class SummaryActionField(StructuredField): ''' Represents the summary indexing configuration ''' enabled = BoolField('action.summary_index') _name = Field() inline = BoolField()
class Cluster(HDFSAppObjModel): resource = 'clusters' hadoop_home = Field() java_home = Field() uri = Field() namenode_http_port = IntField() authentication_mode = Field() authorization_mode = BoolField() kerberos_principal = Field() kerberos_service_principal = Field() auth_to_local = Field() ha = BoolField() hdfs_site = Field() def isSecure(self): return self.kerberos_principal != None and self.kerberos_principal != '' def isHaEnabled(self): return self.ha == 1 def getURI(self): if self.uri == None or self.uri.strip() == '': return 'hdfs://' + self.name return self.uri def isLocallyMounted(self): return self.getURI().startswith('file://')
class App(SplunkAppObjModel): ''' Represents a Splunk app ''' resource = 'apps/local' is_disabled = BoolField('disabled') is_configured = BoolField('configured') label = Field()
class ClusterMasterPeer(SplunkAppObjModel): ''' Represents a master's cluster peer state ''' resource = 'cluster/master/peers' active_bundle_id = Field(is_mutable=False) apply_bundle_status = DictField(is_mutable=False) base_generation_id = IntField(is_mutable=False) bucket_count = IntField(is_mutable=False) bucket_count_by_index = DictField(is_mutable=False) delayed_buckets_to_discard = ListField(is_mutable=False) fixup_set = ListField(is_mutable=False) host_port_pair = Field(is_mutable=False) is_searchable = BoolField(is_mutable=False) label = Field(is_mutable=False) last_heartbeat = EpochField(is_mutable=False) latest_bundle_id = Field(is_mutable=False) pending_job_count = IntField(is_mutable=False) primary_count = IntField(is_mutable=False) primary_count_remote = IntField(is_mutable=False) replication_count = IntField(is_mutable=False) replication_port = IntField(is_mutable=False) replication_use_ssl = BoolField(is_mutable=False) search_state_counter = DictField(is_mutable=False) site = Field(is_mutable=False) status = Field(is_mutable=False) status_counter = DictField(is_mutable=False)
class ScheduleField(StructuredField): ''' Represents splunk scheduler configuration for saved search objects ''' is_scheduled = BoolField('is_scheduled') cron_schedule = Field('cron_schedule') next_scheduled_time = Field('next_scheduled_time') run_on_startup = BoolField('run_on_startup')
class CookedTCPInput(SocketInput): resource = 'data/inputs/tcp/cooked' compressed = BoolField() enable_s2s_heartbeat = BoolField() input_shutdown_timeout = IntField() # TODO: cast to RouteField() route = Field() s2s_heartbeat_timeout = IntField()
class SSL(SplunkAppObjModel): resource = 'data/inputs/tpc/ssl' cipher_suite = Field(api_name='cipherSuite') require_client_cert = BoolField(api_name='requireClientCert') root_ca = Field(api_name='rootCA') server_cert = Field(api_name='serverCert') server_cert_password = Field(api_name='password') support_sslv3_only = BoolField(api_name='supportSSLVOnly')
class Macro(SplunkAppObjModel): ''' Provides object mapping for macro objects ''' resource = 'admin/macros' args = Field() definition = Field() disabled = BoolField(is_mutable=False) errormsg = Field() iseval = BoolField() validation = Field()
class WinEventLogInput(Input): resource = 'data/inputs/win-event-log-collections' checkpoint_interval = IntField(api_name='checkpointInterval') current_only = BoolField() evt_dc_name = Field() evt_dns_name = Field() evt_resolve_ad_obj = BoolField() logs = ListField() start_from = Field()
class App(SplunkAppObjModel): ''' Represents a Splunk app. ''' resource = 'apps/local' check_for_updates = BoolField() is_configured = BoolField(api_name='configured') is_disabled = BoolField('disabled') is_visible = BoolField(api_name='visible') label = Field() requires_restart = BoolField(api_name='state_change_requires_restart')
class EmailActionField(StructuredField): ''' Represents the email alert action configuration ''' enabled = BoolField('action.email') format = Field() inline = BoolField() sendresults = BoolField() to = Field() subject = Field() #TODO: use splunk.models.server_config.PDFConfig.is_enabled instead sendpdf = BoolField()
class MonitorInput(Input): resource = 'data/inputs/monitor' blacklist = Field() check_index = BoolField(api_name='check-index') check_path = BoolField(api_name='check-path') crc_salt = Field(api_name='crc-salt') follow_tail = BoolField(api_name='followTail') host_regex = Field() host_segment = Field() ignore_older_than = Field(api_name='ignore-older-than') recursive = BoolField() rename_source = Field(api_name='rename-source') whitelist = Field()
class DispatchField(StructuredField): ''' Represents the splunk search dispatch parameters ''' buckets = Field() earliest_time = Field() latest_time = Field() lookups = BoolField() max_count = Field() max_time = Field() reduce_freq = Field() spawn_process = BoolField() time_format = Field() ttl = Field()
class ClusterSearchheadGeneration(SplunkAppObjModel): ''' Represents a searchhead node's state ''' resource = 'cluster/searchhead/generation' generation_error = Field(is_mutable=False) generation_id = Field(is_mutable=False) generation_peers = DictField(is_mutable=False) is_searchable = BoolField(is_mutable=False) multisite_error = IntField(is_mutable=False) replication_factor_met = BoolField(is_mutable=False) search_factor_met = BoolField(is_mutable=False) status = BoolField(is_mutable=False) was_forced = BoolField(is_mutable=False)
class ScheduledView(SplunkAppObjModel): ''' Represents a Splunk saved search object ''' resource = 'scheduled/views' schedule = ScheduleField() action = ActionField() is_disabled = BoolField('disabled') #def _calc_actions_list(self): # actions_list = [] # if self.action.email.enabled: # actions_list.append('email') # # return actions_list #def _fill_entity(self, entity, fill_value=''): # super(SavedSearch, self)._fill_entity(entity, fill_value) # entity['actions'] = ' '.join(self._calc_actions_list()) def time_value(self, field): if field is not None: return field[:-1] return None def time_unit(self, field): if field is not None and len(field) > 1: return field[-1] return None
class Summarization(SplunkAppObjModel): ''' Represents an auto-summarization for a saved search ''' resource = 'admin/summarization' saved_searches = DictField('saved_searches', is_mutable=False) saved_searches_count = Field('saved_searches.count') buckets = Field('summary.buckets', is_mutable=False) complete = Field('summary.complete', is_mutable=False) hash = Field('summary.hash', is_mutable=False) regularHash = Field('summary.regularHash', is_mutable=False) normHash = Field('summary.normHash', is_mutable=False) unique_id = Field('summary.id', is_mutable=False) regular_id = Field('summary.regular_id', is_mutable=False) normalized_id = Field('summary.normalized_id', is_mutable=False) chunks = Field('summary.chunks', is_mutable=False) earliest_time = Field('summary.earliest_time', is_mutable=False) latest_time = Field('summary.latest_time', is_mutable=False) time_range = Field('summary.time_range', is_mutable=False) load_factor = Field('summary.load_factor', is_mutable=False) total_time = Field('summary.total_time', is_mutable=False) run_stats = ListField('summary.run_stats', is_mutable=False) last_error = ListField('summary.last_error', is_mutable=False) mod_time = Field('summary.mod_time', is_mutable=False) access_time = Field('summary.access_time', is_mutable=False) access_count = Field('summary.access_count', is_mutable=False) size = Field('summary.size', is_mutable=False) timespan = Field('summary.timespan', is_mutable=False) is_inprogress = BoolField('summary.is_inprogress', is_mutable=False) is_suspended = BoolField('summary.is_suspended', is_mutable=False) suspend_expiration = EpochField('summary.suspend_expiration', is_mutable=False) verification_buckets_failed = Field('verification_buckets_failed', is_mutable=False) verification_buckets_skipped = Field('verification_buckets_skipped', is_mutable=False) verification_buckets_passed = Field('verification_buckets_passed', is_mutable=False) verification_state = Field('verification_state', is_mutable=False) verification_time = Field('verification_time', is_mutable=False) verification_error = Field('verification_error', is_mutable=False) verification_progress = Field('verification_progress', is_mutable=False)
class ClusterMasterGeneration(SplunkAppObjModel): ''' Represents a master's generation info ''' resource = '/cluster/master/generation' generation_id = IntField(is_mutable=False) generation_peers = DictField(is_mutable=False) last_complete_generation_id = IntField(is_mutable=False) multisite_error = Field(is_mutable=False) pending_generation_id = IntField(is_mutable=False) pending_last_attempt = IntField(is_mutable=False) pending_last_reason = Field(is_mutable=False) replication_factor_met = BoolField(is_mutable=False) search_factor_met = BoolField(is_mutable=False) was_forced = BoolField(is_mutable=False)
class Headlines(SplunkAppObjModel): resource = 'scheadlines/sc_headlines' alert_name = Field() description = Field() label = Field() message = Field() disabled = BoolField()
class MonitorInput(Input): resource = 'data/inputs/monitor' always_open_file = BoolField() blacklist = Field() crc_salt = Field(api_name='crcSalt') file_count = IntField(api_name='filecount', is_mutable=False) follow_symlink = BoolField(api_name='followSymlink') follow_tail = BoolField() host_regex = Field() host_segment = Field() # TODO : cast to TimeField() ignore_older_than = Field() move_policy = Field() recursive = BoolField() time_before_close = IntField() whitelist = Field()
class ScheduleField(StructuredField): ''' Represents splunk scheduler configuration for scheduled view objects ''' is_scheduled = BoolField('is_scheduled') cron_schedule = Field('cron_schedule') next_scheduled_time = Field('next_scheduled_time')
class DataModels(SplunkAppObjModel): resource = 'data/models' name = Field() acl = Field(api_name='eai:acl') acceleration = BoolField() retention = Field(api_name='acceleration.earliest_time') cron = Field(api_name='acceleration.cron_schedule')
class SuppressAlertField(StructuredField): ''' Represents the suppression configuration for saved search alerting configuration ''' enabled = BoolField('alert.suppress') period = Field() fieldlist = Field('alert.suppress.fields')
class TAVMwareSyslogForwarderStanza(SOLNAppObjModel): ''' Provides object mapping for the syslog forwarder stanzas The conf file is for storing configuration information related to syslog forwarding. Note that by convention the name of stanzas must match the vc stanza in ta_vmware_collection.conf Field Meanings: status - boolean on/off switch for data collection validation_status - boolean indicating if validation has passed syslog_uri - csv list of target ssylog forwarders ''' resource = 'configs/conf-ta_vmware_syslog_forwarder' use_model_as_spec = True status = BoolField() validation_status = BoolField() uri = CSVField() config_status_msg = Field()
class SSLCertificate(SOLNAppObjModel): """ Provides object mapping for the SSL Certificate stanzas Field Meanings: disabled : boolean to store the state of ssl certificate validation """ resource = 'configs/conf-ta_vmware_config_ssl' use_model_as_spec = True validate_ssl_certificate = BoolField()
class Group(SplunkAppObjModel): ''' Represents a license group object ''' resource = 'licenser/groups' is_active = BoolField() stack_names = ListField(api_name='stack_ids', is_mutable=False)
class EventType(SplunkAppObjModel): ''' Represents a Splunk eventtype object. ''' resource = 'saved/eventtypes' description = Field() disabled = BoolField() search = Field()
class ClusterMasterBucket(SplunkAppObjModel): ''' Represents a master's cluster bucket state ''' resource = 'cluster/master/buckets' bucket_size = IntField(is_mutable=False) constrain_to_origin_site = BoolField(is_mutable=False) force_roll = BoolField(is_mutable=False) frozen = BoolField(is_mutable=False) index = Field(is_mutable=False) origin_site = Field(is_mutable=False) peers = DictField(is_mutable=False) primaries_by_site = DictField(is_mutable=False) rep_count_by_site = DictField(is_mutable=False) search_count_by_site = DictField(is_mutable=False) service_after_time = IntField(is_mutable=False) standalone = BoolField(is_mutable=False)
class TAVMwareCollectionScheduler(SOLNAppObjModel): """ Provides object mapping for the TA VMware Collection Scheduler present in inputs.conf Note that by convention the name of these stanzas must match the vc stanza in ta_vmware_collection.conf Field Meanings: disabled : boolean to store the state of Data collection """ resource = 'configs/conf-inputs' use_model_as_spec = True disabled = BoolField()
class AutoSummarizeField(StructuredField): ''' Represents the auto-summarrize related parameters ''' enabled = BoolField('auto_summarize') can_summarize = Field(is_mutable=False) is_good_summarization_candidate = Field(is_mutable=False) cron_schedule = Field() earliest_time = Field('auto_summarize.dispatch.earliest_time') latest_time = Field('auto_summarize.dispatch.latest_time') timespan = Field(is_mutable=False)
class Slave(SplunkAppObjModel): ''' Represents a Splunk license slave server ''' resource = 'licenser/slaves' added_usage_parsing_warnings = BoolField() pool_names = ListField(api_name='pool_ids', is_mutable=False) stack_names = ListField(api_name='stack_ids', is_mutable=False) warning_count = IntField() label = Field()