import os.path as op
import sys
import time
import splunktalib.modinput as modinput
import splunktalib.common.util as utils
import splunktaucclib.common.log as stulog
from splunktaucclib.data_collection import ta_data_loader as dl
from splunktaucclib.data_collection import ta_config as tc
from splunktaucclib.data_collection import ta_checkpoint_manager as cpmgr
import splunktalib.orphan_process_monitor as opm
import splunktalib.file_monitor as fm
from splunktaucclib.common import load_schema_file as ld
from splunktaucclib.data_collection import ta_data_client as tdc
utils.remove_http_proxy_env_vars()
def do_scheme(ta_short_name,
ta_name,
schema_para_list=None,
single_instance=True):
"""
Feed splunkd the TA's scheme
"""
param_str = ""
builtsin_names = {
"name", "index", "sourcetype", "host", "source", "disabled"
}
"""
Get index list in SPlunk server.
"""
import ta_tenable_import_declare
import json
import logging
from splunk import admin, rest
from splunktaucclib.rest_handler import util, error_ctl
from splunktalib.common import util as common_util
common_util.remove_http_proxy_env_vars()
class IndexHandler(admin.MConfigHandler):
def setup(self):
return
def user_app(self):
app = self.context != admin.CONTEXT_NONE and self.appName or "-"
user = self.context == admin.CONTEXT_APP_AND_USER and \
self.userName or "nobody"
return user, app
def handleList(self, confInfo):
user, app = self.user_app()
try:
url = '{uri}/servicesNS/{user}/{app}/data/indexes' \
'?output_mode=json&search=isInternal=0+disabled=0&count=-1' \
def main():
util.remove_http_proxy_env_vars()
logger.setLevel(logging.INFO)
logging.setup_root_logger(app_name=splunk_ta_aws, modular_name='sns_alert_modular')
AwsSnsModularAlert(logger, parse()).run()
import time
from splunktalib.common import log
import pubsub_mod.google_pubsub_consts as gpc
logger = log.Logs(gpc.pubsub_ns).get_logger("main")
import splunktalib.common.util as utils
import splunktalib.common.pattern as gcp
import splunktalib.orphan_process_monitor as opm
import google_concurrent_data_loader as gcdl
import google_ta_common.ta_common as tacommon
import pubsub_mod.google_pubsub_conf as psconf
utils.remove_http_proxy_env_vars()
utils.disable_stdout_buffer()
def print_scheme():
title = "Splunk AddOn for Google"
description = "Collect and index PubSub data for Google"
tacommon.print_scheme(title, description)
@gcp.catch_all(logger)
def run():
"""
Main loop. Run this TA forever
"""
def run(ucc_setting):
"""
Splunk TA Modualr Input entry.
"""
# Clean http proxy environ
utils.remove_http_proxy_env_vars()
# Set log level
stulog.set_log_level("INFO")
meta_configs, _ = modinput.get_modinput_configs_from_stdin()
server_info = sc.ServerInfo(meta_configs["server_uri"],
meta_configs["session_key"])
if server_info.is_shc_member() and not server_info.is_captain():
# In SHC env, only captain is able to refresh all tokens
stulog.logger.info("message=\"{title} will exit\" "
"detail_info=\"This search header is not captain\""
.format(title=ucc_setting["title"]))
return
app_name = ssp.get_appname_from_path(
os.path.abspath(_get_modular_input_file()))
assert app_name, UCCServerException("app_name is None.")
ucc_config = UCCConfig(splunkd_uri=meta_configs["server_uri"],
session_key=meta_configs["session_key"],
schema=json.dumps(ucc_setting["config"]),
user="******",
app=app_name)
ucc_config_loader = UCCServerConfigLoader(
ucc_config,
id_locator=ucc_setting["meta.id"],
logging_locator=ucc_setting["meta.logging"],
local_forwarder_locator=ucc_setting["meta.local_forwarder"],
forwarders_snapshot_locator=ucc_setting["meta.forwarder_snapshot"],
dispatch_snapshot_locator=ucc_setting["meta.dispatch_snapshot"])
ucc_server_id = ucc_config_loader.get_ucc_server_id(create_if_empty=False)
if not ucc_server_id and not server_info.is_shc_member():
ucc_config_loader.enable_local_forwarder()
# force to get again
ucc_server_id = ucc_config_loader.get_ucc_server_id(create_if_empty=True)
ucc_server = UCCServer(
meta_configs["server_uri"],
meta_configs["session_key"],
ucc_config_loader.load_ucc_server_input,
[_get_local_conf_dir() + _file for _file in
ucc_setting["monitor_file"]],
ucc_setting["filter"],
ucc_setting["division"],
ucc_setting["dispatch"],
ucc_config_loader.get_forwarders_snapshot,
ucc_config_loader.update_forwarders_snapshot,
ucc_config_loader.get_dispatch_snapshot,
ucc_config_loader.update_dispatch_snapshot,
ucc_server_id,
get_log_level_callback=ucc_config_loader.get_ucc_server_log_level)
# Setup signal handler
_setup_signal(ucc_server, ucc_setting)
# Start ucc server
ucc_server.start()
