def validate_input_meta(self, action, **params):
'''
post body:
{
"uuid": uuid // first time to create the input, no uuid yet
"name": name,
"title": title,
"description": description,
"type": type,
"sourcetype": sourcetype,
"interval": interval,
}
'''
session_key = cherrypy.session.get("sessionKey")
splunkd_uri = scc.getMgmtUri()
input_builder = builder_ta_input.TAInputBuilder(
controller_util.get_current_ta_project(), splunkd_uri, session_key)
alert_builder = builder_ta_alert.TAAlertBuilder(
controller_util.get_current_ta_project(), splunkd_uri, session_key)
input_builder.set_alert_builder(alert_builder)
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
meta = json.loads(raw_body)
response = {}
try:
input_builder.validate_input_name_and_sourcetype(meta)
response['validate_result'] = 'success'
except CommonException as ce:
logger.error('Validate input meta fails. %s',
traceback.format_exc())
response['err_code'] = ce.get_err_code()
response['err_args'] = ce.get_options()
return self.render_json(response)
def create_eval(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
appname = controller_util.get_current_ta_project()
sourcetypes = params['sourcetypes']
output_field = params['output_field']
expression = params['expression']
search = params['search']
try:
builder = TACIMBuilder(appname, splunk_uri, session)
res = builder.update_eval(sourcetypes,
output_field,
expression,
search,
check_exist=True)
return self.render_json({"data": res})
except CommonException as e:
logger.error(
'Get CommonException when creating eval. meta:%s, error:%s',
params, traceback.format_exc())
return self.render_json({
'err_code': e.get_err_code(),
'err_args': e.get_options()
})
except Exception as e:
logger.error("Cannot create eval %s. error: %s", expression,
traceback.format_exc())
raise e
def code_run(self, action, **params):
# check the role of current user, only admin can run code
username = cherrypy.session.get('user').get('name')
session_key = cherrypy.session.get("sessionKey")
splunkd_uri = scc.getMgmtUri()
service = common_util.create_splunk_service(session_key, splunkd_uri)
params = None
try:
r = app_util.is_user_allow_to_create_ta(username, service)
if r:
# if getting error code, just render it
return self.render_json(r)
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body) # params is the meta for this input
appname = controller_util.get_current_ta_project()
input_builder = builder_ta_input.TAInputBuilder(
appname, splunkd_uri, session_key)
dryrun_result = input_builder.dryrun_modinput_code(params)
return self.render_json(dryrun_result)
except CommonException as ce:
logger.error('Fail to dryrun data input. meta:%s, error:%s',
params, traceback.format_exc())
return self.render_json({'err_code': ce.get_err_code(),
'err_args': ce.get_options()})
def global_settings(self, resource, **params):
session_key = cherrypy.session.get("sessionKey")
splunkd_uri = scc.getMgmtUri()
tabuilder = builder.TABuilder(controller_util.get_current_ta_project(),
splunkd_uri, session_key)
if cherrypy.request.method == 'GET':
global_settings = tabuilder.get_global_settings()
if global_settings is None:
global_settings = {}
return self.render_json(global_settings)
elif cherrypy.request.method == 'POST':
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
try:
# did some clean up in case frontend does not clean it up
if 'customized_settings' in params and len(
params['customized_settings']) == 0:
del params['customized_settings']
logger.info("global settings params are : %s", params)
tabuilder.update_global_settings(params)
return self.render_json({"status": "success"})
except CommonException as e:
logger.error("fail to save global settings. Error: %s",
traceback.format_exc())
return self.render_json({
'err_code': e.get_err_code(),
'err_args': e.get_options()
})
except Exception as e:
logger.error("fail to save global settings. Error: %s",
traceback.format_exc())
raise e
def delete_alias(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
appname = controller_util.get_current_ta_project()
sourcetype = params['sourcetype']
input_field = params['input_field']
output_field = params['output_field']
search = params["search"]
try:
builder = TACIMBuilder(appname, splunk_uri, session)
res = builder.delete_alias(sourcetype, output_field, input_field,
search)
return self.render_json({"data": res})
except CommonException as e:
logger.error(
'Get CommonException when deleting alias. meta:%s, error:%s',
params, traceback.format_exc())
return self.render_json({
'err_code': e.get_err_code(),
'err_args': e.get_options()
})
except Exception as e:
logger.error("Cannot delete alias %s. error: %s", output_field,
traceback.format_exc())
raise e
def edit_data_input(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
appname = controller_util.get_current_ta_project()
reload_input = params.get('reload_input', True)
if 'reload_input' in params:
del params['reload_input']
splunkd_uri, session_key = scc.getMgmtUri(), cherrypy.session.get(
"sessionKey")
try:
tabuilder = builder.TABuilder(appname, splunkd_uri, session_key)
tabuilder.update_TA_input(params, reload_input)
return self.render_json({"status": "success", "meta": params})
except CommonException as e:
logger.error(
'Get CommonException when update data input. meta:%s, error:%s',
params, traceback.format_exc())
return self.render_json({'err_code': e.get_err_code(),
'err_args': e.get_options()})
except Exception as e:
logger.error(
'Get exception when update data input. meta:%s, error:%s',
params, traceback.format_exc())
raise e
def check_cim_available(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
appname = controller_util.get_current_ta_project()
try:
builder = TACIMBuilder(appname, splunk_uri, session)
confs = builder.check_cim_available()
res = {"data": {"successful": True}}
if confs:
res = {"data": {"successful": False, "conf_names": confs}}
return self.render_json(res)
except CommonException as e:
logger.error(
'Get CommonException when checking CIM available for app %s. meta:%s, error:%s',
appname, params, traceback.format_exc())
return self.render_json({
'err_code': e.get_err_code(),
'err_args': e.get_options()
})
except Exception as e:
logger.error("Cannot check CIM available for app %s. error: %s",
appname, traceback.format_exc())
raise e
def save_models(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
appname = controller_util.get_current_ta_project()
eventtype_name = params["eventtype_name"]
new_models = params['new_models']
old_models = params['old_models']
try:
builder = TACIMBuilder(appname, splunk_uri, session)
res = builder.save_models(eventtype_name, new_models, old_models)
return self.render_json({"data": {"successful": True}})
except CommonException as e:
logger.error(
'Get CommonException when saving models for eventtype %s. meta:%s, error:%s',
eventtype_name, params, traceback.format_exc())
return self.render_json({
'err_code': e.get_err_code(),
'err_args': e.get_options()
})
except Exception as e:
logger.error(
"Cannot save models objects for eventtype %s. error: %s",
eventtype_name, traceback.format_exc())
raise e
def get_modular_alerts_summary(self, action, **params):
session_key = cherrypy.session.get("sessionKey")
splunkd_uri = scc.getMgmtUri()
tabuilder = builder.TAAlertBuilder(
controller_util.get_current_ta_project(), splunkd_uri, session_key)
all_modular_alerts = tabuilder.get_all_TA_alerts() or []
return self.render_json(all_modular_alerts)
def create_eventtype(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
appname = controller_util.get_current_ta_project()
name = params['name']
search = params['search']
sourcetype_dict = params['sourcetypes']
try:
builder = TACIMBuilder(appname, splunk_uri, session)
builder.create_eventtype(name, search, sourcetype_dict)
return self.render_json({"data": {"successful": True}})
except CommonException as e:
logger.error(
'Get CommonException when creating eventtype. meta:%s, error:%s',
params, traceback.format_exc())
return self.render_json({
'err_code': e.get_err_code(),
'err_args': e.get_options()
})
except Exception as e:
logger.error("Cannot create eventtype %s. error: %s", name,
traceback.format_exc())
raise e
def code_kill_all(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
appname = controller_util.get_current_ta_project()
code_killer = runner.CodeKiller()
code_killer.kill_all(appname, params['name'])
return self.render_json({"status": "successful"})
def get_input_names(self, action, **params):
session_key = cherrypy.session.get("sessionKey")
splunkd_uri = scc.getMgmtUri()
service = common_util.create_splunk_service(session_key, splunkd_uri)
tabuilder = builder.TABuilder(controller_util.get_current_ta_project(),
splunkd_uri, session_key, service)
all_inputs = tabuilder.get_all_TA_inputs() or []
return self.render_json({"input_names": [_input['name'] for _input in all_inputs]})
def code_test(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
appname = controller_util.get_current_ta_project()
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
tabuilder = builder.TAAlertBuilder(appname, splunk_uri, session)
output = tabuilder.test_modular_alert_code(params)
return self.render_json(output)
def get_app_sourcetype_names(self, action, **params):
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
app_name = controller_util.get_current_ta_project()
try:
tabuilder = TABuilder(app_name, splunk_uri, session)
sourcetypes = tabuilder.get_app_sourcetypes()
return self.render_json([{'name': s} for s in sourcetypes])
except Exception as e:
logger.error("Cannot get basic info. error: %s",
traceback.format_exc())
raise e
def code_save(self, action, **params):
# TODO: delete this api. Save the code when savin the input
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
appname = controller_util.get_current_ta_project()
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
tabuilder = builder.TABuilder(appname, splunk_uri, session)
tabuilder.save_TA_input_code(params)
return self.render_json({"status": "successful"})
def get_indexed_sourcetypes(self, action, **params):
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
app_name = controller_util.get_current_ta_project()
try:
tabuilder = TABuilder(app_name, splunk_uri, session)
res = tabuilder.get_import_sourcetype()
return self.render_json({'indexed_sourcetypes': res})
except Exception as e:
logger.error("Cannot get sourcetype names from index. error: %s",
traceback.format_exc())
raise e
def get_input_load_status(self, action, **param):
session_key = cherrypy.session.get("sessionKey")
splunkd_uri = scc.getMgmtUri()
input_builder = builder_ta_input.TAInputBuilder(
controller_util.get_current_ta_project(), splunkd_uri, session_key)
response = {}
try:
response = input_builder.get_input_loaded_status()
except CommonException as ce:
logger.error('get input load status fails. %s',
traceback.format_exc())
response['err_code'] = ce.get_err_code()
response['err_args'] = ce.get_options()
return self.render_json(response)
def get_imported_sourcetype_contents(self, action, **params):
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
app_name = controller_util.get_current_ta_project()
sourcetype = params['sourcetype']
try:
builder = SourcetypeBuilder(app_name, splunk_uri, session)
res = builder.get_sourcetype_contents(sourcetype)
return self.render_json({'sourcetype_contents': res})
except Exception as e:
logger.error("Cannot get contents of sourcetype %s. error: %s",
sourcetype, traceback.format_exc())
raise e
def get_sourcetypes(self, action, **params):
session_key = cherrypy.session.get("sessionKey")
splunkd_uri = scc.getMgmtUri()
try:
tabuilder = builder.TABuilder(
controller_util.get_current_ta_project(), splunkd_uri,
session_key)
return self.render_json([{
'name': _sourcetype
} for _sourcetype in tabuilder.get_all_sourcetypes()])
except CommonException as ce:
return self.render_json({
'err_code': ce.get_err_code(),
'err_args': ce.get_options()
})
def fetch_modular_alert_code(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
appname = controller_util.get_current_ta_project()
splunkd_uri, session_key = scc.getMgmtUri(), cherrypy.session.get(
"sessionKey")
try:
tabuilder = builder.TAAlertBuilder(appname, splunkd_uri,
session_key)
meta = tabuilder.fetch_modular_alert_code(params)
logger.info('fetch modular alert code:%s', meta)
return self.render_json(meta)
except Exception as e:
logger.error('generate modular alert code error. %s',
traceback.format_exc())
raise e
def gen_test_id(self, action, **params):
username = cherrypy.session.get('user').get('name')
session_key = cherrypy.session.get("sessionKey")
splunkd_uri = scc.getMgmtUri()
service = common_util.create_splunk_service(session_key, splunkd_uri)
r = app_util.is_user_allow_to_create_ta(username, service)
if r:
# if getting error code, just render it
return self.render_json(r)
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
meta = json.loads(raw_body) # params is the meta for this input
appname = controller_util.get_current_ta_project()
input_builder = builder_ta_input.TAInputBuilder(
appname, splunkd_uri, session_key)
meta = input_builder.get_dry_run_job_id(meta)
return self.render_json(meta)
def get_inputs_summary(self, action, **params):
session_key = cherrypy.session.get("sessionKey")
splunkd_uri = scc.getMgmtUri()
service = common_util.create_splunk_service(session_key, splunkd_uri)
tabuilder = builder.TABuilder(controller_util.get_current_ta_project(),
splunkd_uri, session_key, service)
all_inputs = tabuilder.get_all_TA_inputs() or []
search_result = search_util.get_sourcetype_from_index(service)
sourcetypes_totalcount = {entry['sourcetype']: entry['totalCount']
for entry in search_result}
for _input in all_inputs:
_input['sample_count'] = sourcetypes_totalcount.get(
_input['sourcetype'], 0)
# get the code for customized modinput
input_codes = tabuilder.get_customized_data_input_code(all_inputs)
for _input in all_inputs:
if _input['name'] in input_codes:
_input['code'] = input_codes[_input['name']]
return self.render_json(all_inputs)
def get_app_sourcetypes(self, action, **params):
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
appname = controller_util.get_current_ta_project()
try:
builder = TACIMBuilder(appname, splunk_uri, session)
res = builder.get_app_sourcetypes()
return self.render_json({"data": res})
except CommonException as e:
logger.error(
'Get CommonException when getting sourcetypes for app %s. meta:%s, error:%s',
appname, params, traceback.format_exc())
return self.render_json({
'err_code': e.get_err_code(),
'err_args': e.get_options()
})
except Exception as e:
logger.error("Cannot get sourcetypes for app %s. error: %s",
appname, traceback.format_exc())
raise e
def create_alias(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
@metric_util.function_run_time(tags=['app_edit_cimmapping'])
def cherrypy_session_get():
return cherrypy.session.get("sessionKey")
session = cherrypy_session_get()
@metric_util.function_run_time(tags=['tab_edit_fieldextraction'])
def scc_getMgmtUri():
return scc.getMgmtUri()
splunk_uri = scc_getMgmtUri()
appname = controller_util.get_current_ta_project()
sourcetypes = params['sourcetypes']
output_field = params['output_field']
input_field = params['input_field']
search = params["search"]
try:
builder = TACIMBuilder(appname, splunk_uri, session)
res = builder.update_alias(sourcetypes,
output_field,
input_field,
search,
check_exist=True)
return self.render_json({"data": res})
except CommonException as e:
logger.error(
'Get CommonException when creating field alias. meta:%s, error:%s',
params, traceback.format_exc())
return self.render_json({
'err_code': e.get_err_code(),
'err_args': e.get_options()
})
except Exception as e:
logger.error("Cannot create field alias %s. error: %s",
output_field, traceback.format_exc())
raise e
def delete_modular_alert(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
appname = controller_util.get_current_ta_project()
splunkd_uri, session_key = scc.getMgmtUri(), cherrypy.session.get(
"sessionKey")
try:
tabuilder = builder.TAAlertBuilder(appname, splunkd_uri,
session_key)
tabuilder.delete_TA_alert(params)
return self.render_json({"status": "success"})
except CommonException as e:
logger.error('Fail to delete modular alert. meta:%s, error:%s',
params, traceback.format_exc())
return self.render_json({
'err_code': e.get_err_code(),
'err_args': e.get_options()
})
except Exception as e:
logger.error('Fail to delete modular alert. meta:%s, error:%s',
params, traceback.format_exc())
raise e
def merge_confs_from_default_to_local(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
appname = controller_util.get_current_ta_project()
try:
builder = TACIMBuilder(appname, splunk_uri, session)
builder.merge_confs_from_default_to_local()
return self.render_json({"data": {"successful": True}})
except CommonException as e:
logger.error(
'Get CommonException when merging conf files from default to local for app %s. meta:%s, error:%s',
appname, params, traceback.format_exc())
return self.render_json({
'err_code': e.get_err_code(),
'err_args': e.get_options()
})
except Exception as e:
logger.error(
"Cannot merge conf files from default to local for app %s. error: %s",
appname, traceback.format_exc())
raise e
def get_knowledge_objects(self, action, **params):
cl = cherrypy.request.headers["Content-Length"]
raw_body = cherrypy.request.body.read(int(cl))
params = json.loads(raw_body)
session = cherrypy.session.get("sessionKey")
splunk_uri = scc.getMgmtUri()
appname = controller_util.get_current_ta_project()
sourcetypes = params['sourcetypes']
try:
builder = TACIMBuilder(appname, splunk_uri, session)
res = builder.get_knowledge_objects(sourcetypes)
return self.render_json({"data": res})
except CommonException as e:
logger.error(
'Get CommonException when getting knowledge objects for app %s. meta:%s, error:%s',
appname, params, traceback.format_exc())
return self.render_json({
'err_code': e.get_err_code(),
'err_args': e.get_options()
})
except Exception as e:
logger.error("Cannot get knowledge objects for app %s. error: %s",
appname, traceback.format_exc())
raise e
