._earliestParsed = datetime.timedelta(
days=temptd.days, seconds=temptd.seconds)
earliestTime = self.now() - self._earliestParsed
logger.debug(
"Calulating earliestParsed as '%s' with earliestTime as '%s' and self.sample.earliest as '%s'"
% (self._earliestParsed, earliestTime, tempearliest))
else:
earliestTime = timeParser(self.earliest,
timezone=self.timezone)
logger.debug("earliestTime as absolute time '%s'" %
earliestTime)
return earliestTime
def latestTime(self):
if self._latestParsed is not None:
latestTime = self.now() - self._latestParsed
logger.debug("Using cached latestTime: %s" % latestTime)
else:
if self.latest.strip()[0:1] == '+' or \
self.latest.strip()[0:1] == '-' or \
self.latest == 'now':
templatest = timeParser(self.latest, timezone=self.timezone)
temptd = self.now(realnow=True) - templatest
self._latestParsed = datetime.timedelta(days=temptd.days, seconds=temptd.seconds)
latestTime = self.now() - self._latestParsed
logger.debug(
"Calulating latestParsed as '%s' with latestTime as '%s' and self.sample.latest as '%s'" %
(self._latestParsed, latestTime, templatest))
else:
latestTime = timeParser(self.latest, timezone=self.timezone)
logger.debug("latstTime as absolute time '%s'" % latestTime)
return latestTime
def test_timeparser(ts, tz, expect):
'''
test timeParser function, parse splunk time modifier
Normal Cases:
Case 1: get now timestamp
Case 2: get utc now timestamp
Case 3: get utc+2 timezone timestamp
Case 4: get utc-2 timezone timestamp
Case 5: get the 7 days ago timestamp
Case 5: get the beginning of this month. check the snap to month
Case 6: get the beginning of last month. check the snap to last month
Case 7: get 3 days ago, snap to day
Case 8: get 5 days later
Corner Cases:
Case 1: empty string as input. behavior <TBD>
'''
r = timeparser.timeParser(ts, tz, mock_now, mock_utc_now)
check_datetime_equal(r, expect)
def test_timeparser(ts, tz, expect):
'''
test timeParser function, parse splunk time modifier
Normal Cases:
Case 1: get now timestamp
Case 2: get utc now timestamp
Case 3: get utc+2 timezone timestamp
Case 4: get utc-2 timezone timestamp
Case 5: get the 7 days ago timestamp
Case 5: get the beginning of this month. check the snap to month
Case 6: get the beginning of last month. check the snap to last month
Case 7: get 3 days ago, snap to day
Case 8: get 5 days later
Corner Cases:
Case 1: empty string as input. behavior <TBD>
'''
r = timeparser.timeParser(ts, tz, mock_now, mock_utc_now)
check_datetime_equal(r, expect)
def setupBackfill(self):
"""
Called by non-queueable plugins or by the timer to setup backfill times per config or based on a Splunk Search
"""
s = self._sample
if s.backfill is not None:
try:
s.backfillts = timeParser(s.backfill, timezone=s.timezone)
logger.info("Setting up backfill of %s (%s)" %
(s.backfill, s.backfillts))
except Exception as ex:
logger.error("Failed to parse backfill '%s': %s" %
(s.backfill, ex))
raise
if s.backfillSearch is not None:
if s.backfillSearchUrl is None:
try:
s.backfillSearchUrl = c.getSplunkUrl(s)[
0] # noqa, we update c in the globals() dict
except ValueError:
logger.error(
"Backfill Search URL not specified for sample '%s', not running backfill search"
% s.name)
if not s.backfillSearch.startswith('search'):
s.backfillSearch = 'search ' + s.backfillSearch
s.backfillSearch += '| head 1 | table _time'
if s.backfillSearchUrl is not None:
logger.debug(
"Searching Splunk URL '%s/services/search/jobs' with search '%s' with sessionKey '%s'"
%
(s.backfillSearchUrl, s.backfillSearch, s.sessionKey))
results = httplib2.Http(
disable_ssl_certificate_validation=True).request(
s.backfillSearchUrl + '/services/search/jobs',
'POST',
headers={
'Authorization': 'Splunk %s' % s.sessionKey
},
body=urllib.parse.urlencode({
'search': s.backfillSearch,
'earliest_time': s.backfill,
'exec_mode': 'oneshot'
}))[1]
try:
temptime = minidom.parseString(
results).getElementsByTagName(
'text')[0].childNodes[0].nodeValue
# logger.debug("Time returned from backfill search: %s" % temptime)
# Results returned look like: 2013-01-16T10:59:15.411-08:00
# But the offset in time can also be +, so make sure we strip that out first
if len(temptime) > 0:
if temptime.find('+') > 0:
temptime = temptime.split('+')[0]
temptime = '-'.join(temptime.split('-')[0:3])
s.backfillts = datetime.datetime.strptime(
temptime, '%Y-%m-%dT%H:%M:%S.%f')
logger.debug(
"Backfill search results: '%s' value: '%s' time: '%s'"
%
(pprint.pformat(results), temptime, s.backfillts))
except (ExpatError, IndexError):
pass
if s.end is not None:
parsed = False
try:
s.end = int(s.end)
s.endts = None
parsed = True
except ValueError:
logger.debug(
"Failed to parse end '%s' for sample '%s', treating as end time"
% (s.end, s.name))
if not parsed:
try:
s.endts = timeParser(s.end, timezone=s.timezone)
logger.info("Ending generation at %s (%s)" %
(s.end, s.endts))
except Exception as ex:
logger.error(
"Failed to parse end '%s' for sample '%s', treating as number of executions"
% (s.end, s.name))
raise
