def grant_permissions_alert(self, alert_name, group="app"):
"""
Grant permissions for an existing Splunk alert for the specified group
@type group: str
@param group: Level to grant permissions for. Default is "app"
@rtype: None
@return: None
"""
curl_cmd = '''curl -k -u %s:%s %s/%s/%s/saved/searches/%s/acl -d sharing=%s -d owner=%s''' \
% (self.user, self.passwd, self.url, self.user, self.app, alert_name, group, self.user)
try:
# Execute curl command
self.shell_exec.safe_execute(curl_cmd,
splitcmd=False,
as_shell=True)
logkv(logger, {
"msg": "Granted permissions on alert",
"dataset": self.dataset
}, "info")
except ShellException:
logkv(
logger, {
"msg": "Error in granting permissions on alert",
"dataset": self.dataset
}, "error")
raise SplunkManagerException()
def _agg_alert_params(self, alert_name):
"""
Returns a string that specifies the various fields / values associated with this alert
@type alert_name: str
@param alert_name: Name of alert whose params are to be aggregated
@rtype: str
@return: String specifying the parameters for the alert to be used in a call to Splunk REST API
"""
params_curl_cmd = """"""
try:
alert_dict = self.splunk_alerts[alert_name].alert_configs
except:
logkv(
logger, {
"msg": "Error finding alert name %s" % alert_name,
"dataset": self.dataset
}, "error")
raise SplunkManagerException()
for key in alert_dict.keys():
params_curl_cmd += """ -d %s=%s""" % (key, alert_dict[key])
return params_curl_cmd
def _get_xml_saved_searches(self):
"""
Get XML for all saved searches for given dataset
@rtype: str
@return: XML for all saved searches from this dataset's REST endpoint
"""
curl_cmd = '''curl -k -u %s:%s %s/%s/%s/saved/searches?search=%s*''' \
% (self.user, self.passwd, self.url, self.user, self.app, self.base_name)
try:
# Execute curl command
xml = self.shell_exec.safe_execute(curl_cmd,
splitcmd=False,
as_shell=True).output
logkv(logger, {
"msg": "Got XML for all alerts",
"dataset": self.dataset
}, "info")
return xml
except ShellException:
logkv(
logger, {
"msg": "Error in getting XML for all alerts",
"dataset": self.dataset
}, "error")
raise SplunkManagerException()
def cleanup_alert(self, alert):
"""
Deletes specified Splunk alert
@type alert: str
@param alert: Last part of URL path for alert REST endpoint
@rtype: None
@return: None
"""
curl_cmd = '''curl -k -u %s:%s --request DELETE %s/%s/%s/saved/searches/%s''' \
% (self.user, self.passwd, self.url, self.user, self.app, alert)
try:
# Execute curl command
self.shell_exec.safe_execute(curl_cmd,
splitcmd=False,
as_shell=True)
logkv(logger, {
"msg": "Removed alert %s" % alert,
"dataset": self.dataset
}, "info")
except ShellException:
logkv(
logger, {
"msg": "Error in removing alert %s" % alert,
"dataset": self.dataset
}, "error")
raise SplunkManagerException()
def setup_dashboard(self, dash_xml):
"""
Creates a new Splunk dashboard or overwrites it if it already exists
@type dash_xml: str
@param dash_xml: Dashboard XML to post
@rtype: None
@return: None
"""
# Construct curl command (change this to use urllib2)
curl_cmd = '''curl -k -u %s:%s %s/%s/%s/data/ui/views -d 'name=%s&eai:data=%s' ''' \
% (self.user, self.passwd, self.url, self.user, self.app, self.base_name, dash_xml)
try:
# Execute curl command
self.shell_exec.safe_execute(curl_cmd,
splitcmd=False,
as_shell=True)
logkv(logger, {
"msg": "Set up dashboard",
"dataset": self.dataset
}, "info")
except ShellException:
logkv(logger, {
"msg": "Error in setting up dashboard",
"dataset": self.dataset
}, "error")
raise SplunkManagerException()
def cleanup_dashboard(self):
"""
Delete an existing Splunk dashboard
@rtype: None
@return: None
"""
owner = self._get_dash_owner()
curl_cmd = '''curl -k -u %s:%s --request DELETE %s/%s/%s/data/ui/views/%s''' \
% (self.user, self.passwd, self.url, owner, self.app, self.base_name)
try:
# Execute curl command
self.shell_exec.safe_execute(curl_cmd,
splitcmd=False,
as_shell=True)
logkv(logger, {
"msg": "Removed dashboard",
"dataset": self.dataset
}, "info")
except ShellException:
logkv(logger, {
"msg": "Error in removing dashboard",
"dataset": self.dataset
}, "error")
raise SplunkManagerException()
def create_alert(self, alert_name):
"""
Makes a call to the Splunk REST API in order to create the specified alert
@type alert_name: str
@param alert_name: Name of alert to be created
@rtype: None
@return: None
"""
try:
base_curl_cmd = '''curl -k -u %s:%s %s/%s/%s/saved/searches/ -d name=%s --data-urlencode search=%s''' \
% (self.user, self.passwd, self.url, self.user, self.app, alert_name,
self.splunk_alerts[alert_name].search_str)
curl_cmd = base_curl_cmd + self._agg_alert_params(alert_name)
except KeyError:
logkv(
logger, {
"msg": "Error finding alert name %s" % alert_name,
"dataset": self.dataset
}, "error")
raise SplunkManagerException()
try:
# Execute curl command
self.shell_exec.safe_execute(curl_cmd,
splitcmd=False,
as_shell=True)
logkv(
logger, {
"msg": "Created Splunk email alert %s" % alert_name,
"dataset": self.dataset
}, "info")
except ShellException:
logkv(
logger, {
"msg": "Error in creating Splunk email alert",
"dataset": self.dataset,
"curl_cmd": curl_cmd
}, "error")
raise SplunkManagerException()
def setup_all_alerts(self):
"""
Create all alerts based on stored SplunkAlerts
@rtype: None
@return: None
"""
try:
for alert_name in self.splunk_alerts.keys():
self.create_alert(alert_name)
self.grant_permissions_alert(alert_name)
except:
logkv(logger, {
"msg": "Error in setting up all alerts",
"dataset": self.dataset
}, "error")
raise SplunkManagerException()
def _get_dashboard_perm_xml(self):
"""
Internal method which returns XML containing info on permissions for dashboard. This is used by
cleanup_dashboard() to figure out which REST endpoint to delete.
@rtype: str
@return: XML from ACL endpoint for dashboard
"""
curl_cmd = '''curl -k -u %s:%s %s/%s/%s/data/ui/views/%s/acl''' \
% (self.user, self.passwd, self.url, self.user, self.app, self.base_name)
try:
# Execute curl command
result = self.shell_exec.safe_execute(curl_cmd,
splitcmd=False,
as_shell=True)
logkv(logger, {"msg": "Got dashboard permission XML"}, "info")
except ShellException:
logkv(logger, {"msg": "Error getting dashboard permission XML"},
"error")
raise SplunkManagerException()
return result.output
def __init__(self, dataset, env, log_path, index, user, passwd, url, app,
alert_param_dict):
"""
Initialize Splunk manager based on configs
@type dataset: str
@param dataset: Name of dataset being loaded
@type env: str
@param env: Environment (prod or preprod)
@type log_path: str
@param log_path: Path where logs are stored
@type index: str
@param index: Name of Splunk index (thrive_perf or thrive_prod)
@type user: str
@param user: Name of Splunk user to run as
@type passwd: str
@param passwd: Password for Splunk user
@type url: str
@param url: Prefix URL for accessing / modifying Splunk resources
@type app: str
@param app: Splunk app (biosearch)
@type alert_param_dict: dict(str, dict(str, object))
@param alert_param_dict: Key-value pairs of alert section name, and values as dictionaries defining
config / config value pairs for each alert
@rtype: None
@return: None
"""
super(SplunkManager, self).__init__()
try:
self.dataset = dataset
self.env = env
self.log_path = log_path
self.index = index
self.user = user
self.passwd = passwd
self.url = url
self.app = app
self.base_name = "%s_%s" % (self.env, self.dataset)
self.splunk_alerts = dict()
for section in alert_param_dict:
alert_name = "%s_%s_%s" % (self.env, self.dataset, section)
logkv(logger, {
"msg":
"Instantiating SplunkAlert object for %s" % alert_name
}, "info")
salert = SplunkAlert(self.index, self.log_path,
alert_param_dict[section])
salert.search_str = salert.get_search_str()
salert.alert_configs[
"action.email.message.alert"] = salert.get_msg_body()
self.splunk_alerts[alert_name] = salert
except:
logkv(logger, {"msg": "Error setting up Splunk Manager"}, "error")
raise SplunkManagerException()