def collect(self, dateRange):
'''
:param dateRange: dict("start" : date , "stop" : date)
:return:
'''
saved_search = self.dataPointSchema.dataPointSchema.get('saved_search')
spl = self.dataPointSchema.dataPointSchema.get('spl')
if saved_search:
spl = ' '.join(['|', 'savedsearch', saved_search])
splunkrc = self.options.get('splunkrc')
instrumentationIndex = InstrumentationIndex(splunkrc=splunkrc)
kwargs = {
"earliest_time": dateRange['start'],
"latest_time": dateRange['stop']
}
if isinstance(kwargs['earliest_time'], date):
kwargs['earliest_time'] = date_to_timestamp_str(
datetime.combine(kwargs['earliest_time'], time.min).replace(tzinfo=local))
if isinstance(kwargs['latest_time'], date):
kwargs['latest_time'] = date_to_timestamp_str(
datetime.combine(kwargs['latest_time'], time.max).replace(tzinfo=local))
events = instrumentationIndex.query_runner.search(spl, **kwargs)
return events
def send_failed(self,
start,
end,
visibility,
method=METHOD['AUTO'],
time_range=None,
count=None):
"""send_failed.
Send status failed into index_name
start = a datetime Object
end = a datetime Object
visibility = ['licese', 'anonymous']
method = ['auto', 'manual']
"""
logging.info("failed send " + date_to_timestamp_str(start) + ' to ' +
date_to_timestamp_str(end))
self._submit_status(self._status["FAILED"],
start,
end,
visibility,
source=self.source,
method=method,
time_range=time_range,
count=None)
def _query_by_date(self, t_start, t_end, visibility, time_limit=None):
'''
earliest and latest makes the assumtion that _telemery events are indexed the day after they happen
:param t_start:
:param t_end:
:param visibility:
:return:
'''
search_cmd = 'search index=' + self.index_name
search_cmd += " sourcetype=" + INSTRUMENTATION_SOURCETYPE + " | spath date | search "
if time_limit:
kwargs = {
"earliest_time": date_to_timestamp_str(time_limit['start']),
"latest_time": date_to_timestamp_str(time_limit['stop'])
}
else:
kwargs = {
"earliest_time":
date_to_timestamp_str(
datetime.combine(t_start, time.min).replace(tzinfo=local)),
"latest_time":
date_to_timestamp_str(
datetime.combine(t_end + timedelta(days=1),
time.max).replace(tzinfo=local))
}
if t_start:
search_cmd += (' date>=%s' % t_start.strftime("%Y-%m-%d"))
if t_end:
search_cmd += (' date<=%s' % t_end.strftime("%Y-%m-%d"))
visibility_cmd = self._get_visibility_cmd(visibility)
search_cmd += " (%s)" % visibility_cmd
return self.query_runner.search(search_cmd, **kwargs)
def get_last_auto_send_log(self):
"""Get the last event recorded to index_name with method = auto """
search_cmd = 'search index = ' + self.index_name + ' sourcetype=' + AUDIT_SOURCETYPE + ' method = auto| head 1'
query_results = [
value for value in self.query_runner._query(search_cmd)
]
if not query_results or len(query_results) == 0:
return None
result = json.loads(query_results[0]['_raw'])
result['start'] = datetime.fromtimestamp(float(result['start']))
result['end'] = datetime.fromtimestamp(float(result['end']))
logging.info("get_last_auto_send_log " +
date_to_timestamp_str(result['start']) + ' to ' +
date_to_timestamp_str(result['end']))
return result
def bundle_data(self,
status,
start,
end,
visibility,
source=None,
method=METHOD['AUTO'],
time_range=None,
count=None):
date_range = {}
if time_range is None:
time_range = {
"start": local_date_to_utc(start, dtime.min),
"stop": local_date_to_utc(end + timedelta(days=1), dtime.max)
}
date_range['start'] = date_to_timestamp_str(time_range.get('start'))
date_range['stop'] = date_to_timestamp_str(time_range.get('stop'))
data = {
"time": int(time.time()),
"status": status,
"start": date_range['start'],
"end": date_range['stop'],
"executionID": INST_EXECUTION_ID,
"visibility": visibility,
"method": method,
"start_date": start,
"end_date": end,
"count": count,
"version": INST_VERSION
}
data = json.dumps(data, default=json_serial)
return data