def collect(self, dateRange): ''' :param dateRange: dict("start" : date , "stop" : date) :return: ''' saved_search = self.dataPointSchema.dataPointSchema.get('saved_search') spl = self.dataPointSchema.dataPointSchema.get('spl') if saved_search: spl = ' '.join(['|', 'savedsearch', saved_search]) splunkrc = self.options.get('splunkrc') instrumentationIndex = InstrumentationIndex(splunkrc=splunkrc) kwargs = { "earliest_time": dateRange['start'], "latest_time": dateRange['stop'] } if isinstance(kwargs['earliest_time'], date): kwargs['earliest_time'] = date_to_timestamp_str( datetime.combine(kwargs['earliest_time'], time.min).replace(tzinfo=local)) if isinstance(kwargs['latest_time'], date): kwargs['latest_time'] = date_to_timestamp_str( datetime.combine(kwargs['latest_time'], time.max).replace(tzinfo=local)) events = instrumentationIndex.query_runner.search(spl, **kwargs) return events
def send_failed(self, start, end, visibility, method=METHOD['AUTO'], time_range=None, count=None): """send_failed. Send status failed into index_name start = a datetime Object end = a datetime Object visibility = ['licese', 'anonymous'] method = ['auto', 'manual'] """ logging.info("failed send " + date_to_timestamp_str(start) + ' to ' + date_to_timestamp_str(end)) self._submit_status(self._status["FAILED"], start, end, visibility, source=self.source, method=method, time_range=time_range, count=None)
def _query_by_date(self, t_start, t_end, visibility, time_limit=None): ''' earliest and latest makes the assumtion that _telemery events are indexed the day after they happen :param t_start: :param t_end: :param visibility: :return: ''' search_cmd = 'search index=' + self.index_name search_cmd += " sourcetype=" + INSTRUMENTATION_SOURCETYPE + " | spath date | search " if time_limit: kwargs = { "earliest_time": date_to_timestamp_str(time_limit['start']), "latest_time": date_to_timestamp_str(time_limit['stop']) } else: kwargs = { "earliest_time": date_to_timestamp_str( datetime.combine(t_start, time.min).replace(tzinfo=local)), "latest_time": date_to_timestamp_str( datetime.combine(t_end + timedelta(days=1), time.max).replace(tzinfo=local)) } if t_start: search_cmd += (' date>=%s' % t_start.strftime("%Y-%m-%d")) if t_end: search_cmd += (' date<=%s' % t_end.strftime("%Y-%m-%d")) visibility_cmd = self._get_visibility_cmd(visibility) search_cmd += " (%s)" % visibility_cmd return self.query_runner.search(search_cmd, **kwargs)
def get_last_auto_send_log(self): """Get the last event recorded to index_name with method = auto """ search_cmd = 'search index = ' + self.index_name + ' sourcetype=' + AUDIT_SOURCETYPE + ' method = auto| head 1' query_results = [ value for value in self.query_runner._query(search_cmd) ] if not query_results or len(query_results) == 0: return None result = json.loads(query_results[0]['_raw']) result['start'] = datetime.fromtimestamp(float(result['start'])) result['end'] = datetime.fromtimestamp(float(result['end'])) logging.info("get_last_auto_send_log " + date_to_timestamp_str(result['start']) + ' to ' + date_to_timestamp_str(result['end'])) return result
def bundle_data(self, status, start, end, visibility, source=None, method=METHOD['AUTO'], time_range=None, count=None): date_range = {} if time_range is None: time_range = { "start": local_date_to_utc(start, dtime.min), "stop": local_date_to_utc(end + timedelta(days=1), dtime.max) } date_range['start'] = date_to_timestamp_str(time_range.get('start')) date_range['stop'] = date_to_timestamp_str(time_range.get('stop')) data = { "time": int(time.time()), "status": status, "start": date_range['start'], "end": date_range['stop'], "executionID": INST_EXECUTION_ID, "visibility": visibility, "method": method, "start_date": start, "end_date": end, "count": count, "version": INST_VERSION } data = json.dumps(data, default=json_serial) return data