def custom_api_payload(plugin_hostname, data_validity):
'''
Build a custom Payload for ElasticSearch
here: HTTP Request Body for getting Disk space values for a specified hostname
'''
try:
# ElasticSearch Custom Variables:
beat_name = plugin_hostname
field_name = "system.filesystem.device_name"
metricset_module = "system"
metricset_name = "filesystem"
# Get Data Validity Epoch Timestamp:
newest_valid_timestamp, oldest_valid_timestamp = get_data_validity_range(data_validity)
# Build the generic part of the API Resquest Body:
generic_payload = generic_api_payload(100)
custom_payload = {}
custom_payload.update(generic_payload)
# Add the Query structure with ElasticSearch Variables:
custom_payload.update({"query": {"bool": {"must": [], "filter": [], "should": [], "must_not": []}}})
custom_payload["query"]["bool"]["must"].append({"match_all": {}})
custom_payload["query"]["bool"]["must"].append({"exists": {"field": ""+field_name+""}})
custom_payload["query"]["bool"]["must"].append(
{"match_phrase": {"event.module": {"query": ""+metricset_module+""}}}
)
custom_payload["query"]["bool"]["must"].append(
{"match_phrase": {"metricset.name": {"query": ""+metricset_name+""}}}
)
custom_payload["query"]["bool"]["must"].append(
{"match_phrase": {"host.name": {"query": ""+beat_name+""}}}
)
custom_payload["query"]["bool"]["must"].append(
{"range": {"@timestamp": {
"gte": ""+str(oldest_valid_timestamp)+"",
"lte": ""+str(newest_valid_timestamp)+"",
"format": "epoch_millis"
}}}
)
return custom_payload
except Exception as e:
print("Error calling \"custom_api_payload\"... Exception {}".format(e))
sys.exit(3)
def custom_api_payload(hostname, windows_service, data_validity):
try:
# ElasticSearch Custom Variables:
beat_name = hostname
field_name = "windows.service.name"
event_module = "windows"
metricset_name = "service"
# Get Data Validity Epoch Timestamp:
newest_valid_timestamp, oldest_valid_timestamp = get_data_validity_range(
data_validity)
# Build the generic part of the API Resquest Body:
generic_payload = generic_api_payload(1)
custom_payload = {}
custom_payload.update(generic_payload)
# Add the Query structure with ElasticSearch Variables:
custom_payload.update({
"query": {
"bool": {
"must": [],
"filter": [],
"should": [],
"must_not": []
}
}
})
custom_payload["query"]["bool"]["must"].append({"match_all": {}})
custom_payload["query"]["bool"]["must"].append({
"match_phrase": {
"" + field_name + "": {
"query": "" + windows_service + ""
}
}
})
custom_payload["query"]["bool"]["must"].append({
"match_phrase": {
"event.module": {
"query": "" + event_module + ""
}
}
})
custom_payload["query"]["bool"]["must"].append({
"match_phrase": {
"metricset.name": {
"query": "" + metricset_name + ""
}
}
})
custom_payload["query"]["bool"]["must"].append(
{"match_phrase": {
"host.name": {
"query": "" + beat_name + ""
}
}})
custom_payload["query"]["bool"]["must"].append({
"range": {
"@timestamp": {
"gte": "" + str(oldest_valid_timestamp) + "",
"lte": "" + str(newest_valid_timestamp) + "",
"format": "epoch_millis"
}
}
})
return custom_payload
except Exception as e:
print("Error calling \"custom_api_payload\"... Exception {}".format(e))
sys.exit(3)
def custom_api_payload(hostname, data_validity):
'''
Build a custom Payload for ElasticSearch
here: HTTP Request Body for getting Disk space values for a specified hostname
'''
try:
# ElasticSearch Custom Variables:
metricset_module = "system"
metricset_name = "network"
# Get Data Validity Epoch Timestamp:
newest_valid_timestamp, oldest_valid_timestamp = get_data_validity_range(
data_validity)
# Build the generic part of the API Resquest Body:
custom_payload = generic_api_payload(40)
# Add the Query structure with ElasticSearch Variables:
custom_payload.update({
'query': {
'bool': {
'must': [],
'filter': [],
'should': [],
'must_not': []
}
}
})
custom_payload['query']['bool']['must'].append({'match_all': {}})
custom_payload['query']['bool']['must'].append(
{'match_phrase': {
'event.module': {
'query': metricset_module
}
}})
custom_payload['query']['bool']['must'].append(
{'match_phrase': {
'metricset.name': {
'query': metricset_name
}
}})
custom_payload['query']['bool']['must'].append(
{'match_phrase': {
'host.name': {
'query': hostname
}
}})
custom_payload['query']['bool']['must'].append(
{'exists': {
'field': 'system.network'
}})
custom_payload['query']['bool']['must_not'].append(
{'match': {
'system.network.name': {
'query': 'lo'
}
}})
custom_payload['query']['bool']['must'].append({
'range': {
'@timestamp': {
'gte': str(oldest_valid_timestamp),
'lte': str(newest_valid_timestamp),
'format': 'epoch_millis'
}
}
})
return custom_payload
except Exception as e:
print("Error calling \"custom_api_payload\"... Exception {}".format(e))
sys.exit(3)
def custom_api_payload_get_process(hostname, process_name, data_validity,
timestamp):
try:
if timestamp != "TBD":
# ElasticSearch Custom Variables:
beat_name = hostname
field_name = "process.name"
event_module = "system"
metricset_name = "process"
# Get Data Validity Epoch Timestamp:
newest_valid_timestamp, oldest_valid_timestamp = get_data_validity_range(
data_validity)
# Build the generic part of the API Resquest Body:
generic_payload = generic_api_payload(50)
payload_get_process = {}
payload_get_process.update(generic_payload)
# Add the Query structure with ElasticSearch Variables:
payload_get_process.update({
"query": {
"bool": {
"must": [],
"filter": [],
"should": [],
"must_not": []
}
}
})
payload_get_process["query"]["bool"]["must"].append(
{"match_all": {}})
payload_get_process["query"]["bool"]["must"].append({
"match_phrase": {
"" + field_name + "": {
"query": "" + process_name + ""
}
}
})
payload_get_process["query"]["bool"]["must"].append({
"match_phrase": {
"@timestamp": {
"query": "" + timestamp + ""
}
}
})
payload_get_process["query"]["bool"]["must"].append({
"match_phrase": {
"event.module": {
"query": "" + event_module + ""
}
}
})
payload_get_process["query"]["bool"]["must"].append({
"match_phrase": {
"metricset.name": {
"query": "" + metricset_name + ""
}
}
})
payload_get_process["query"]["bool"]["must"].append({
"match_phrase": {
"host.name": {
"query": "" + beat_name + ""
}
}
})
payload_get_process["query"]["bool"]["must"].append({
"range": {
"@timestamp": {
"gte": "" + str(oldest_valid_timestamp) + "",
"lte": "" + str(newest_valid_timestamp) + "",
"format": "epoch_millis"
}
}
})
else:
payload_get_process = "No_Payload"
print("No Event found for Process \"{}\".format(process_name)")
return payload_get_process
except Exception as e:
print("Error calling \"custom_api_payload\"... Exception {}".format(e))
sys.exit(3)