def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = super(ModInputbigfix_infrastructure, self).get_scheme()
scheme.title = ("BigFix Infrastructure")
scheme.description = (
"Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu."
)
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.add_argument(
smi.Argument("name",
title="Name",
description="",
required_on_create=True))
"""
For customized inputs, hard code the arguments here to hide argument detail from users.
For other input types, arguments should be get from input_module. Defining new input types could be easier.
"""
scheme.add_argument(
smi.Argument("global_account",
title="Global Account",
description="",
required_on_create=True,
required_on_edit=False))
return scheme
def get_scheme(self):
"""Creates modular input scheme.
Returns:
modularinput.Scheme object.
"""
scheme = modularinput.Scheme(SPLUNK_MI_NAME)
scheme.description = SPLUNK_MI_DESC
scheme.use_external_validation = True
card_id = modularinput.Argument('card_id')
card_id.data_type = modularinput.Argument.data_type_number
card_id.description = 'Monobank Card ID'
card_id.required_on_create = True
scheme.add_argument(card_id)
token = modularinput.Argument('token')
token.data_type = modularinput.Argument.data_type_string
token.description = 'Monobank token'
token.required_on_create = True
scheme.add_argument(token)
init_date = modularinput.Argument('init_date')
init_date.data_type = modularinput.Argument.data_type_string
init_date.description = 'Initial date for getting transactions list. Format: YYYY-MM-DD'
init_date.required_on_create = True
scheme.add_argument(init_date)
log_level = modularinput.Argument('log_level')
log_level.data_type = modularinput.Argument.data_type_string
log_level.description = 'Log level (DEBUG|INFO)'
log_level.required_on_create = True
scheme.add_argument(log_level)
return scheme
def get_scheme(self):
scheme = modularinput.Scheme("Socrata Data Feed")
scheme.description = "Retrieve events from a Socrata-run government data site"
scheme.use_single_instance = False
scheme.use_external_validation = False
url_arg = modularinput.Argument("url")
url_arg.data_type = modularinput.Argument.data_type_string
url_arg.description = "The Socrata SODA API resource URL"
url_arg.required_on_create = True
scheme.add_argument(url_arg)
date_field_arg = modularinput.Argument("date_field")
date_field_arg.data_type = modularinput.Argument.data_type_string
date_field_arg.description = "Date field to sort on (and index by)"
date_field_arg.required_on_create = True
scheme.add_argument(date_field_arg)
default_date_arg = modularinput.Argument("default_checkpoint_date")
default_date_arg.data_type = modularinput.Argument.data_type_string
default_date_arg.description = "Earliest date to index (in isoformat, like 2016-01-01)"
default_date_arg.required_on_create = True
scheme.add_argument(default_date_arg)
limit_arg = modularinput.Argument("limit")
limit_arg.data_type = modularinput.Argument.data_type_number
limit_arg.description = "Number of events to pull per request"
limit_arg.required_on_create = False
scheme.add_argument(url_arg)
return scheme
def get_scheme(self):
scheme = smi.Scheme('geoipupdate')
scheme.description = 'geoipupdate'
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.use_single_instance = True
scheme.add_argument(
smi.Argument('name',
title='Name',
description='Name',
required_on_create=True))
scheme.add_argument(smi.Argument(
'interval',
required_on_create=True,
))
scheme.add_argument(
smi.Argument(
'edition_ids',
required_on_create=True,
))
scheme.add_argument(
smi.Argument(
'global_account',
required_on_create=True,
))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = smi.Scheme("AWS Evident.io")
scheme.description = ("Collect notifications produced by AWS Evident.io."
"The feature must be enabled and its SNS topic must be subscribed to an SQS queue.")
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.use_single_instance = False
# defaults != documented scheme defaults, so I'm being explicit.
scheme.add_argument(smi.Argument("name", title="Name",
description="Choose an ID or nickname for this configuration",
required_on_create=True))
scheme.add_argument(smi.Argument("aws_account", title="AWS Account",
description="AWS account",
required_on_create=True, required_on_edit=True))
scheme.add_argument(smi.Argument("aws_region", title="SQS Queue Region",
description=("Name of the AWS region in which the"
" notification queue is located. Regions should be entered as"
" e.g., us-east-1, us-west-2, eu-west-1, ap-southeast-1, etc."),
required_on_create=True, required_on_edit=True))
scheme.add_argument(smi.Argument("sqs_queue", title="SQS Queue Name",
description=("Name of queue to which notifications of AWS Evident.io"
" are sent. The queue should be subscribed"
" to the AWS Evident.io SNS topic."),
required_on_create=True, required_on_edit=True))
scheme.add_argument(smi.Argument("enable_additional_notifications", title="Enable Debug",
description=("Index additional SNS/SQS events to help with troubleshooting."),
data_type=smi.Argument.data_type_boolean,
required_on_create=False))
return scheme
def get_scheme(self):
scheme = super(STRAVA_API, self).get_scheme()
scheme.title = ("Strava Activities")
scheme.description = 'Strava Activities'
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.use_single_instance = False
scheme.add_argument(
smi.Argument('name',
title='Name',
description='Name',
required_on_create=True))
scheme.add_argument(
smi.Argument(
'access_code',
required_on_create=True,
))
scheme.add_argument(
smi.Argument(
'start_time',
required_on_create=False,
))
scheme.add_argument(
smi.Argument(
'reindex_data',
required_on_create=False,
))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = smi.Scheme("SigsciEvent")
scheme.title = ("Sigsci Events")
scheme.description = ("")
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.use_single_instance = True
scheme.add_argument(
smi.Argument("name",
title="Name",
description="",
required_on_create=True))
scheme.add_argument(
smi.Argument("delta",
title="Time Delta",
description="Time interval in minutes",
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument("site",
title="Dashboard Site",
description="Name of the SigSci Dashboard Site",
required_on_create=True,
required_on_edit=True))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = super(ModInputbigfix_actions, self).get_scheme()
scheme.title = ("BigFix Actions")
scheme.description = ("Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu.")
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.add_argument(smi.Argument("name", title="Name",
description="",
required_on_create=True))
"""
For customized inputs, hard code the arguments here to hide argument detail from users.
For other input types, arguments should be get from input_module. Defining new input types could be easier.
"""
scheme.add_argument(smi.Argument("global_account", title="Global Account",
description="",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(smi.Argument("set_batch_value", title="Set Batch Value",
description="Number of batches to use for ingestion. NOTE: This number should be very large in very large environments.",
required_on_create=True,
required_on_edit=False))
return scheme
def get_scheme(self):
scheme = smi.Scheme('lansweeper_input')
scheme.description = 'Lansweeper Input'
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.use_single_instance = False
scheme.add_argument(
smi.Argument('name',
title='Name',
description='Name',
required_on_create=True))
scheme.add_argument(smi.Argument(
'site',
required_on_create=True,
))
scheme.add_argument(
smi.Argument(
'account_name',
required_on_create=True,
))
return scheme
def get_scheme(self):
scheme = smi.Scheme('example_input_two')
scheme.description = 'Example Input Two'
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.use_single_instance = True
scheme.add_argument(
smi.Argument('name',
title='Name',
description='Name',
required_on_create=True))
scheme.add_argument(smi.Argument(
'interval',
required_on_create=True,
))
scheme.add_argument(smi.Argument(
'account',
required_on_create=True,
))
scheme.add_argument(
smi.Argument(
'input_two_multiple_select',
required_on_create=True,
))
scheme.add_argument(
smi.Argument(
'input_two_checkbox',
required_on_create=False,
))
scheme.add_argument(
smi.Argument(
'input_two_radio',
required_on_create=False,
))
scheme.add_argument(
smi.Argument(
'use_existing_checkpoint',
required_on_create=False,
))
scheme.add_argument(
smi.Argument(
'start_date',
required_on_create=False,
))
scheme.add_argument(
smi.Argument(
'example_help_link',
required_on_create=False,
))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = smi.Scheme("Statuscake_Alerts")
scheme.title = ("Status Cake Alerts")
scheme.description = ("Status Cake Alerts")
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.use_single_instance = False
scheme.add_argument(smi.Argument("name", title="Name",
description="",
required_on_create=True))
scheme.add_argument(smi.Argument("placeholder", title="Placeholder",
description="Do not set any value to this",
required_on_create=False))
return scheme
def get_input_arguments():
arguments = []
arguments.append(
smi.Argument("docker_api_version",
title="Docker API version",
description="e.g. v1.39",
required_on_create=True,
required_on_edit=False))
return arguments
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = super(ModInputdmarc_imap, self).get_scheme()
scheme.title = ("DMARC imap")
scheme.description = ("Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu.")
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.add_argument(smi.Argument("name", title="Name",
description="",
required_on_create=True))
"""
For customized inputs, hard code the arguments here to hide argument detail from users.
For other input types, arguments should be get from input_module. Defining new input types could be easier.
"""
scheme.add_argument(smi.Argument("global_account", title="Global Account",
description="Use the account configured in the setup tab",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(smi.Argument("imap_server", title="IMAP server",
description="Connect to the specified IMAP server with TLS (port 993)",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(smi.Argument("resolve_ip", title="Resolve IP",
description="Resolve the source_ip field in the DMARC aggregate reports.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(smi.Argument("validate_xml", title="Validate XML",
description="Validate the aggregate reports against the DMARC XSD. Results are included in the field vendor_rua_xsd_validation.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(smi.Argument("validate_dkim", title="Validate DKIM",
description="(Beta) Validate the DKIM signatures in the mail headers. Results are currently only available in DEBUG log.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(smi.Argument("imap_mailbox", title="IMAP mailbox",
description="Select the IMAP mailbox to poll. Default: INBOX",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(smi.Argument("output_format", title="Output format",
description="",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(smi.Argument("batch_size", title="Batch size",
description="Max number of messages to fetch per batch to prevent connection timeouts and resets",
required_on_create=False,
required_on_edit=False))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = smi.Scheme("autofocus_export")
scheme.title = ("AutoFocus Export List")
scheme.description = ("Retrieve export list from AutoFocus")
scheme.use_external_validation = True
scheme.streaming_mode_xml = False
scheme.use_single_instance = True
scheme.add_argument(
smi.Argument("name",
title="Name",
description="",
required_on_create=True))
scheme.add_argument(
smi.Argument("label",
title="label",
description="",
required_on_create=True,
required_on_edit=True))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = super(ModInputcrypto_settings, self).get_scheme()
scheme.title = ("crypto_settings")
scheme.description = (
"Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu."
)
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.add_argument(
smi.Argument("name",
title="Name",
description="",
required_on_create=True))
"""
For customized inputs, hard code the arguments here to hide argument detail from users.
For other input types, arguments should be get from input_module. Defining new input types could be easier.
"""
scheme.add_argument(
smi.Argument(
"type_of_data",
title="Type of Data",
description=
"Select if you are creating a new key file for encryption/decryption or a new salt file for hashing.",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument("key_salt",
title="Key / Salt",
description="Paste your key or salt here.",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"rsa_key_encryption_password",
title="RSA key encryption password",
description=
"Optional: If you are uploading an AES-256-CBC, DES-CBC or DES-EDE3-CBC encrypted private RSA key file, specify the corresponding password here. Leave blank otherwise.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"authorized_roles",
title="Authorized Roles",
description=
"Specify which roles should be authorized to use this key/salt file.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"authorized_users",
title="Authorized Users",
description=
"Specify which users should be authorized to use this key/salt file.",
required_on_create=False,
required_on_edit=False))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = super(ModInputdmarc_directory, self).get_scheme()
scheme.title = ("DMARC directory")
scheme.description = (
"Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu."
)
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.add_argument(
smi.Argument("name",
title="Name",
description="",
required_on_create=True))
"""
For customized inputs, hard code the arguments here to hide argument detail from users.
For other input types, arguments should be get from input_module. Defining new input types could be easier.
"""
scheme.add_argument(
smi.Argument(
"dmarc_directory",
title="Directory",
description="Directory containing DMARC aggregate reports",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"quiet_time",
title="Quiet time",
description=
"Ignore files that have a modification time of less than n seconds ago.",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"resolve_ip",
title="Resolve IP",
description=
"Resolve the source_ip field in the DMARC XML aggregate report",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"validate_xml",
title="Validate XML",
description=
"Validate the aggregate report XML against the DMARC XSD. Results are included in the field vendor_rua_xsd_validation.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument("output_format",
title="Output format",
description="",
required_on_create=True,
required_on_edit=False))
return scheme
def get_scheme(self):
"""
Overloaded splunklib modularinput method
"""
scheme = smi.Scheme('em_entity_manager')
scheme.title = ('Splunk Insights for Infrastructure - Entity Manager')
scheme.description = (
'Entity Manager helps to discover and manage your entities')
log_level = 'The logging level of the modular input. Defaults to DEBUG'
scheme.add_argument(
smi.Argument('log_level',
title='Log Level',
description=log_level,
required_on_create=False))
return scheme
def get_scheme(self):
"""
Overloaded splunklib modularinput method
"""
scheme = smi.Scheme('aws_input_restarter')
scheme.title = (
'Splunk Insights for Infrastructure - AWS Input Restarter')
scheme.description = (
'Restarts certain AWS inputs to workaround TA-AWS bugs')
log_level = 'The logging level of the modular input. Defaults to DEBUG'
scheme.add_argument(
smi.Argument('log_level',
title='Log Level',
description=log_level,
required_on_create=False))
return scheme
def get_scheme(self):
scheme = modularinput.Scheme("Hello World SDK")
scheme.description = "A simple demonstration of a modular input using the SDK"
scheme.use_external_validation = True
name_arg = modularinput.Argument(
name="name_to_greet",
data_type=modularinput.Argument.data_type_string,
description="Name to use in greeting",
required_on_create=True,
title="Who to Greet"
)
# If the validation message uses single quotes a very cryptic error is returned: "Expecting different token"
name_arg.validation = "validate(match('name_to_greet', '^(?![Bb]ob)'), \"We don't like Bob.\")"
scheme.add_argument(name_arg)
return scheme
def get_scheme(self):
scheme = super(STRAVA_WEBHOOK, self).get_scheme()
scheme.description = 'Strava Webhook'
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.add_argument(
smi.Argument(
'name',
title='Name',
description='Name',
required_on_create=True
)
)
scheme.add_argument(
smi.Argument(
'port',
required_on_create=True,
)
)
scheme.add_argument(
smi.Argument(
'verify_token',
required_on_create=True,
)
)
scheme.add_argument(
smi.Argument(
'callback_url',
required_on_create=True,
)
)
scheme.add_argument(
smi.Argument(
'cert_file',
required_on_create=True,
)
)
scheme.add_argument(
smi.Argument(
'key_file',
required_on_create=True,
)
)
return scheme
def get_scheme(self):
scheme = splunk.Scheme("Jamf Modular Input")
scheme.description = "Retrieves computer data from Jamf Pro."
scheme.use_external_validation = True
username_argument = splunk.Argument("jss_username")
username_argument.data_type = splunk.Argument.data_type_string
username_argument.description = "Jamf Pro Username"
username_argument.required_on_create = True
scheme.add_argument(username_argument)
password_argument = splunk.Argument("jss_password")
password_argument.data_type = splunk.Argument.data_type_string
password_argument.description = "Jamf Pro Password"
password_argument.required_on_create = True
scheme.add_argument(password_argument)
api_argument = splunk.Argument("api_call")
api_argument.data_type = splunk.Argument.data_type_string
api_argument.description = "Type of Advanced Search to call"
api_argument.required_on_create = True
scheme.add_argument(api_argument)
search_name_argument = splunk.Argument("search_name")
search_name_argument.data_type = splunk.Argument.data_type_string
search_name_argument.description = "Preconfigured Advanced Search to call"
search_name_argument.required_on_create = True
scheme.add_argument(search_name_argument)
url_argument = splunk.Argument("jss_url")
url_argument.data_type = splunk.Argument.data_type_string
url_argument.description = "Jamf Pro URL"
url_argument.required_on_create = True
scheme.add_argument(url_argument)
index_argument = splunk.Argument("index")
index_argument.data_type = splunk.Argument.data_type_string
index_argument.description = "Destination index"
host_argument = splunk.Argument("host")
host_argument.data_type = splunk.Argument.data_type_string
host_argument.description = "Host"
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = smi.Scheme("jira")
scheme.title = ("jira")
scheme.description = ("")
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.use_single_instance = False
desc_server = "JIRA server"
scheme.add_argument(smi.Argument("server", title="server",
description=desc_server,
required_on_create=True))
desc_username = '******'
scheme.add_argument(smi.Argument("username", title="username",
description=desc_username,
required_on_create=True))
desc_password = '******'
scheme.add_argument(smi.Argument("password", title="password",
description=desc_password,
required_on_create=True))
desc_protocol = 'REST API protocol, e.g., https'
scheme.add_argument(smi.Argument("protocol", title="protocol",
description=desc_protocol,
required_on_create=True))
desc_port = 'REST API port, e.g., 443'
scheme.add_argument(smi.Argument("port", title="port",
description=desc_port,
required_on_create=True))
desc_jql = "JQL query to filter tickets which are indexed, " \
"e.g., issueType in (epic, story)"
scheme.add_argument(smi.Argument("jql", title="jql",
description=desc_jql,
required_on_create=True))
desc_fields = "Fields to be indexed, a comma separated field list" \
"e.g., key, summary, project, updated"
scheme.add_argument(smi.Argument("fields", title="fields",
description=desc_fields,
required_on_create=True))
return scheme
def get_input_arguments():
arguments = []
arguments.append(
smi.Argument("device_ip",
title="Device IP",
description="",
required_on_create=True,
required_on_edit=False))
arguments.append(
smi.Argument(
"script_timeout",
title="Script Timeout",
description=
"The script is smart enough to know if a copy of itself is already running. Use this timeout to shut down the script and allow the normal input interval to restart the script.",
required_on_create=False,
required_on_edit=False))
arguments.append(
smi.Argument("collect_node_info_",
title="Collect Node Info?",
description="",
required_on_create=False,
required_on_edit=False))
arguments.append(
smi.Argument("node_info_interval",
title="Node Info Interval",
description="",
required_on_create=True,
required_on_edit=False))
arguments.append(
smi.Argument("collect_mesh_info_",
title="Collect Mesh Info?",
description="",
required_on_create=False,
required_on_edit=False))
arguments.append(
smi.Argument("mesh_info_interval",
title="Mesh Info Interval",
description="",
required_on_create=True,
required_on_edit=False))
return arguments
def get_scheme(self):
scheme = smi.Scheme("Zenoss Events")
scheme.description = "Modular input to pull events from Zenoss API"
scheme.use_external_validation = True
scheme.use_single_instance = False
zenoss_username = smi.Argument("zenoss_username")
zenoss_username.data_type = smi.Argument.data_type_string
zenoss_username.required_on_edit = True
zenoss_username.required_on_create = True
scheme.add_argument(zenoss_username)
zenoss_realm = smi.Argument("zenoss_realm")
zenoss_realm.data_type = smi.Argument.data_type_string
zenoss_realm.required_on_edit = False
zenoss_realm.required_on_create = False
scheme.add_argument(zenoss_realm)
zenoss_server = smi.Argument("zenoss_server")
zenoss_server.data_type = smi.Argument.data_type_string
zenoss_server.required_on_edit = True
zenoss_server.required_on_create = True
scheme.add_argument(zenoss_server)
no_ssl_cert_check = smi.Argument("no_ssl_cert_check")
no_ssl_cert_check.data_type = smi.Argument.data_type_boolean
no_ssl_cert_check.required_on_edit = True
no_ssl_cert_check.required_on_create = True
scheme.add_argument(no_ssl_cert_check)
cafile = smi.Argument("cafile")
cafile.data_type = smi.Argument.data_type_string
cafile.required_on_edit = False
cafile.required_on_create = False
scheme.add_argument(cafile)
device = smi.Argument("device")
device.data_type = smi.Argument.data_type_string
device.required_on_edit = False
device.required_on_create = False
scheme.add_argument(device)
tzone = smi.Argument("tzone")
tzone.data_type = smi.Argument.data_type_string
tzone.required_on_edit = False
tzone.required_on_create = False
scheme.add_argument(tzone)
start_date = smi.Argument("start_date")
start_date.data_type = smi.Argument.data_type_string
start_date.required_on_edit = False
start_date.required_on_create = False
scheme.add_argument(start_date)
index_closed = smi.Argument("index_closed")
index_closed.data_type = smi.Argument.data_type_boolean
index_closed.required_on_edit = False
index_closed.required_on_create = False
scheme.add_argument(index_closed)
index_cleared = smi.Argument("index_cleared")
index_cleared.data_type = smi.Argument.data_type_boolean
index_cleared.required_on_edit = False
index_cleared.required_on_create = False
scheme.add_argument(index_cleared)
index_archived = smi.Argument("index_archived")
index_archived.data_type = smi.Argument.data_type_boolean
index_archived.required_on_edit = False
index_archived.required_on_create = False
scheme.add_argument(index_archived)
index_suppressed = smi.Argument("index_suppressed")
index_suppressed.data_type = smi.Argument.data_type_boolean
index_suppressed.required_on_edit = False
index_suppressed.required_on_create = False
scheme.add_argument(index_suppressed)
index_repeats = smi.Argument("index_repeats")
index_repeats.data_type = smi.Argument.data_type_boolean
index_repeats.required_on_edit = False
index_repeats.required_on_create = False
scheme.add_argument(index_repeats)
archive_threshold = smi.Argument("archive_threshold")
archive_threshold.data_type = smi.Argument.data_type_string
archive_threshold.required_on_edit = False
archive_threshold.required_on_create = False
scheme.add_argument(archive_threshold)
checkpoint_delete_threshold = smi.Argument(
"checkpoint_delete_threshold")
checkpoint_delete_threshold.data_type = smi.Argument.data_type_string
checkpoint_delete_threshold.required_on_edit = False
checkpoint_delete_threshold.required_on_create = False
scheme.add_argument(checkpoint_delete_threshold)
proxy_uri = smi.Argument("proxy_uri")
proxy_uri.data_type = smi.Argument.data_type_string
proxy_uri.required_on_edit = False
proxy_uri.required_on_create = False
scheme.add_argument(proxy_uri)
proxy_username = smi.Argument("proxy_username")
proxy_username.data_type = smi.Argument.data_type_string
proxy_username.required_on_edit = False
proxy_username.required_on_create = False
scheme.add_argument(proxy_username)
proxy_realm = smi.Argument("proxy_realm")
proxy_realm.data_type = smi.Argument.data_type_string
proxy_realm.required_on_edit = False
proxy_realm.required_on_create = False
scheme.add_argument(proxy_realm)
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = super(ModInputjamfcomputers, self).get_scheme()
scheme.title = ("JamfComputers")
scheme.description = ("Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu.")
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.add_argument(smi.Argument("name", title="Name",
description="",
required_on_create=True))
"""
For customized inputs, hard code the arguments here to hide argument detail from users.
For other input types, arguments should be get from input_module. Defining new input types could be easier.
"""
scheme.add_argument(smi.Argument("name_of_the_modular_input", title="Name of the Modular Input",
description="",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(smi.Argument("jss_url", title="JSS URL",
description="",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(smi.Argument("jss_username", title="Username",
description="",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(smi.Argument("jss_password", title="Password",
description="",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(smi.Argument("excludeNoneManaged", title="Exclude Non Managed Devices",
description="If a device is not managed Exclude it",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(smi.Argument("sections", title="Sections",
description="General and User_and_Location are included by default: Excluded are Fonts, Services, Package Receipts, Content Caching, iBeacons, Plugins, and Attachments.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(smi.Argument("days_since_contact", title="Days Since Contact",
description="Exclude devices that haven\'t been contacted in the above days. Suggest 7, 14, 30, 90 days. Refer to your own environment. 0 = Unlimited",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(smi.Argument("event_time_format", title="Event Time format",
description="Write the \"TIME\" field as either when the device inventoried, was last contacted, or when the Script runs",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(smi.Argument("host_as_device_name", title="Host as Device Name",
description="Writes the devices name as the Host Name.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(smi.Argument("use_proxy", title="Use proxy",
description="Use the System or Per-App Proxy",
required_on_create=False,
required_on_edit=False))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = super(ModInputjamf, self).get_scheme()
scheme.title = ("jamf")
scheme.description = (
"Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu."
)
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.add_argument(
smi.Argument("name",
title="Name",
description="",
required_on_create=True))
"""
For customized inputs, hard code the arguments here to hide argument detail from users.
For other input types, arguments should be get from input_module. Defining new input types could be easier.
"""
scheme.add_argument(
smi.Argument("name_of_the_modular_input",
title="Name of the Modular Input",
description="Unique Input Name for the data",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument("jss_url",
title="JSS URL",
description="Base URL for JAMF instance",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument("username",
title="Username",
description="",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument("password",
title="Password",
description="",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument("api_call",
title="API Call Name",
description="API Call Name",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"search_name",
title="Search Name",
description=
"Preconfigured Advanced Search to call or Custom API call, refer to documentation",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument("custom_host_name",
title="Custom Host Name",
description="",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument("custom_index_name",
title="Custom Index Name",
description="",
required_on_create=False,
required_on_edit=False))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = smi.Scheme("AWS CloudTrail")
scheme.description = (
"Collect and index log files produced by AWS CloudTrail."
" CloudTrail logging must be enabled and published to SNS topics and an SQS queue."
)
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.use_single_instance = False
# defaults != documented scheme defaults, so I'm being explicit.
scheme.add_argument(
smi.Argument(
"name",
title="Name",
description="Choose an ID or nickname for this configuration",
required_on_create=True))
scheme.add_argument(
smi.Argument("aws_account",
title="AWS Account",
description="AWS account",
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument(
"aws_region",
title="SQS Queue Region",
description=
("Name of the AWS region in which the"
" notification queue is located. Regions should be entered as"
" e.g., us-east-1, us-west-2, eu-west-1, ap-southeast-1, etc."
),
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument(
"sqs_queue",
title="SQS Queue Name",
description=
("Name of queue to which notifications of new CloudTrail"
" logs are sent. CloudTrail logging should be configured to"
" publish to an SNS topic. The queue should be subscribed"
" to the topics that notify of the desired logs. (Note that"
" multiple topics from different regions can publish to a single"
" queue if desired.)"),
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument(
"exclude_describe_events",
title="Exclude \"Describe*\" events",
description=(
"Do not index \"Describe\" events. These events typically"
" constitute a high volume of calls, and indicate"
" read-only requests for information."),
data_type=smi.Argument.data_type_boolean,
required_on_create=False))
scheme.add_argument(
smi.Argument(
"remove_files_when_done",
title="Remove log files when done",
description=(
"Delete log files from the S3 bucket once they have been"
"read and sent to the Splunk index"),
data_type=smi.Argument.data_type_boolean,
required_on_create=False))
scheme.add_argument(
smi.Argument(
"blacklist",
title="Blacklist for Describe events",
description=
("PCRE regex for specifying event names to be excluded. Leave blank"
" to use the default set of read-only event names"),
required_on_create=False))
scheme.add_argument(
smi.Argument(
"excluded_events_index",
title="Excluded events index",
description=
("Optional index in which to write the excluded events. Leave blank"
" to use the default of simply deleting events. Specified indexes"
" must be created in Splunk for this to be effective."),
required_on_create=False))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = smi.Scheme("AWS S3")
scheme.description = ("Collect and index log files stored in AWS S3.")
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.use_single_instance = False
scheme.add_argument(
smi.Argument(
"name",
title="Name",
description="Choose an ID or nickname for this configuration",
required_on_create=True))
scheme.add_argument(
smi.Argument("aws_account",
title="AWS Account",
description="AWS account",
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument("bucket_name",
title="Bucket Name",
description="Bucket name",
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument("key_name",
title="Key Name",
description="Key name",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"recursion_depth",
title="Recursion Depth",
description=
"Only applies if key_name is a folder prefix (e.g., \"path/\")",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument("initial_scan_datetime",
title="Initital Scan DateTime",
description="Initial scan datetime.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument("max_items",
title="Max Items",
description="Max trackable items.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"max_retries",
title="Max Item Retries",
description=
"Max number of retry attempts to stream incomplete items.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument("whitelist",
title="Whitelist Regex",
description="Whitelist",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument("blacklist",
title="Blacklist Regex",
description="Blacklist",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument("host_name",
title="S3 host name",
description="S3 host name",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument("is_secure",
title="whether to use secure connection",
description="whether to use secure connection",
required_on_create=False,
required_on_edit=False))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = smi.Scheme("AWS CloudWatch")
scheme.description = (
"Collect and index metrics produced by AWS CloudWatch.")
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.use_single_instance = True
# defaults != documented scheme defaults, so I'm being explicit.
scheme.add_argument(
smi.Argument(
"name",
title="Name",
description="Choose an ID or nickname for this configuration",
required_on_create=True))
scheme.add_argument(
smi.Argument("aws_account",
title="AWS Account",
description="AWS account",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"aws_region",
title="AWS CloudWatch Region",
description=
("Name of the AWS region in which the metrics are located."
" Regions should be entered as"
" e.g., us-east-1, us-west-2, eu-west-1, ap-southeast-1, etc."
),
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument("metric_namespace",
title="AWS CloudWatch Metric Namespace",
description="Name of the AWS Metric Namespace.",
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument("metric_names",
title="AWS CloudWatch Metric Names",
description="Names of the AWS Metrics.",
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument("metric_dimensions",
title="AWS CloudWatch Dimensions",
description="JSON encoded",
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument(
"statistics",
title="AWS CloudWatch Metric Statistics Being Requested",
description=("List of valid values (JSON encoded):"
" Average, Sum, SampleCount, Maximum, Minimum"),
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument(
"period",
title="AWS CloudWatch Metric Granularity",
description=
("The period in seconds. Must be at least 60 seconds, and a"
" multiple of 60. The default value is 300. The maximum is 21600"
),
required_on_create=True,
required_on_edit=True))
scheme.add_argument(
smi.Argument(
"polling_interval",
title="AWS CloudWatch Minimum Polling Interval",
description=(
"The period in seconds. Must be a multiple of period."
" The default is the value of period. The maximum is 21600."
),
required_on_create=True,
required_on_edit=True))
return scheme
def get_scheme(self):
"""overloaded splunklib modularinput method"""
scheme = super(ModInputjamfmobiledevices, self).get_scheme()
scheme.title = ("jamfMobileDevices")
scheme.description = (
"Go to the add-on\'s configuration UI and configure modular inputs under the Inputs menu."
)
scheme.use_external_validation = True
scheme.streaming_mode_xml = True
scheme.add_argument(
smi.Argument("name",
title="Name",
description="",
required_on_create=True))
"""
For customized inputs, hard code the arguments here to hide argument detail from users.
For other input types, arguments should be get from input_module. Defining new input types could be easier.
"""
scheme.add_argument(
smi.Argument("jssUrl",
title="Jamf Pro URL",
description="",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument("jssUsername",
title="Jamf Pro Service Account",
description="",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument("jssPassword",
title="Jamf Pro Service Secret",
description="",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(
smi.Argument("platforms",
title="OS Platforms",
description="Which Platforms to collect",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"excludeNoneManaged",
title="Exclude None Managed",
description=
"Exclude devices not marked as Managed (don\'t collect)",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument(
"daysSinceContact",
title="daysSinceContact",
description=
"Devices older than this without contact will be excluded, 0= Infinity",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(
smi.Argument("sections",
title="Device Details to Post",
description="",
required_on_create=False,
required_on_edit=False))
return scheme
