def test_checks(self):
self.maxDiff = None
config = {
'init_config': {
'default_restart_history_time_seconds': 3600,
'default_max_query_chunk_seconds': 3600
},
'instances': [
{
'url': 'http://localhost:13001',
'username': "******",
'password': "******",
'saved_searches': [{
"name": "empty",
"parameters": {},
'max_restart_history_seconds': 3600,
'max_query_chunk_seconds': 3600
}],
'tags': ["checktag:checktagvalue"]
}
]
}
# Used to validate which searches have been executed
test_data = {
"time": 0,
"earliest_time": ""
}
def _mocked_current_time_seconds():
return test_data["time"]
def _mocked_dispatch_saved_search_dispatch(*args, **kwargs):
earliest_time = args[2]['dispatch.earliest_time']
if test_data["earliest_time"] != "":
self.assertEquals(earliest_time, test_data["earliest_time"])
return "empty"
test_mocks = {
'_auth_session': _mocked_auth_session,
'_dispatch': _mocked_dispatch_saved_search_dispatch,
'_search': _mocked_search,
'_current_time_seconds': _mocked_current_time_seconds,
'_saved_searches': _mocked_saved_searches
}
# Initial run with initial time
test_data["time"] = time_to_seconds('2017-03-08T00:00:00.000000+0000')
test_data["earliest_time"] = '2017-03-08T00:00:00.000000+0000'
self.run_check(config, mocks=test_mocks)
self.assertEqual(len(self.events), 0)
# Restart check and recover data, taking into account the max restart history
test_data["time"] = time_to_seconds('2017-03-08T12:00:00.000000+0000')
test_data["earliest_time"] = '2017-03-08T11:00:00.000000+0000'
test_data["latest_time"] = '2017-03-08T11:00:00.000000+0000'
self.run_check(config, mocks=test_mocks, force_reload=True)
def _extract_telemetry(self, saved_search, instance, result, sent_already):
for data in result["results"]:
# We need a unique identifier for splunk events, according to https://answers.splunk.com/answers/334613/is-there-a-unique-event-id-for-each-event-in-the-i.html
# this can be (server, index, _cd)
try:
if not saved_search.unique_key_fields: # empty list, whole record
current_id = tuple(data)
else:
current_id = tuple(
data[field]
for field in saved_search.unique_key_fields)
timestamp = time_to_seconds(take_required_field("_time", data))
if timestamp > saved_search.last_observed_timestamp:
saved_search.last_observed_telemetry = {current_id
} # make a new set
saved_search.last_observed_timestamp = timestamp
elif timestamp == saved_search.last_observed_timestamp:
saved_search.last_observed_telemetry.add(current_id)
if current_id in sent_already:
continue
telemetry = saved_search.retrieve_fields(data)
event_tags = [
"%s:%s" % (key, value)
for key, value in self._filter_fields(data).iteritems()
]
event_tags.extend(instance.tags)
telemetry.update({"tags": event_tags, "timestamp": timestamp})
yield telemetry
except Exception:
yield None
def test_checks(self):
self.maxDiff = None
config = {
'init_config': {
},
'instances': [
{
'url': 'http://localhost:13001',
'username': "******",
'password': "******",
'saved_searches': [{
"name": "events",
"parameters": {},
}],
'tags': ["checktag:checktagvalue"]
}
]
}
# Used to validate which searches have been executed
test_data = {
"time": 0,
"earliest_time": ""
}
def _mocked_current_time_seconds():
return test_data["time"]
def _mocked_dispatch_saved_search_dispatch(*args, **kwargs):
earliest_time = args[2]['dispatch.earliest_time']
if test_data["earliest_time"] != "":
self.assertEquals(earliest_time, test_data["earliest_time"])
return "events"
test_mocks = {
'_auth_session': _mocked_auth_session,
'_dispatch': _mocked_dispatch_saved_search_dispatch,
'_search': _mocked_minimal_search,
'_current_time_seconds': _mocked_current_time_seconds,
'_saved_searches': _mocked_saved_searches
}
self.collect_ok = False
# Run the check, collect will fail
test_data["time"] = time_to_seconds('2017-03-08T11:00:00.000000+0000')
test_data["earliest_time"] = '2017-03-08T11:00:00.000000+0000'
self.run_check(config, mocks=test_mocks)
self.assertEqual(len(self.events), 2)
# Make sure we keep the same start time
self.run_check(config, mocks=test_mocks)
def test_checks(self):
self.maxDiff = None
config = {
'init_config': {
'default_initial_history_time_seconds': 86400,
'default_max_query_chunk_seconds': 3600
},
'instances': [{
'url':
'http://localhost:13001',
'username':
"******",
'password':
"******",
'saved_searches': [{
"name": "empty",
"parameters": {},
'max_initial_history_seconds': 86400,
'max_query_chunk_seconds': 3600
}],
'tags': ["checktag:checktagvalue"]
}]
}
# Used to validate which searches have been executed
test_data = {"time": 0, "earliest_time": "", "latest_time": ""}
def _mocked_current_time_seconds():
return test_data["time"]
def _mocked_dispatch_saved_search_dispatch(*args, **kwargs):
earliest_time = args[2]['dispatch.earliest_time']
if test_data["earliest_time"] != "":
self.assertEquals(earliest_time, test_data["earliest_time"])
if test_data["latest_time"] is None:
self.assertTrue('dispatch.latest_time' not in args[2])
elif test_data["latest_time"] != "":
self.assertEquals(args[2]['dispatch.latest_time'],
test_data["latest_time"])
return "events"
test_mocks = {
'_auth_session': _mocked_auth_session,
'_dispatch': _mocked_dispatch_saved_search_dispatch,
'_search': _mocked_minimal_search,
'_current_time_seconds': _mocked_current_time_seconds,
'_saved_searches': _mocked_saved_searches
}
test_data["time"] = time_to_seconds('2017-03-09T00:00:00.000000+0000')
# Gather initial data
for slice_num in range(0, 23):
test_data["earliest_time"] = '2017-03-08T%s:00:00.000000+0000' % (
str(slice_num).zfill(2))
test_data["latest_time"] = '2017-03-08T%s:00:00.000000+0000' % (
str(slice_num + 1).zfill(2))
self.run_check(config, mocks=test_mocks)
self.assertTrue(
self.continue_after_commit,
"As long as we are not done with history, the check should continue"
)
# Now continue with real-time polling (earliest time taken from last event)
test_data["earliest_time"] = '2017-03-08T23:00:00.000000+0000'
test_data["latest_time"] = None
self.run_check(config, mocks=test_mocks)
self.assertEqual(len(self.events), 2)
self.assertFalse(
self.continue_after_commit,
"As long as we are not done with history, the check should continue"
)
def test_checks(self):
self.maxDiff = None
config = {
'init_config': {},
'instances': [{
'url':
'http://localhost:13001',
'username':
"******",
'password':
"******",
'saved_searches': [{
"name": "poll",
"parameters": {},
"batch_size": 2
}],
'tags': ["checktag:checktagvalue"]
}]
}
# Used to validate which searches have been executed
test_data = {
"expected_searches": ["poll"],
"sid": "",
"time": 0,
"earliest_time": "",
"throw": False
}
def _mocked_current_time_seconds():
return test_data["time"]
def _mocked_polling_search(*args, **kwargs):
sid = args[0]
count = args[1].batch_size
return json.loads(
Fixtures.read_file("batch_%s_seq_%s.json" % (sid, count),
sdk_dir=FIXTURE_DIR))
def _mocked_dispatch_saved_search_dispatch(*args, **kwargs):
if test_data["throw"]:
raise CheckException("Is broke it")
earliest_time = args[2]['dispatch.earliest_time']
if test_data["earliest_time"] != "":
self.assertEquals(earliest_time, test_data["earliest_time"])
return test_data["sid"]
test_mocks = {
'_auth_session': _mocked_auth_session,
'_dispatch': _mocked_dispatch_saved_search_dispatch,
'_search': _mocked_polling_search,
'_current_time_seconds': _mocked_current_time_seconds,
'_saved_searches': _mocked_saved_searches
}
# Initial run
test_data["sid"] = "poll"
test_data["time"] = time_to_seconds("2017-03-08T18:29:59.000000+0000")
self.run_check(config, mocks=test_mocks)
self.assertEqual(len(self.events), 4)
self.assertEqual([e['event_type'] for e in self.events],
["0_1", "0_2", "1_1", "1_2"])
# respect earliest_time
test_data["sid"] = "poll1"
test_data["earliest_time"] = '2017-03-08T18:29:59.000000+0000'
self.run_check(config, mocks=test_mocks)
self.assertEqual(len(self.events), 1)
self.assertEqual([e['event_type'] for e in self.events], ["2_1"])
# Throw exception during search
test_data["throw"] = True
thrown = False
try:
self.run_check(config, mocks=test_mocks)
except CheckException:
thrown = True
self.assertTrue(thrown,
"Expect thrown to be done from the mocked search")
self.assertEquals(
self.service_checks[1]['status'], 2,
"service check should have status AgentCheck.CRITICAL")
