def earliestTime(self): # First optimization, we need only store earliest and latest # as an offset of now if they're relative times if self._earliestParsed is not None: earliestTime = self.now() - self._earliestParsed logger.debug("Using cached earliest time: %s" % earliestTime) else: if (self.earliest.strip()[0:1] == "+" or self.earliest.strip()[0:1] == "-" or self.earliest == "now"): tempearliest = timeParser(self.earliest, timezone=self.timezone) temptd = self.now(realnow=True) - tempearliest self._earliestParsed = datetime.timedelta( days=temptd.days, seconds=temptd.seconds) earliestTime = self.now() - self._earliestParsed logger.debug( "Calulating earliestParsed as '%s' with earliestTime as '%s' and self.sample.earliest as '%s'" % (self._earliestParsed, earliestTime, tempearliest)) else: earliestTime = timeParser(self.earliest, timezone=self.timezone) logger.debug("earliestTime as absolute time '%s'" % earliestTime) return earliestTime
def latestTime(self): if self._latestParsed is not None: latestTime = self.now() - self._latestParsed logger.debug("Using cached latestTime: %s" % latestTime) else: if self.latest.strip()[0:1] == '+' or \ self.latest.strip()[0:1] == '-' or \ self.latest == 'now': templatest = timeParser(self.latest, timezone=self.timezone) temptd = self.now(realnow=True) - templatest self._latestParsed = datetime.timedelta(days=temptd.days, seconds=temptd.seconds) latestTime = self.now() - self._latestParsed logger.debug( "Calulating latestParsed as '%s' with latestTime as '%s' and self.sample.latest as '%s'" % (self._latestParsed, latestTime, templatest)) else: latestTime = timeParser(self.latest, timezone=self.timezone) logger.debug("latstTime as absolute time '%s'" % latestTime) return latestTime
def test_timeparser(ts, tz, expect): ''' test timeParser function, parse splunk time modifier Normal Cases: Case 1: get now timestamp Case 2: get utc now timestamp Case 3: get utc+2 timezone timestamp Case 4: get utc-2 timezone timestamp Case 5: get the 7 days ago timestamp Case 5: get the beginning of this month. check the snap to month Case 6: get the beginning of last month. check the snap to last month Case 7: get 3 days ago, snap to day Case 8: get 5 days later Corner Cases: Case 1: empty string as input. behavior <TBD> ''' r = timeparser.timeParser(ts, tz, mock_now, mock_utc_now) check_datetime_equal(r, expect)
def setupBackfill(self): """ Called by non-queueable plugins or by the timer to setup backfill times per config or based on a Splunk Search """ s = self._sample if s.backfill is not None: try: s.backfillts = timeParser(s.backfill, timezone=s.timezone) logger.info("Setting up backfill of %s (%s)" % (s.backfill, s.backfillts)) except Exception as ex: logger.error("Failed to parse backfill '%s': %s" % (s.backfill, ex)) raise if s.backfillSearch is not None: if s.backfillSearchUrl is None: try: s.backfillSearchUrl = c.getSplunkUrl(s)[ 0] # noqa, we update c in the globals() dict except ValueError: logger.error( "Backfill Search URL not specified for sample '%s', not running backfill search" % s.name) if not s.backfillSearch.startswith('search'): s.backfillSearch = 'search ' + s.backfillSearch s.backfillSearch += '| head 1 | table _time' if s.backfillSearchUrl is not None: logger.debug( "Searching Splunk URL '%s/services/search/jobs' with search '%s' with sessionKey '%s'" % (s.backfillSearchUrl, s.backfillSearch, s.sessionKey)) results = httplib2.Http( disable_ssl_certificate_validation=True).request( s.backfillSearchUrl + '/services/search/jobs', 'POST', headers={ 'Authorization': 'Splunk %s' % s.sessionKey }, body=urllib.parse.urlencode({ 'search': s.backfillSearch, 'earliest_time': s.backfill, 'exec_mode': 'oneshot' }))[1] try: temptime = minidom.parseString( results).getElementsByTagName( 'text')[0].childNodes[0].nodeValue # logger.debug("Time returned from backfill search: %s" % temptime) # Results returned look like: 2013-01-16T10:59:15.411-08:00 # But the offset in time can also be +, so make sure we strip that out first if len(temptime) > 0: if temptime.find('+') > 0: temptime = temptime.split('+')[0] temptime = '-'.join(temptime.split('-')[0:3]) s.backfillts = datetime.datetime.strptime( temptime, '%Y-%m-%dT%H:%M:%S.%f') logger.debug( "Backfill search results: '%s' value: '%s' time: '%s'" % (pprint.pformat(results), temptime, s.backfillts)) except (ExpatError, IndexError): pass if s.end is not None: parsed = False try: s.end = int(s.end) s.endts = None parsed = True except ValueError: logger.debug( "Failed to parse end '%s' for sample '%s', treating as end time" % (s.end, s.name)) if not parsed: try: s.endts = timeParser(s.end, timezone=s.timezone) logger.info("Ending generation at %s (%s)" % (s.end, s.endts)) except Exception as ex: logger.error( "Failed to parse end '%s' for sample '%s', treating as number of executions" % (s.end, s.name)) raise