def index(self, app, **params): # request param cast/defaults offset = int(params.get('offset', 0)) count = int(params.get('count', 25)) alerts_app = getArgValue('eai:acl.app', params, app) alerts_user = urllib.unquote_plus(getArgValue('eai:acl.owner', params, '-')) # fired alerts search filters search_params = ['severity', 'search'] search_string = [] for key in search_params: value = params.get(key) if value and value != '*': if key=='search': search_string.append('%s' % value) else: search_string.append('%s="%s"' % (key, urllib.unquote_plus(value))) # fired alerts query if not 'alerts_id' in params: fired_alerts = FiredAlert.all() else: fired_alerts = FiredAlert.get_alerts(urllib.unquote_plus(params.get('alerts_id'))) # augment query with search if len(search_string) > 0: fired_alerts = fired_alerts.search(' '.join(search_string)) # augment query with app or user filters fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(alerts_user) fired_alerts._count_per_req = count if 'sort_by' in params or 'sort_dir' in params: fired_alerts = fired_alerts.order_by(params.get('sort_by', 'trigger_time'), sort_dir=params.get('sort_dir', 'desc')) # fired alert summary information fired_alert_summary = FiredAlertSummary.all().filter_by_app(alerts_app).filter_by_user(alerts_user) fired_alert_summary._count_per_req = count # apps listings apps = App.all().filter(is_disabled=False) # users listings users = User.all() max_users = 250 users._count_per_req = max_users users = users[:max_users] # paginator pager = paginator.Google(fired_alerts.get_total(), max_items_page=count, item_offset=offset) app_label=splunk.bundle.getConf('app', namespace=app)['ui'].get('label') # view variables template_args = dict(app=alerts_app, apps=apps, users=users, count=count, fired_alerts=fired_alerts, fired_alert_summary=fired_alert_summary, offset=offset, pager=pager, app_label=app_label) return self.render_template('alerts/index.html', template_args)
def delete(self, app, action, id=None, **params): if isinstance(id, list): for idx in id: try: FiredAlert.get(idx).delete() except: logger.warn('Could not delete fired alert: %s' % idx) elif isinstance(id, basestring): try: FiredAlert.get(id).delete() except: logger.warn('Could not delete fired alert: %s' % id) raise cherrypy.HTTPRedirect(self.make_url(['alerts', app]) + '?%s' % cherrypy.request.query_string, 303)
def delete(self, app, action, id=None, **params): if isinstance(id, list): for idx in id: try: FiredAlert.get(idx).delete() except: logger.warn('Could not delete fired alert: %s' % idx) elif isinstance(id, basestring): try: FiredAlert.get(id).delete() except: logger.warn('Could not delete fired alert: %s' % id) raise cherrypy.HTTPRedirect( self.make_url(['alerts', app]) + '?%s' % cherrypy.request.query_string, 303)
def index(self, app, **params): # request param cast/defaults offset = int(params.get('offset', 0)) count = int(params.get('count', 25)) alerts_app = getArgValue('eai:acl.app', params, app) alerts_user = urllib.unquote_plus( getArgValue('eai:acl.owner', params, '-')) # fired alerts search filters search_params = ['severity', 'search'] search_string = [] for key in search_params: value = params.get(key) if value and value != '*': if key == 'search': search_string.append('%s' % value) else: search_string.append('%s="%s"' % (key, urllib.unquote_plus(value))) # fired alerts query if not 'alerts_id' in params: fired_alerts = FiredAlert.all() else: fired_alerts = FiredAlert.get_alerts( urllib.unquote_plus(params.get('alerts_id'))) # augment query with search if len(search_string) > 0: fired_alerts = fired_alerts.search(' '.join(search_string)) # augment query with app or user filters fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user( alerts_user) fired_alerts._count_per_req = count if 'sort_by' in params or 'sort_dir' in params: fired_alerts = fired_alerts.order_by( params.get('sort_by', 'trigger_time'), sort_dir=params.get('sort_dir', 'desc')) # fired alert summary information fired_alert_summary = FiredAlertSummary.all().filter_by_app( alerts_app).filter_by_user(alerts_user) fired_alert_summary._count_per_req = count try: fired_alert_summary[0] except Exception, e: if e.statusCode == 402: return self.render_template('admin/402.html', {'feature': _('Alerting')})
def sid(self, app, action, sid, **kwargs): ''' return details for a specific alertevent''' alertevent = None output = None user = cherrypy.session['user']['name'] host_app = cherrypy.request.path_info.split('/')[3] try: job = splunk.search.getJob(sid) #for r in job.results: # logger.debug("results %s" % r) fired = FiredAlert.all() fired = fired.search('sid=%s' % sid)[0] hosts = sorted(list({str(x.get('host')) for x in job.results if x.get('hosts')})) alertevent = {'alert_name': job.label, 'time': fired.trigger_time, 'description': fired.savedsearch_name, 'severity': fired.severity, 'hosts': hosts, 'sid': sid, 'et': job.earliestTime, 'lt': job.latestTime} logger.debug(alertevent) except Exception, ex: logger.exception(ex) logger.warn('problem retreiving alertevent %s' % id) raise cherrypy.HTTPRedirect(self._redirect(host_app, app, 'alertevent_not_found', sid=sid), 303)
def get_alerts(self): ''' Returns a SplunkQuerySet that can be used to access the alerts fired by this saved search, if no alerts have been fired this method will return None The SplunkQuerySet can be modified to include a search, custom ordering etc.. ''' alerts_id = self.entity.getLink('alerts') if alerts_id == None: return None from splunk.models.fired_alert import FiredAlert return FiredAlert.get_alerts(alerts_id)
def sid(self, app, action, sid, **kwargs): ''' return details for a specific alertevent''' alertevent = None output = None user = cherrypy.session['user']['name'] host_app = cherrypy.request.path_info.split('/')[3] try: job = splunk.search.getJob(sid) #for r in job.results: # logger.debug("results %s" % r) fired = FiredAlert.all() fired = fired.search('sid=%s' % sid)[0] hosts = sorted( list({ str(x.get('host')) for x in job.results if x.get('hosts') })) alertevent = { 'alert_name': job.label, 'time': fired.trigger_time, 'description': fired.savedsearch_name, 'severity': fired.severity, 'hosts': hosts, 'sid': sid, 'et': job.earliestTime, 'lt': job.latestTime } logger.debug(alertevent) except Exception, ex: logger.exception(ex) logger.warn('problem retreiving alertevent %s' % id) raise cherrypy.HTTPRedirect( self._redirect(host_app, app, 'alertevent_not_found', sid=sid), 303)
def index(self, app, **params): # request param cast/defaults offset = int(params.get('offset', 0)) count = int(params.get('count', 25)) alerts_app = getArgValue('eai:acl.app', params, app) alerts_user = urllib.unquote_plus( getArgValue('eai:acl.owner', params, '-')) # fired alerts search filters search_params = ['severity', 'search'] search_string = [] for key in search_params: value = params.get(key) if value and value != '*': if key == 'search': search_string.append('%s' % value) else: search_string.append('%s="%s"' % (key, urllib.unquote_plus(value))) # fired alerts query if not 'alerts_id' in params: fired_alerts = FiredAlert.all() else: fired_alerts = FiredAlert.get_alerts( urllib.unquote_plus(params.get('alerts_id'))) # augment query with search if len(search_string) > 0: fired_alerts = fired_alerts.search(' '.join(search_string)) # augment query with app or user filters fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user( alerts_user) fired_alerts._count_per_req = count if 'sort_by' in params or 'sort_dir' in params: fired_alerts = fired_alerts.order_by( params.get('sort_by', 'trigger_time'), sort_dir=params.get('sort_dir', 'desc')) # fired alert summary information fired_alert_summary = FiredAlertSummary.all().filter_by_app( alerts_app).filter_by_user(alerts_user) fired_alert_summary._count_per_req = count # apps listings apps = App.all().filter(is_disabled=False) # users listings users = User.all() max_users = 250 users._count_per_req = max_users users = users[:max_users] # paginator pager = paginator.Google(fired_alerts.get_total(), max_items_page=count, item_offset=offset) app_label = splunk.bundle.getConf('app', namespace=app)['ui'].get('label') # view variables template_args = dict(app=alerts_app, apps=apps, users=users, count=count, fired_alerts=fired_alerts, fired_alert_summary=fired_alert_summary, offset=offset, pager=pager, app_label=app_label) return self.render_template('alerts/index.html', template_args)