class SummaryActionField(StructuredField):
'''
Represents the summary indexing configuration
'''
enabled = BoolField('action.summary_index')
_name = Field()
inline = BoolField()
class Cluster(HDFSAppObjModel):
resource = 'clusters'
hadoop_home = Field()
java_home = Field()
uri = Field()
namenode_http_port = IntField()
authentication_mode = Field()
authorization_mode = BoolField()
kerberos_principal = Field()
kerberos_service_principal = Field()
auth_to_local = Field()
ha = BoolField()
hdfs_site = Field()
def isSecure(self):
return self.kerberos_principal != None and self.kerberos_principal != ''
def isHaEnabled(self):
return self.ha == 1
def getURI(self):
if self.uri == None or self.uri.strip() == '':
return 'hdfs://' + self.name
return self.uri
def isLocallyMounted(self):
return self.getURI().startswith('file://')
class App(SplunkAppObjModel):
''' Represents a Splunk app '''
resource = 'apps/local'
is_disabled = BoolField('disabled')
is_configured = BoolField('configured')
label = Field()
class ClusterMasterPeer(SplunkAppObjModel):
'''
Represents a master's cluster peer state
'''
resource = 'cluster/master/peers'
active_bundle_id = Field(is_mutable=False)
apply_bundle_status = DictField(is_mutable=False)
base_generation_id = IntField(is_mutable=False)
bucket_count = IntField(is_mutable=False)
bucket_count_by_index = DictField(is_mutable=False)
delayed_buckets_to_discard = ListField(is_mutable=False)
fixup_set = ListField(is_mutable=False)
host_port_pair = Field(is_mutable=False)
is_searchable = BoolField(is_mutable=False)
label = Field(is_mutable=False)
last_heartbeat = EpochField(is_mutable=False)
latest_bundle_id = Field(is_mutable=False)
pending_job_count = IntField(is_mutable=False)
primary_count = IntField(is_mutable=False)
primary_count_remote = IntField(is_mutable=False)
replication_count = IntField(is_mutable=False)
replication_port = IntField(is_mutable=False)
replication_use_ssl = BoolField(is_mutable=False)
search_state_counter = DictField(is_mutable=False)
site = Field(is_mutable=False)
status = Field(is_mutable=False)
status_counter = DictField(is_mutable=False)
class ScheduleField(StructuredField):
'''
Represents splunk scheduler configuration for saved search objects
'''
is_scheduled = BoolField('is_scheduled')
cron_schedule = Field('cron_schedule')
next_scheduled_time = Field('next_scheduled_time')
run_on_startup = BoolField('run_on_startup')
class CookedTCPInput(SocketInput):
resource = 'data/inputs/tcp/cooked'
compressed = BoolField()
enable_s2s_heartbeat = BoolField()
input_shutdown_timeout = IntField()
# TODO: cast to RouteField()
route = Field()
s2s_heartbeat_timeout = IntField()
class SSL(SplunkAppObjModel):
resource = 'data/inputs/tpc/ssl'
cipher_suite = Field(api_name='cipherSuite')
require_client_cert = BoolField(api_name='requireClientCert')
root_ca = Field(api_name='rootCA')
server_cert = Field(api_name='serverCert')
server_cert_password = Field(api_name='password')
support_sslv3_only = BoolField(api_name='supportSSLVOnly')
class Macro(SplunkAppObjModel):
''' Provides object mapping for macro objects '''
resource = 'admin/macros'
args = Field()
definition = Field()
disabled = BoolField(is_mutable=False)
errormsg = Field()
iseval = BoolField()
validation = Field()
class WinEventLogInput(Input):
resource = 'data/inputs/win-event-log-collections'
checkpoint_interval = IntField(api_name='checkpointInterval')
current_only = BoolField()
evt_dc_name = Field()
evt_dns_name = Field()
evt_resolve_ad_obj = BoolField()
logs = ListField()
start_from = Field()
class App(SplunkAppObjModel):
'''
Represents a Splunk app.
'''
resource = 'apps/local'
check_for_updates = BoolField()
is_configured = BoolField(api_name='configured')
is_disabled = BoolField('disabled')
is_visible = BoolField(api_name='visible')
label = Field()
requires_restart = BoolField(api_name='state_change_requires_restart')
class EmailActionField(StructuredField):
'''
Represents the email alert action configuration
'''
enabled = BoolField('action.email')
format = Field()
inline = BoolField()
sendresults = BoolField()
to = Field()
subject = Field()
#TODO: use splunk.models.server_config.PDFConfig.is_enabled instead
sendpdf = BoolField()
class MonitorInput(Input):
resource = 'data/inputs/monitor'
blacklist = Field()
check_index = BoolField(api_name='check-index')
check_path = BoolField(api_name='check-path')
crc_salt = Field(api_name='crc-salt')
follow_tail = BoolField(api_name='followTail')
host_regex = Field()
host_segment = Field()
ignore_older_than = Field(api_name='ignore-older-than')
recursive = BoolField()
rename_source = Field(api_name='rename-source')
whitelist = Field()
class DispatchField(StructuredField):
'''
Represents the splunk search dispatch parameters
'''
buckets = Field()
earliest_time = Field()
latest_time = Field()
lookups = BoolField()
max_count = Field()
max_time = Field()
reduce_freq = Field()
spawn_process = BoolField()
time_format = Field()
ttl = Field()
class ClusterSearchheadGeneration(SplunkAppObjModel):
'''
Represents a searchhead node's state
'''
resource = 'cluster/searchhead/generation'
generation_error = Field(is_mutable=False)
generation_id = Field(is_mutable=False)
generation_peers = DictField(is_mutable=False)
is_searchable = BoolField(is_mutable=False)
multisite_error = IntField(is_mutable=False)
replication_factor_met = BoolField(is_mutable=False)
search_factor_met = BoolField(is_mutable=False)
status = BoolField(is_mutable=False)
was_forced = BoolField(is_mutable=False)
class ScheduledView(SplunkAppObjModel):
'''
Represents a Splunk saved search object
'''
resource = 'scheduled/views'
schedule = ScheduleField()
action = ActionField()
is_disabled = BoolField('disabled')
#def _calc_actions_list(self):
# actions_list = []
# if self.action.email.enabled:
# actions_list.append('email')
#
# return actions_list
#def _fill_entity(self, entity, fill_value=''):
# super(SavedSearch, self)._fill_entity(entity, fill_value)
# entity['actions'] = ' '.join(self._calc_actions_list())
def time_value(self, field):
if field is not None:
return field[:-1]
return None
def time_unit(self, field):
if field is not None and len(field) > 1:
return field[-1]
return None
class Summarization(SplunkAppObjModel):
'''
Represents an auto-summarization for a saved search
'''
resource = 'admin/summarization'
saved_searches = DictField('saved_searches', is_mutable=False)
saved_searches_count = Field('saved_searches.count')
buckets = Field('summary.buckets', is_mutable=False)
complete = Field('summary.complete', is_mutable=False)
hash = Field('summary.hash', is_mutable=False)
regularHash = Field('summary.regularHash', is_mutable=False)
normHash = Field('summary.normHash', is_mutable=False)
unique_id = Field('summary.id', is_mutable=False)
regular_id = Field('summary.regular_id', is_mutable=False)
normalized_id = Field('summary.normalized_id', is_mutable=False)
chunks = Field('summary.chunks', is_mutable=False)
earliest_time = Field('summary.earliest_time', is_mutable=False)
latest_time = Field('summary.latest_time', is_mutable=False)
time_range = Field('summary.time_range', is_mutable=False)
load_factor = Field('summary.load_factor', is_mutable=False)
total_time = Field('summary.total_time', is_mutable=False)
run_stats = ListField('summary.run_stats', is_mutable=False)
last_error = ListField('summary.last_error', is_mutable=False)
mod_time = Field('summary.mod_time', is_mutable=False)
access_time = Field('summary.access_time', is_mutable=False)
access_count = Field('summary.access_count', is_mutable=False)
size = Field('summary.size', is_mutable=False)
timespan = Field('summary.timespan', is_mutable=False)
is_inprogress = BoolField('summary.is_inprogress', is_mutable=False)
is_suspended = BoolField('summary.is_suspended', is_mutable=False)
suspend_expiration = EpochField('summary.suspend_expiration',
is_mutable=False)
verification_buckets_failed = Field('verification_buckets_failed',
is_mutable=False)
verification_buckets_skipped = Field('verification_buckets_skipped',
is_mutable=False)
verification_buckets_passed = Field('verification_buckets_passed',
is_mutable=False)
verification_state = Field('verification_state', is_mutable=False)
verification_time = Field('verification_time', is_mutable=False)
verification_error = Field('verification_error', is_mutable=False)
verification_progress = Field('verification_progress', is_mutable=False)
class ClusterMasterGeneration(SplunkAppObjModel):
'''
Represents a master's generation info
'''
resource = '/cluster/master/generation'
generation_id = IntField(is_mutable=False)
generation_peers = DictField(is_mutable=False)
last_complete_generation_id = IntField(is_mutable=False)
multisite_error = Field(is_mutable=False)
pending_generation_id = IntField(is_mutable=False)
pending_last_attempt = IntField(is_mutable=False)
pending_last_reason = Field(is_mutable=False)
replication_factor_met = BoolField(is_mutable=False)
search_factor_met = BoolField(is_mutable=False)
was_forced = BoolField(is_mutable=False)
class Headlines(SplunkAppObjModel):
resource = 'scheadlines/sc_headlines'
alert_name = Field()
description = Field()
label = Field()
message = Field()
disabled = BoolField()
class MonitorInput(Input):
resource = 'data/inputs/monitor'
always_open_file = BoolField()
blacklist = Field()
crc_salt = Field(api_name='crcSalt')
file_count = IntField(api_name='filecount', is_mutable=False)
follow_symlink = BoolField(api_name='followSymlink')
follow_tail = BoolField()
host_regex = Field()
host_segment = Field()
# TODO : cast to TimeField()
ignore_older_than = Field()
move_policy = Field()
recursive = BoolField()
time_before_close = IntField()
whitelist = Field()
class ScheduleField(StructuredField):
'''
Represents splunk scheduler configuration for scheduled view objects
'''
is_scheduled = BoolField('is_scheduled')
cron_schedule = Field('cron_schedule')
next_scheduled_time = Field('next_scheduled_time')
class DataModels(SplunkAppObjModel):
resource = 'data/models'
name = Field()
acl = Field(api_name='eai:acl')
acceleration = BoolField()
retention = Field(api_name='acceleration.earliest_time')
cron = Field(api_name='acceleration.cron_schedule')
class SuppressAlertField(StructuredField):
'''
Represents the suppression configuration for saved search alerting
configuration
'''
enabled = BoolField('alert.suppress')
period = Field()
fieldlist = Field('alert.suppress.fields')
class TAVMwareSyslogForwarderStanza(SOLNAppObjModel):
'''
Provides object mapping for the syslog forwarder stanzas
The conf file is for storing configuration information related to syslog forwarding.
Note that by convention the name of stanzas must match the vc stanza in ta_vmware_collection.conf
Field Meanings:
status - boolean on/off switch for data collection
validation_status - boolean indicating if validation has passed
syslog_uri - csv list of target ssylog forwarders
'''
resource = 'configs/conf-ta_vmware_syslog_forwarder'
use_model_as_spec = True
status = BoolField()
validation_status = BoolField()
uri = CSVField()
config_status_msg = Field()
class SSLCertificate(SOLNAppObjModel):
"""
Provides object mapping for the SSL Certificate stanzas
Field Meanings:
disabled : boolean to store the state of ssl certificate validation
"""
resource = 'configs/conf-ta_vmware_config_ssl'
use_model_as_spec = True
validate_ssl_certificate = BoolField()
class Group(SplunkAppObjModel):
'''
Represents a license group object
'''
resource = 'licenser/groups'
is_active = BoolField()
stack_names = ListField(api_name='stack_ids', is_mutable=False)
class EventType(SplunkAppObjModel):
'''
Represents a Splunk eventtype object.
'''
resource = 'saved/eventtypes'
description = Field()
disabled = BoolField()
search = Field()
class ClusterMasterBucket(SplunkAppObjModel):
'''
Represents a master's cluster bucket state
'''
resource = 'cluster/master/buckets'
bucket_size = IntField(is_mutable=False)
constrain_to_origin_site = BoolField(is_mutable=False)
force_roll = BoolField(is_mutable=False)
frozen = BoolField(is_mutable=False)
index = Field(is_mutable=False)
origin_site = Field(is_mutable=False)
peers = DictField(is_mutable=False)
primaries_by_site = DictField(is_mutable=False)
rep_count_by_site = DictField(is_mutable=False)
search_count_by_site = DictField(is_mutable=False)
service_after_time = IntField(is_mutable=False)
standalone = BoolField(is_mutable=False)
class TAVMwareCollectionScheduler(SOLNAppObjModel):
"""
Provides object mapping for the TA VMware Collection Scheduler present in inputs.conf
Note that by convention the name of these stanzas must match the vc stanza in ta_vmware_collection.conf
Field Meanings:
disabled : boolean to store the state of Data collection
"""
resource = 'configs/conf-inputs'
use_model_as_spec = True
disabled = BoolField()
class AutoSummarizeField(StructuredField):
'''
Represents the auto-summarrize related parameters
'''
enabled = BoolField('auto_summarize')
can_summarize = Field(is_mutable=False)
is_good_summarization_candidate = Field(is_mutable=False)
cron_schedule = Field()
earliest_time = Field('auto_summarize.dispatch.earliest_time')
latest_time = Field('auto_summarize.dispatch.latest_time')
timespan = Field(is_mutable=False)
class Slave(SplunkAppObjModel):
'''
Represents a Splunk license slave server
'''
resource = 'licenser/slaves'
added_usage_parsing_warnings = BoolField()
pool_names = ListField(api_name='pool_ids', is_mutable=False)
stack_names = ListField(api_name='stack_ids', is_mutable=False)
warning_count = IntField()
label = Field()
