def step3_update(self, app, step, action, **params):
# saved search models
saved_search = SavedSearch.get(params.get('id'))
schedule_type = params.get('schedule_type')
saved_search.schedule.is_scheduled = True
saved_search.is_disabled = False
if schedule_type=='preset':
alert_preset = params.get('alert_preset')
if alert_preset=='cron':
saved_search.schedule.cron_schedule = params.get('alert_cron')
else:
saved_search.schedule.cron_schedule = alert_preset
elif schedule_type=='never':
saved_search.schedule.is_scheduled = False
saved_search.schedule.cron_schedule = None
elif schedule_type=='continuous':
saved_search.schedule.cron_schedule = '* * * * *'
# dashboard model
dashboard = Dashboard.get(params.get('dashboard_id'))
panel_type = params.get('panel_type', 'event')
dashboard.create_panel(panel_type, saved_search=saved_search.name, title=params.get('panel_title'))
if saved_search.passive_save() and dashboard.passive_save():
# update saved search only on save success
raise cherrypy.HTTPRedirect(self.make_url(['dashboardwizard', app, 'success'], _qs=dict(search_id=saved_search.id, dashboard_id=dashboard.id)), 303)
template_args = dict(app=app, saved_search=saved_search, dashboard=dashboard, dashboard_action=params.get('dashboard_action'))
return self.render_template('dashboardwizard/step3.html', template_args)
def get_headlines_detail(self, headlines, app, user, count, earliest, severity=None, srtd=None):
search_string = ""
sorted_list = []
if earliest is not None:
search_string = search_string + ' trigger_time > ' + str(self.get_time(earliest))
for headline in headlines:
try:
s = SavedSearch.get(SavedSearch.build_id(headline.alert_name, app, user))
alerts = None
if s.alert.severity in severity:
alerts = s.get_alerts()
if alerts is not None:
if len(search_string) > 0:
alerts.search(search_string)
for alert in alerts:
h = {'message' : self.replace_tokens(headline.message, alert.sid),
'job_id' : alert.sid,
'severity' : s.alert.severity,
'count' : alert.triggered_alerts,
'time' : alert.trigger_time.strftime('%s'),
'timesince' : timesince(alert.trigger_time)}
sorted_list.append(h)
except Exception, ex:
logger.warn('problem retreiving alerts for saved search %s' % headline.alert_name)
logger.debug(ex)
def step2_edit(self, app, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.ui_allow_pdf = splunk.pdf.availability.is_available(
cherrypy.session['sessionKey'])
self.step2_to_ui(saved_search)
return self.render_template('scheduledigestwizard/step2.html',
dict(app=app, saved_search=saved_search))
def step2_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.update(params)
saved_search.action.email.enabled = False if params.get(
'action.email.enabled') is None else True
if saved_search.action.email.enabled is False:
saved_search.action.email.to = None
saved_search.action.script.enabled = False if params.get(
'action.script.enabled') is None else True
saved_search.alert.track = False if params.get(
'alert.track') is None else True
saved_search.alert.suppress.enabled = False if params.get(
'alert.suppress.enabled') is None else True
if saved_search.action.email.enabled is False and saved_search.action.script.enabled is False and saved_search.alert.track is False:
saved_search.errors.append(_('Enable at least one action.'))
self.step2_from_ui(params, saved_search)
if not saved_search.errors and saved_search.passive_save():
raise cherrypy.HTTPRedirect(
self.make_url(['alertswizardv2', app, 'step3'],
_qs=dict(id=saved_search.id)), 303)
for idx, error in enumerate(saved_search.errors):
if error == 'action.email.to is required if email action is enabled':
saved_search.errors[idx] = _(
'Provide at least one address for scheduled report emails.'
)
saved_search.ui_allow_pdf = splunk.pdf.availability.is_available(
cherrypy.session['sessionKey'])
self.step1_to_ui(saved_search)
self.step2_to_ui(saved_search)
return self.render_template('alertswizardv2/step2.html',
dict(app=app, saved_search=saved_search))
def step3_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.update(params)
saved_search.action.rss.enabled = False if params.get('action.rss.enabled') is None else True
saved_search.action.script.enabled = False if params.get('action.script.enabled') is None else True
saved_search.action.email.enabled = False if params.get('action.email.enabled') is None else True
email_results_type = params.get('email_results_type')
if email_results_type == 'csv':
saved_search.action.email.format = 'csv'
saved_search.action.email.sendresults = True
saved_search.action.email.inline = False
elif email_results_type == 'inline':
saved_search.action.email.format = 'html'
saved_search.action.email.sendresults = True
saved_search.action.email.inline = True
elif email_results_type == 'pdf':
saved_search.action.email.format = None
saved_search.action.email.sendresults = False
saved_search.action.email.sendpdf = True
elif email_results_type == 'raw' or email_results_type == 'plain':
saved_search.action.email.format = email_results_type
saved_search.action.email.sendresults = True
saved_search.action.email.inline = True
saved_search.alert.track = False if params.get('alert.track') is None else True
saved_search.is_disabled = False
has_action = saved_search.action.email.enabled or saved_search.action.rss.enabled or saved_search.action.script.enabled or saved_search.alert.track
if saved_search.passive_save() and has_action:
raise cherrypy.HTTPRedirect(self.make_url(['alertswizard', app, 'success'], _qs=dict(id=saved_search.id)), 303)
pdf_config = PDFConfig.get()
if has_action is False:
saved_search.errors.append(_('Please select at least one action'))
return self.render_template('alertswizard/step3.html', dict(app=app, email_results_type=email_results_type, saved_search=saved_search, pdf_config=pdf_config))
def step3_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.update(params)
saved_search.is_disabled = False
metadata_sharing = params.get('metadata.sharing')
if metadata_sharing == 'user':
try:
saved_search.unshare()
except Exception:
saved_search.errors = [
_('Search %s cannot be private because it already exists. Try using another search name by cancelling this alert and creating a new one.'
) % saved_search.name
]
elif metadata_sharing == 'app':
try:
saved_search.share_app()
except Exception:
saved_search.errors = [
_('Search %s cannot be shared because it already exists. Try using another search name by cancelling this alert and creating a new one.'
) % saved_search.name
]
if not saved_search.errors and saved_search.passive_save():
raise cherrypy.HTTPRedirect(
self.make_url(['scheduledigestwizard', app, 'success'],
_qs=dict(id=saved_search.id)), 303)
return self.render_template('scheduledigestwizard/step3.html',
dict(app=app, saved_search=saved_search))
def step3_update(self, app, step, action, **params):
# saved search models
saved_search = SavedSearch.get(params.get('id'))
saved_search.auto_summarize.enabled = params.get('auto_summarize.enabled') == 'True'
saved_search.auto_summarize.earliest_time = params.get('auto_summarize.earliest_time')
saved_search.auto_summarize.timespan = params.get('auto_summarize.timespan')
schedule_type = params.get('schedule_type')
saved_search.schedule.is_scheduled = True
saved_search.is_disabled = False
if schedule_type=='preset':
alert_preset = params.get('alert_preset')
if alert_preset=='cron':
saved_search.schedule.cron_schedule = params.get('alert_cron')
else:
saved_search.schedule.cron_schedule = alert_preset
elif schedule_type=='never':
saved_search.schedule.is_scheduled = False
saved_search.schedule.cron_schedule = None
elif schedule_type=='continuous':
saved_search.schedule.cron_schedule = '* * * * *'
# dashboard model
dashboard = Dashboard.get(params.get('dashboard_id'))
panel_type = params.get('panel_type', 'event')
dashboard.create_panel(panel_type, saved_search=saved_search.name, title=params.get('panel_title'))
if saved_search.passive_save() and dashboard.passive_save():
# update saved search only on save success
raise cherrypy.HTTPRedirect(self.make_url(['dashboardwizard', app, 'success'], _qs=dict(search_id=saved_search.id, dashboard_id=dashboard.id)), 303)
template_args = dict(app=app, saved_search=saved_search, dashboard=dashboard, dashboard_action=params.get('dashboard_action'))
return self.render_template('dashboardwizard/step3.html', template_args)
def step3_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get("id"))
saved_search.update(params)
saved_search.is_disabled = False
metadata_sharing = params.get("metadata.sharing")
if metadata_sharing == "user":
try:
saved_search.unshare()
except Exception:
saved_search.errors = [
_(
"Search %s cannot be private because it already exists. Try using another search name by cancelling this alert and creating a new one."
)
% saved_search.name
]
elif metadata_sharing == "app":
try:
saved_search.share_app()
except Exception:
saved_search.errors = [
_(
"Search %s cannot be shared because it already exists. Try using another search name by cancelling this alert and creating a new one."
)
% saved_search.name
]
if not saved_search.errors and saved_search.passive_save():
raise cherrypy.HTTPRedirect(
self.make_url(["alertswizardv2", app, "success"], _qs=dict(id=saved_search.id)), 303
)
self.step1_to_ui(saved_search)
return self.render_template("alertswizardv2/step3.html", dict(app=app, saved_search=saved_search))
def step2_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get("id"))
saved_search.update(params)
saved_search.action.email.enabled = False if params.get("action.email.enabled") is None else True
if saved_search.action.email.enabled is False:
saved_search.action.email.to = None
saved_search.action.script.enabled = False if params.get("action.script.enabled") is None else True
saved_search.alert.track = False if params.get("alert.track") is None else True
saved_search.alert.suppress.enabled = False if params.get("alert.suppress.enabled") is None else True
if (
saved_search.action.email.enabled is False
and saved_search.action.script.enabled is False
and saved_search.alert.track is False
):
saved_search.errors.append(_("Enable at least one action."))
self.step2_from_ui(params, saved_search)
if not saved_search.errors and saved_search.passive_save():
raise cherrypy.HTTPRedirect(
self.make_url(["alertswizardv2", app, "step3"], _qs=dict(id=saved_search.id)), 303
)
for idx, error in enumerate(saved_search.errors):
if error == "action.email.to is required if email action is enabled":
saved_search.errors[idx] = _("Provide at least one address for scheduled report emails.")
self.step1_to_ui(saved_search)
self.step2_to_ui(saved_search)
return self.render_template("alertswizardv2/step2.html", dict(app=app, saved_search=saved_search))
def step1_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
self.step1_from_ui(params, saved_search)
if saved_search.passive_save():
raise cherrypy.HTTPRedirect(self.make_url(['scheduledigestwizard', app, 'step2'], _qs=dict(id=saved_search.id)), 303)
self.step1_to_ui(saved_search)
return self.render_template('scheduledigestwizard/step1_edit.html', dict(app=app, saved_search=saved_search))
def step2_new(self, app, action, **params):
owner = splunk.auth.getCurrentUser()['name']
saved_search = SavedSearch.get(params.get('id'))
dashboard = Dashboard(app, owner, None)
dashboard.metadata.sharing = 'app'
dashboards = Dashboard.filter_by_can_write_simple_xml(app)
template_args = dict(app=app, saved_search=saved_search, dashboard=dashboard, dashboards=dashboards,
dashboard_action=None, panel_type='event', panel_title=None)
return self.render_template('dashboardwizard/step2.html', template_args)
def isSearchEnabled(searchName, sessionKey):
try:
saved_search = SavedSearch.get(
SavedSearch.build_id(searchName, None, None), sessionKey)
return not saved_search.is_disabled
except splunk.ResourceNotFound:
return None # Search was not found!
def step2_new(self, app, action, **params):
owner = splunk.auth.getCurrentUser()['name']
saved_search = SavedSearch.get(params.get('id'))
dashboard = Dashboard(app, owner, None)
dashboard.metadata.sharing = 'app'
dashboards = Dashboard.filter_by_can_write_simple_xml(app)
template_args = dict(app=app, saved_search=saved_search, dashboard=dashboard, dashboards=dashboards,
dashboard_action=None, panel_type='event', panel_title=None)
return self.render_template('dashboardwizard/step2.html', template_args)
def step3_edit(self, app, action, **params):
owner = splunk.auth.getCurrentUser()['name']
saved_search = SavedSearch.get(params.get('search_id'))
dashboard = Dashboard.get(params.get('dashboard_id'))
dashboard_action = params.get('dashboard_action')
panel_type = 'event'
if saved_search.ui.display_view in ['charting', 'report_builder_format_report', 'report_builder_display']:
panel_type = 'chart'
template_args = dict(app=app, saved_search=saved_search, dashboard=dashboard, dashboard_action=dashboard_action, panel_type=panel_type, panel_title=None)
return self.render_template('dashboardwizard/step3.html', template_args)
def step2_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.update(params)
saved_search.action.email.enabled = False if params.get('action.email.enabled') is None else True
saved_search.action.script.enabled = False if params.get('action.script.enabled') is None else True
self.step2_from_ui(params, saved_search)
if saved_search.passive_save():
raise cherrypy.HTTPRedirect(self.make_url(['scheduledigestwizard', app, 'step3'], _qs=dict(id=saved_search.id)), 303)
self.step2_to_ui(saved_search)
return self.render_template('scheduledigestwizard/step2.html', dict(app=app, saved_search=saved_search))
def step1_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get("id"))
saved_search.update(params)
self.step1_from_ui(params, saved_search)
if len(saved_search.errors) == 0 and saved_search.passive_save():
raise cherrypy.HTTPRedirect(
self.make_url(["alertswizardv2", app, "step2"], _qs=dict(id=saved_search.id)), 303
)
self.step1_to_ui(saved_search)
return self.render_template("alertswizardv2/step1_edit.html", dict(app=app, saved_search=saved_search))
def step3_edit(self, app, action, **params):
owner = splunk.auth.getCurrentUser()['name']
saved_search = SavedSearch.get(params.get('search_id'))
dashboard = Dashboard.get(params.get('dashboard_id'))
dashboard_action = params.get('dashboard_action')
panel_type = 'event'
if saved_search.ui.display_view in ['charting', 'report_builder_format_report', 'report_builder_display']:
panel_type = 'chart'
template_args = dict(app=app, saved_search=saved_search, dashboard=dashboard, dashboard_action=dashboard_action, panel_type=panel_type, panel_title=None)
return self.render_template('dashboardwizard/step3.html', template_args)
def step1_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
self.step1_from_ui(params, saved_search)
if saved_search.passive_save():
raise cherrypy.HTTPRedirect(
self.make_url(['scheduledigestwizard', app, 'step2'],
_qs=dict(id=saved_search.id)), 303)
self.step1_to_ui(saved_search)
return self.render_template('scheduledigestwizard/step1_edit.html',
dict(app=app, saved_search=saved_search))
def step1_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.update(params)
self.step1_from_ui(params, saved_search)
if len(saved_search.errors) == 0 and saved_search.passive_save():
raise cherrypy.HTTPRedirect(
self.make_url(['alertswizardv2', app, 'step2'],
_qs=dict(id=saved_search.id)), 303)
self.step1_to_ui(saved_search)
return self.render_template('alertswizardv2/step1_edit.html',
dict(app=app, saved_search=saved_search))
def step2_edit(self, app, action, **params):
owner = splunk.auth.getCurrentUser()['name']
saved_search = SavedSearch.get(params.get('id'))
dashboard = Dashboard.get(params.get('dashboard_id'))
dashboard_action = params.get('dashboard_action')
if dashboard_action=='new':
dashboard.delete()
dashboards = Dashboard.filter_by_can_write_simple_xml()
template_args = dict(app=app, saved_search=saved_search, dashboard=dashboard, dashboards=dashboards,
dashboard_action=dashboard_action)
return self.render_template('dashboardwizard/step2.html', template_args)
def step3_edit(self, app, action, **params):
saved_search = SavedSearch.get(params.get('id'))
pdf_config = PDFConfig.get()
email_results_type = None
if saved_search.action.email.format == 'html':
saved_search.action.email.format = 'inline'
elif saved_search.action.email.sendpdf:
saved_search.action.email.format = 'pdf'
# first time nudge them not to track if always was selected
saved_search.alert.track = False if saved_search.alert.type=='always' else True
return self.render_template('alertswizard/step3.html', dict(app=app, email_results_type=email_results_type, saved_search=saved_search, pdf_config=pdf_config))
def step2_edit(self, app, action, **params):
owner = splunk.auth.getCurrentUser()['name']
saved_search = SavedSearch.get(params.get('id'))
dashboard = Dashboard.get(params.get('dashboard_id'))
dashboard_action = params.get('dashboard_action')
if dashboard_action=='new':
dashboard.delete()
dashboards = Dashboard.filter_by_can_write_simple_xml()
template_args = dict(app=app, saved_search=saved_search, dashboard=dashboard, dashboards=dashboards,
dashboard_action=dashboard_action)
return self.render_template('dashboardwizard/step2.html', template_args)
def searchedit(self, app, action, row, column, **params):
row = int(row)
column = int(column)
dashboard = Dashboard.get(params.get('id'))
dashboard_panel = DashboardPanel(None, (row, column),
dashboard=dashboard)
saved_searches = SavedSearch.all().filter_by_app(app)
saved_search_id = params.get('saved_search_id')
owner = splunk.auth.getCurrentUser()['name']
inline_search = SavedSearch(app, owner, None)
ui_search_mode = dashboard_panel.panel_model.searchMode
# set the saved_search object
if saved_search_id:
saved_search = SavedSearch.get(saved_search_id)
ui_search_mode = 'saved'
# otherwise defer to the first saved search item if it exists or an empty one
else:
saved_search_query = SavedSearch.all()
if len(saved_search_query) > 0:
saved_search = saved_search_query[0]
else:
saved_search = SavedSearch(app, owner, None)
# based on search mode pre-populate an active saved_search and the inline_search accordingly
if dashboard_panel.panel_model.searchMode == 'saved' and not saved_search_id:
saved_search_query = SavedSearch.all().filter_by_app(None).search(
'name=%s' % util.fieldListToString(
[dashboard_panel.panel_model.searchCommand]))
if len(saved_search_query) > 0:
saved_search = saved_search_query[0]
# invalid/non-existant saved search reference, revert to empty saved search model
else:
saved_search.search = dashboard_panel.panel_model.searchCommand
saved_search.dispatch.earliest_time = dashboard_panel.panel_model.searchEarliestTime
saved_search.dispatch.latest_time = dashboard_panel.panel_model.searchLatestTime
elif dashboard_panel.panel_model.searchMode == 'string':
inline_search.search = dashboard_panel.panel_model.searchCommand
inline_search.dispatch.earliest_time = dashboard_panel.panel_model.searchEarliestTime
inline_search.dispatch.latest_time = dashboard_panel.panel_model.searchLatestTime
template_args = dict(app=app,
dashboard=dashboard,
dashboard_panel=dashboard_panel,
saved_searches=saved_searches,
saved_search=saved_search,
ui_search_mode=ui_search_mode,
inline_search=inline_search)
return self.render_template('paneleditor/searchedit.html',
template_args)
def step2_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.update(params)
saved_search.action.email.enabled = False if params.get(
'action.email.enabled') is None else True
saved_search.action.script.enabled = False if params.get(
'action.script.enabled') is None else True
self.step2_from_ui(params, saved_search)
if saved_search.passive_save():
raise cherrypy.HTTPRedirect(
self.make_url(['scheduledigestwizard', app, 'step3'],
_qs=dict(id=saved_search.id)), 303)
self.step2_to_ui(saved_search)
return self.render_template('scheduledigestwizard/step2.html',
dict(app=app, saved_search=saved_search))
def step1_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.update(params)
if params.get('sharing')=='app':
try:
saved_search.share_app()
except Exception:
saved_search.errors = [_('Search %s cannot be shared because it already exists. Try using another search name by cancelling this alert and creating a new one.') % saved_search.name ]
else:
try:
saved_search.unshare()
except Exception:
saved_search.errors = [_('Search %s cannot be private because it already exists. Try using another search name by cancelling this alert and creating a new one.') % saved_search.name ]
if not saved_search.errors and saved_search.passive_save():
raise cherrypy.HTTPRedirect(self.make_url(['alertswizard', app, 'step2'], _qs=dict(id=saved_search.id)), 303)
return self.render_template('alertswizard/step1_edit.html', dict(app=app, saved_search=saved_search))
def step3_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.update(params)
saved_search.is_disabled = False
metadata_sharing = params.get('metadata.sharing')
if metadata_sharing == 'user':
try:
saved_search.unshare()
except Exception:
saved_search.errors = [_('Search %s cannot be private because it already exists. Try using another search name by cancelling this alert and creating a new one.') % saved_search.name ]
elif metadata_sharing == 'app':
try:
saved_search.share_app()
except Exception:
saved_search.errors = [_('Search %s cannot be shared because it already exists. Try using another search name by cancelling this alert and creating a new one.') % saved_search.name ]
if not saved_search.errors and saved_search.passive_save():
raise cherrypy.HTTPRedirect(self.make_url(['scheduledigestwizard', app, 'success'], _qs=dict(id=saved_search.id)), 303)
return self.render_template('scheduledigestwizard/step3.html', dict(app=app, saved_search=saved_search))
def get_headlines_detail(self,
headlines,
app,
user,
count,
earliest,
severity=None,
srtd=None):
search_string = ""
sorted_list = []
if earliest is not None:
search_string = search_string + ' trigger_time > ' + str(
self.get_time(earliest))
for headline in headlines:
try:
s = SavedSearch.get(
SavedSearch.build_id(headline.alert_name, app, user))
alerts = None
if s.alert.severity in severity:
alerts = s.get_alerts()
if alerts is not None:
if len(search_string) > 0:
alerts.search(search_string)
for alert in alerts:
h = {
'message':
self.replace_tokens(headline.message, alert.sid),
'job_id':
alert.sid,
'severity':
s.alert.severity,
'count':
alert.triggered_alerts,
'time':
alert.trigger_time.strftime('%s'),
'timesince':
timesince(alert.trigger_time)
}
sorted_list.append(h)
except Exception, ex:
logger.warn('problem retreiving alerts for saved search %s' %
headline.alert_name)
logger.debug(ex)
def searchedit(self, app, action, row, column, **params):
row = int(row)
column = int(column)
dashboard = Dashboard.get(params.get('id'))
dashboard_panel = DashboardPanel(None, (row, column), dashboard=dashboard)
saved_searches = SavedSearch.all().filter_by_app(app)
saved_search_id = params.get('saved_search_id')
owner = splunk.auth.getCurrentUser()['name']
inline_search = SavedSearch(app, owner, None)
ui_search_mode = dashboard_panel.panel_model.searchMode
# set the saved_search object
if saved_search_id:
saved_search = SavedSearch.get(saved_search_id)
ui_search_mode = 'saved'
# otherwise defer to the first saved search item if it exists or an empty one
else:
saved_search_query = SavedSearch.all()
if len(saved_search_query)>0:
saved_search = saved_search_query[0]
else:
saved_search = SavedSearch(app, owner, None)
# based on search mode pre-populate an active saved_search and the inline_search accordingly
if dashboard_panel.panel_model.searchMode=='saved' and not saved_search_id:
saved_search_query = SavedSearch.all().filter_by_app(None).search('name=%s' % util.fieldListToString([dashboard_panel.panel_model.searchCommand]))
if len(saved_search_query)>0:
saved_search = saved_search_query[0]
# invalid/non-existant saved search reference, revert to empty saved search model
else:
saved_search.search = dashboard_panel.panel_model.searchCommand
saved_search.dispatch.earliest_time = dashboard_panel.panel_model.searchEarliestTime
saved_search.dispatch.latest_time = dashboard_panel.panel_model.searchLatestTime
elif dashboard_panel.panel_model.searchMode=='string':
inline_search.search = dashboard_panel.panel_model.searchCommand
inline_search.dispatch.earliest_time = dashboard_panel.panel_model.searchEarliestTime
inline_search.dispatch.latest_time = dashboard_panel.panel_model.searchLatestTime
template_args = dict(app=app, dashboard=dashboard, dashboard_panel=dashboard_panel, saved_searches=saved_searches, saved_search=saved_search,
ui_search_mode=ui_search_mode, inline_search=inline_search)
return self.render_template('paneleditor/searchedit.html', template_args)
def step2_create(self, app, step, action, **params):
# saved search models
saved_search = SavedSearch.get(params.get('id'))
# dashboard model
dashboard_action = params.get('dashboard.action')
owner = splunk.auth.getCurrentUser()['name']
if dashboard_action=='get':
try:
dashboard = Dashboard.get(params.get('dashboard.id'))
except:
dashboard = Dashboard(app, owner, None)
dashboard.errors = [_('Please choose an existing dashboard.')]
else:
dashboard_name = params.get('dashboard.name', '')
try:
dashboard_name.encode('ascii')
except:
date = str(splunk.util.dt2epoch(datetime.datetime.now())).replace('.', '_')
dashboard_name = '%s_%s' % (splunk.auth.getCurrentUser()['name'], date)
dashboard = Dashboard(app, owner, dashboard_name)
dashboard.label = params.get('dashboard.label')
dashboard.metadata.sharing = params.get('sharing', 'user')
if not dashboard.errors and saved_search.passive_save() and dashboard.passive_save():
# update saved search only on save success
if dashboard.metadata.sharing=='app':
try:
saved_search.share_app()
except Exception:
saved_search.errors = [_('Search %s cannot be shared because it already exists. Try using another search name in the previous step.') % saved_search.name ]
else:
try:
saved_search.unshare()
except Exception:
saved_search.errors = [_('Search %s cannot be private because it already exists. Try using another search name in the previous step.') % saved_search.name]
if not saved_search.errors:
raise cherrypy.HTTPRedirect(self.make_url(['dashboardwizard', app, 'step3'], _qs=dict(search_id=saved_search.id, dashboard_id=dashboard.id, dashboard_action=dashboard_action)), 303)
dashboards = Dashboard.filter_by_can_write_simple_xml()
template_args = dict(app=app, saved_search=saved_search, dashboard=dashboard, dashboards=dashboards, dashboard_action=dashboard_action)
return self.render_template('dashboardwizard/step2.html', template_args)
def step2_create(self, app, step, action, **params):
# saved search models
saved_search = SavedSearch.get(params.get('id'))
# dashboard model
dashboard_action = params.get('dashboard.action')
owner = splunk.auth.getCurrentUser()['name']
if dashboard_action=='get':
try:
dashboard = Dashboard.get(params.get('dashboard.id'))
except:
dashboard = Dashboard(app, owner, None)
dashboard.errors = [_('Please choose an existing dashboard.')]
else:
dashboard_name = params.get('dashboard.name', '')
try:
dashboard_name.encode('ascii')
except:
date = str(splunk.util.dt2epoch(datetime.datetime.now())).replace('.', '_')
dashboard_name = '%s_%s' % (splunk.auth.getCurrentUser()['name'], date)
dashboard = Dashboard(app, owner, dashboard_name)
dashboard.label = params.get('dashboard.label')
dashboard.metadata.sharing = params.get('sharing', 'user')
if not dashboard.errors and saved_search.passive_save() and dashboard.passive_save():
# update saved search only on save success
if dashboard.metadata.sharing=='app':
try:
saved_search.share_app()
except Exception:
saved_search.errors = [_('Search %s cannot be shared because it already exists. Try using another search name in the previous step.') % saved_search.name ]
else:
try:
saved_search.unshare()
except Exception:
saved_search.errors = [_('Search %s cannot be private because it already exists. Try using another search name in the previous step.') % saved_search.name]
if not saved_search.errors:
raise cherrypy.HTTPRedirect(self.make_url(['dashboardwizard', app, 'step3'], _qs=dict(search_id=saved_search.id, dashboard_id=dashboard.id, dashboard_action=dashboard_action)), 303)
dashboards = Dashboard.filter_by_can_write_simple_xml()
template_args = dict(app=app, saved_search=saved_search, dashboard=dashboard, dashboards=dashboards, dashboard_action=dashboard_action)
return self.render_template('dashboardwizard/step2.html', template_args)
def step2_update(self, app, step, action, **params):
errors = []
saved_search = SavedSearch.get(params.get('id'))
saved_search.update(params)
alert_preset = params.get('alert_preset')
digest_mode = params.get('alert.digest_mode')
saved_search.alert.digest_mode = digest_mode
if alert_preset == 'cron':
saved_search.schedule.cron_schedule = params.get('alert_cron')
else:
saved_search.schedule.cron_schedule = alert_preset
if params.get('saved_search.alert.suppress.enabled'):
saved_search.alert.suppress.enabled = True
if digest_mode == '0':
saved_search.alert.suppress.fieldlist = params.get('alert.suppress.fields')
else:
saved_search.alert.suppress.enabled = False
saved_search.alert.suppress.period = params.get('suppress_value', '') + params.get('suppress_unit', '')
if params.get('alert.expires') == 'custom':
saved_search.alert.expires = params.get('expires_value', '') + params.get('expires_unit', '')
saved_search.schedule.is_scheduled = True
if params.get('alert.type')=='custom':
if not params.get('alert.condition'):
errors.append(_('Conditional search is a required field'))
saved_search.alert.threshold = None
saved_search.alert.comparator = None
elif params.get('alert.type')=='always':
saved_search.alert.condition = None
saved_search.alert.threshold = None
saved_search.alert.comparator = None
else:
saved_search.alert.condition = None
if saved_search.passive_save() and len(errors)==0:
raise cherrypy.HTTPRedirect(self.make_url(['alertswizard', app, 'step3'], _qs=dict(id=saved_search.id)), 303)
saved_search.errors = saved_search.errors + errors
return self.render_template('alertswizard/step2.html', dict(app=app, saved_search=saved_search))
def success(self, app, action, **params):
saved_search = SavedSearch.get(params.get('search_id'))
dashboard = Dashboard.get(params.get('dashboard_id'))
return self.render_template('dashboardwizard/success.html', dict(app=app, saved_search=saved_search, dashboard=dashboard))
def step3_edit(self, app, action, **params):
saved_search = SavedSearch.get(params.get('id'))
self.step1_to_ui(saved_search)
return self.render_template('alertswizardv2/step3.html',
dict(app=app, saved_search=saved_search))
def step1_edit(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
return self.render_template('dashboardwizard/step1_edit.html', dict(app=app, saved_search=saved_search))
def delete(self, app, action, **params):
SavedSearch.get(params.get('id')).delete()
raise cherrypy.HTTPRedirect(self.make_url(['scheduledigestwizard', app, 'step1', 'new']), 303)
def step1_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.update(params)
if saved_search.passive_save():
raise cherrypy.HTTPRedirect(self.make_url(['dashboardwizard', app, 'step2', 'new'], _qs=dict(id=saved_search.id)), 303)
return self.render_template('dashboardwizard/step1_edit.html', dict(app=app, saved_search=saved_search))
def success(self, app, action, **params):
saved_search = SavedSearch.get(params.get('search_id'))
dashboard = Dashboard.get(params.get('dashboard_id'))
return self.render_template('dashboardwizard/success.html', dict(app=app, saved_search=saved_search, dashboard=dashboard))
def success(self, app, action, **params):
saved_search = SavedSearch.get(params.get("id"))
return self.render_template("alertswizardv2/success.html", dict(app=app, saved_search=saved_search))
def step1_edit(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
return self.render_template('dashboardwizard/step1_edit.html', dict(app=app, saved_search=saved_search))
def delete(self, app, action, **params):
SavedSearch.get(params.get('id')).delete()
dashboard_id = params.get('dashboard_id')
if dashboard_id:
Dashboard.get(dashboard_id).delete()
raise cherrypy.HTTPRedirect(self.make_url(['dashboardwizard', app, 'step1', 'new']), 303)
def delete(self, app, action, **params):
SavedSearch.get(params.get('id')).delete()
raise cherrypy.HTTPRedirect(
self.make_url(['scheduledigestwizard', app, 'step1', 'new']), 303)
def step2_edit(self, app, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.ui_allow_pdf = splunk.pdf.availability.is_available(cherrypy.session['sessionKey'])
self.step2_to_ui(saved_search)
return self.render_template('scheduledigestwizard/step2.html', dict(app=app, saved_search=saved_search))
def step1_update(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
saved_search.update(params)
if saved_search.passive_save():
raise cherrypy.HTTPRedirect(self.make_url(['dashboardwizard', app, 'step2', 'new'], _qs=dict(id=saved_search.id)), 303)
return self.render_template('dashboardwizard/step1_edit.html', dict(app=app, saved_search=saved_search))
def step1_edit(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
self.step1_to_ui(saved_search)
return self.render_template('scheduledigestwizard/step1_edit.html',
dict(app=app, saved_search=saved_search))
def step3_edit(self, app, action, **params):
saved_search = SavedSearch.get(params.get("id"))
self.step1_to_ui(saved_search)
return self.render_template("alertswizardv2/step3.html", dict(app=app, saved_search=saved_search))
def success(self, app, action, **params):
saved_search = SavedSearch.get(params.get('id'))
return self.render_template('savesearchwizard/success.html', dict(app=app, saved_search=saved_search))
def delete(self, app, action, **params):
SavedSearch.get(params.get("id")).delete()
raise cherrypy.HTTPRedirect(self.make_url(["alertswizardv2", app, "step1", "new"]), 303)
def run(*args, **kwargs):
"""
This function checks for related searches that are not enabled even though the correlation search is.
"""
sessionKey = kwargs.get('sessionKey')
correlation_searches = CorrelationSearch.all(sessionKey=sessionKey)
# Determine if the search is enabled
def isSearchEnabled(searchName, sessionKey):
try:
saved_search = SavedSearch.get(
SavedSearch.build_id(searchName, None, None), sessionKey)
return not saved_search.is_disabled
except splunk.ResourceNotFound:
return None # Search was not found!
def checkRelatedSearch(main_search, related_search, sessionKey, messages):
if main_search is not None:
enabled = isSearchEnabled(related_search, sessionKey)
# The related search could not be found
if enabled is None:
messages.append((logging.ERROR,
MSG_RELATED_SEARCH_NOT_FOUND.format(
main_search, related_search)))
# The related search is disabled
elif not enabled:
messages.append((logging.ERROR,
MSG_RELATED_SEARCH_DISABLED.format(
main_search, related_search)))
messages = []
# Check the related searches for each correlation search
for correlation_search in correlation_searches:
saved_search = None
# Make sure the correlation search is enabled
try:
## SOLNESS-9934: using owner='nobody' to mitigate false positives as a result of owner differences
saved_search = SavedSearch.get(
SavedSearch.build_id(correlation_search.name,
correlation_search.namespace, 'nobody'),
sessionKey)
except splunk.ResourceNotFound:
## SOLNESS-7123: Adding exception for the manual notable event correlation search entry
if correlation_search.name != "Manual Notable Event - Rule":
# Possibly an orphaned correlationsearches.conf stanza.
messages.append(
(logging.ERROR,
MSG_CORRELATION_SEARCH_ERR.format(
correlation_search.name, correlation_search.namespace,
SEARCHLINK_CORRELATION_SEARCH_ERR)))
if saved_search and not saved_search.is_disabled:
# If the search is enabled, check the related searches to make sure they are enabled too
for i in ['', '_0', '_1', '_2', '_3', '_4']:
if getattr(correlation_search,
'related_search_name' + i) is not None:
checkRelatedSearch(
correlation_search.name,
getattr(correlation_search, 'related_search_name' + i),
sessionKey, messages)
return messages
def step1_edit(self, app, step, action, **params):
saved_search = SavedSearch.get(params.get('id'))
self.step1_to_ui(saved_search)
return self.render_template('scheduledigestwizard/step1_edit.html', dict(app=app, saved_search=saved_search))
def get_savedsearch(self):
from splunk.models.saved_search import SavedSearch
return SavedSearch.get(self.entity.getLink('savedsearch'))
def delete(self, app, action, **params):
SavedSearch.get(params.get('id')).delete()
dashboard_id = params.get('dashboard_id')
if dashboard_id:
Dashboard.get(dashboard_id).delete()
raise cherrypy.HTTPRedirect(self.make_url(['dashboardwizard', app, 'step1', 'new']), 303)
