except ImportError:
import httplib as http_client
import json
import os
import operator
import sys
from splunk import RESTException
from splunk.clilib.bundle_paths import make_splunkhome_path
from splunk.persistconn.application import PersistentServerConnectionApplication
sys.path.append(make_splunkhome_path(['etc', 'apps', 'Splunk_SA_CIM', 'lib']))
from splunk_sa_cim.log import setup_logger
from splunk_sa_cim.modaction_queue import ModularActionQutils
logger = setup_logger('modaction_queue_handler')
class ModularActionQueueKeyHandler(PersistentServerConnectionApplication):
'''REST handler for generating modular action queue api keys.'''
def __init__(self, command_line, command_arg):
super(ModularActionQueueKeyHandler, self).__init__()
try:
params = json.loads(command_arg)
except Exception as e:
logger.warn(e)
params = {}
ModularActionQutils.set_log_level(logger, params)
import splunk.rest
import splunk.util
import sys
try:
from urllib.request import quote
except ImportError:
from urllib import quote
from splunk.clilib.bundle_paths import make_splunkhome_path
from splunk.persistconn.application import PersistentServerConnectionApplication
from time import gmtime
sys.path.append(make_splunkhome_path(['etc', 'apps', 'Splunk_SA_CIM', 'lib']))
from splunk_sa_cim.log import setup_logger
logger = setup_logger('modaction_adhoc_rest_handler')
class ModularActionAdhocException(Exception):
"""Custom exception for Modular Action Adhoc REST handler"""
pass
class ModularActionAdhocRestHandler(PersistentServerConnectionApplication):
"""REST handler for dispatching modular actions in ad-hoc mode."""
ALERT_ACTIONS_URI = '/services/alerts/alert_actions/%s'
PARAM_ACTION_NAME = 'action_name'
TOKENS_EXPECTED = ('action_name', '_time', 'source', 'indexer_guid',
'event_hash')
TOKENS_TRIGGER_TIME = ('trigger_time', )
name = alert_action['name']
app = alert_action['acl']['app']
script = make_splunkhome_path(
["etc", "apps", app, "bin",
"%s.py" % name])
cmd = [
make_splunkhome_path(["bin", "splunk"]), "cmd",
python_cmd, script, "--execute"
]
try:
returncode = self.run_action(cmd, payload,
normalized_maxtime)
if returncode != 0:
self.logger.info("Modular alert exit with code %d",
returncode)
self.dequeue(target, key, worker, password, verify,
client_cert)
except Exception as e:
self.logger.error(
"Exception when running modular alert %s: %s",
stanza_name, e)
if __name__ == '__main__':
logger = setup_logger('relaymodaction', level=logging.INFO)
try:
modinput = RelayModAction(logger=logger)
modinput.execute()
except Exception:
logger.exception("Error")
import splunk.Intersplunk
import sys
from splunk import AuthenticationFailed
from splunk.clilib.bundle_paths import make_splunkhome_path
sys.path.append(make_splunkhome_path(["etc", "apps", "Splunk_SA_CIM", "lib"]))
from cim_models import DataModels
from splunk_sa_cim.log import setup_logger
logger = setup_logger('datamodelsimple')
if __name__ == '__main__':
logger.info('Starting datamodelsimple search command')
return_type = 'models'
datamodel = None
obj = None
nodename = None
# Override Defaults w/ opts below
if len(sys.argv) > 1:
for a in sys.argv:
if a.startswith('type='):
where = a.find('=')
return_type = a[where + 1:len(a)]
elif a.startswith('datamodel='):
where = a.find('=')
datamodel = a[where + 1:len(a)]
elif a.startswith('object='):
where = a.find('=')