def get_data_input(splunkd_uri, session_key, owner, app_name, input_type, name=None): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param owner: the owner (ACL user), e.g. '-', 'nobody' :param app_name: the app's name, e.g. 'Splunk_TA_aws' :param input_type: name of the input type. if it is a script input, the input is 'script', for modinput, say snow, the input is 'snow' :param name: The name of the input stanza to create. i.e. stanza [<input_type>://<name>] will be deleted. :return: the key-value dict of the data input, or a list of stanzas in the input type, including metadata """ uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type) if name: uri += "/" + util.format_stanza_name(name) msg = "Failed to get data input in app=%s: %s://%s" % (app_name, input_type, name) content = _content_request(uri, session_key, "GET", None, msg) if content is not None: result = xdp.parse_conf_xml_dom(content) if name: result = result[0] return result return None
def update_data_input(splunkd_uri, session_key, owner, app_name, input_type, name, key_values): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param owner: the owner (ACL user), e.g. '-', 'nobody' :param app_name: the app's name, e.g. 'Splunk_TA_aws' :param input_type: name of the input type. if it is a script input, the input is 'script', for modinput, say snow, the input is 'snow' :param name: The name of the input stanza to create. i.e. stanza [<input_type>://<name>] will be updated. :param key_values: a K-V dict of details in the data input stanza. :return: True on success """ if 'name' in key_values: del key_values['name'] uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type) uri += "/" + util.format_stanza_name(name) msg = "Failed to update data input in app=%s: %s://%s" % (app_name, input_type, name) content = _content_request(uri, session_key, "POST", key_values, msg) if content is None: return False return True
def get_conf(splunkd_uri, session_key, owner, app_name, conf_name, stanza=None): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param owner: the owner (ACL user), e.g. '-', 'nobody' :param app_name: the app's name, e.g. 'Splunk_TA_aws' :param conf_name: the name of the conf file, e.g. 'props' :param stanza: stanza name, e.g. 'aws:cloudtrail' :return: the key-value dict of the stanza, or a list of stanzas in the conf file, including metadata """ uri = _conf_endpoint_ns(splunkd_uri, owner, app_name, conf_name) if stanza: uri += '/' + stanza.replace('/', '%2F') msg = "Failed to get conf={0}, stanza={1}".format(conf_name, stanza) content = _content_request(uri, session_key, "GET", None, msg) if content is not None: result = xdp.parse_conf_xml_dom(content) if stanza: result = result[0] return result return None
def operate_data_input(splunkd_uri, session_key, owner, app_name, input_type, name, operation): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param owner: the owner (ACL user), e.g. '-', 'nobody' :param app_name: the app's name, e.g. 'Splunk_TA_aws' :param input_type: name of the input type. if it is a script input, the input is 'script', for modinput, say snow, the input is 'snow' :param name: The name of the input stanza to create. i.e. stanza [<input_type>://<name>] will be operated. :param operation: must be "disable" or "enable" :return: True on success """ if operation not in ("disable", "enable"): raise Exception('operation must be "disable" or "enable"') uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type) uri += "/%s/%s" % (util.format_stanza_name(name), operation) msg = "Failed to %s data input in app=%s: %s://%s" % (operation, app_name, input_type, name) content = _content_request(uri, session_key, "POST", None, msg) if content is None: return False return True
def create_stanza(splunkd_uri, session_key, owner, app_name, conf_name, stanza, key_values=None): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param owner: the owner (ACL user), e.g. '-', 'nobody' :param app_name: the app's name, e.g. 'Splunk_TA_aws' :param conf_name: the name of the conf file, e.g. 'props' :param stanza: stanza name, e.g. 'aws:cloudtrail' :param key_values: the key-value dict of the stanza :return: True on success """ if key_values is None: key_values = {} uri = _conf_endpoint_ns(splunkd_uri, owner, app_name, conf_name) msg = "Failed to create stanza=%s in conf=%s" % (stanza, conf_name) payload = {"name": stanza} for key in key_values: if key != 'name': payload[key] = str(key_values[key]) res = _content_request(uri, session_key, "POST", payload, msg) return res is not None
def reload_conf(splunkd_uri, session_key, app_name, conf_name): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param conf_names: a list of the name of the conf file, e.g. ['props'] :param app_name: the app's name, e.g. 'Splunk_TA_aws' :return: True on success """ uri = _conf_endpoint_ns(splunkd_uri, 'nobody', app_name, conf_name) uri += '/_reload' msg = "Failed to reload conf in app=%s: %s" % (app_name, conf_name) content = _content_request(uri, session_key, "GET", None, msg) if content is None: return False return True
def get_property_ns(splunkd_uri, session_key, owner, app_name, conf_name, stanza, key): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param owner: the owner (ACL user), e.g. '-', 'nobody' :param app_name: the app's name, e.g. 'Splunk_TA_aws' :param conf_name: the name of the conf file, e.g. 'props' :param stanza: stanza name, e.g. 'aws:cloudtrail' :param key: the property name :return: the property value """ uri = _property_endpoint_ns(splunkd_uri, owner, app_name, conf_name) uri += '/%s/%s' % (stanza.replace('/', '%2F'), key) msg = "Properties: failed to get conf=%s, stanza=%s, key=%s" % \ (conf_name, stanza, key) return _content_request(uri, session_key, "GET", None, msg)
def create_properties_ns(splunkd_uri, session_key, owner, app_name, conf_name, stanza): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param owner: the owner (ACL user), e.g. '-', 'nobody' :param app_name: the app's name, e.g. 'Splunk_TA_aws' :param conf_name: the name of the conf file, e.g. 'props' :param stanza: stanza name, e.g. 'aws:cloudtrail' :return: True on success """ uri = _property_endpoint_ns(splunkd_uri, owner, app_name, conf_name) msg = "Properties: failed to create stanza=%s in conf=%s" % \ (stanza, conf_name) payload = {"__stanza": stanza} res = _content_request(uri, session_key, "POST", payload, msg) return res is not None
def delete_stanza(splunkd_uri, session_key, owner, app_name, conf_name, stanza): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param owner: the owner (ACL user), e.g. '-', 'nobody' :param app_name: the app's name, e.g. 'Splunk_TA_aws' :param conf_name: the name of the conf file, e.g. 'props' :param stanza: stanza name, e.g. 'aws:cloudtrail' :return: True on success """ uri = _conf_endpoint_ns(splunkd_uri, owner, app_name, conf_name) uri += '/' + stanza.replace('/', '%2F') msg = "Failed to delete stanza=%s in conf=%s" % (stanza, conf_name) res = _content_request(uri, session_key, "DELETE", None, msg) return res is not None
def update_properties_ns(splunkd_uri, session_key, owner, app_name, conf_name, stanza, key_values): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param owner: the owner (ACL user), e.g. '-', 'nobody' :param app_name: the app's name, e.g. 'Splunk_TA_aws' :param conf_name: the name of the conf file, e.g. 'props' :param stanza: stanza name, e.g. 'aws:cloudtrail' :param key_values: the key-value dict of the stanza :return: True on success """ uri = _property_endpoint_ns(splunkd_uri, owner, app_name, conf_name) uri += '/' + stanza.replace('/', '%2F') msg = "Properties: failed to update conf=%s, stanza=%s" % \ (conf_name, stanza) res = _content_request(uri, session_key, "POST", key_values, msg) return res is not None
def reload_data_input(splunkd_uri, session_key, owner, app_name, input_type): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param owner: the owner (ACL user), e.g. '-', 'nobody' :param app_name: the app's name, e.g. 'Splunk_TA_aws' :param input_type: name of the input type. if it is a script input, the input is 'script', for modinput, say snow, the input is 'snow' :return: True on success """ uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type) uri += '/_reload' msg = "Failed to reload data input in app=%s: %s" % (app_name, input_type) content = _content_request(uri, session_key, "GET", None, msg) if content is None: return False return True
def delete_data_input(splunkd_uri, session_key, owner, app_name, input_type, name): """ :param splunkd_uri: splunkd uri, e.g. https://127.0.0.1:8089 :param session_key: splunkd session key :param owner: the owner (ACL user), e.g. '-', 'nobody' :param app_name: the app's name, e.g. 'Splunk_TA_aws' :param input_type: name of the input type. if it is a script input, the input is 'script', for modinput, say snow, the input is 'snow' :param name: The name of the input stanza to create. i.e. stanza [<input_type>://<name>] will be deleted. :return: True on success """ uri = _input_endpoint_ns(splunkd_uri, owner, app_name, input_type) uri += '/' + name.replace('/', '%2F') msg = "Failed to delete data input in app=%s: %s://%s" % (app_name, input_type, name) content = _content_request(uri, session_key, "DELETE", None, msg) if content is None: return False return True