def validate_input_meta(self, action, **params): ''' post body: { "uuid": uuid // first time to create the input, no uuid yet "name": name, "title": title, "description": description, "type": type, "sourcetype": sourcetype, "interval": interval, } ''' session_key = cherrypy.session.get("sessionKey") splunkd_uri = scc.getMgmtUri() input_builder = builder_ta_input.TAInputBuilder( controller_util.get_current_ta_project(), splunkd_uri, session_key) alert_builder = builder_ta_alert.TAAlertBuilder( controller_util.get_current_ta_project(), splunkd_uri, session_key) input_builder.set_alert_builder(alert_builder) cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) meta = json.loads(raw_body) response = {} try: input_builder.validate_input_name_and_sourcetype(meta) response['validate_result'] = 'success' except CommonException as ce: logger.error('Validate input meta fails. %s', traceback.format_exc()) response['err_code'] = ce.get_err_code() response['err_args'] = ce.get_options() return self.render_json(response)
def create_eval(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() appname = controller_util.get_current_ta_project() sourcetypes = params['sourcetypes'] output_field = params['output_field'] expression = params['expression'] search = params['search'] try: builder = TACIMBuilder(appname, splunk_uri, session) res = builder.update_eval(sourcetypes, output_field, expression, search, check_exist=True) return self.render_json({"data": res}) except CommonException as e: logger.error( 'Get CommonException when creating eval. meta:%s, error:%s', params, traceback.format_exc()) return self.render_json({ 'err_code': e.get_err_code(), 'err_args': e.get_options() }) except Exception as e: logger.error("Cannot create eval %s. error: %s", expression, traceback.format_exc()) raise e
def code_run(self, action, **params): # check the role of current user, only admin can run code username = cherrypy.session.get('user').get('name') session_key = cherrypy.session.get("sessionKey") splunkd_uri = scc.getMgmtUri() service = common_util.create_splunk_service(session_key, splunkd_uri) params = None try: r = app_util.is_user_allow_to_create_ta(username, service) if r: # if getting error code, just render it return self.render_json(r) cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) # params is the meta for this input appname = controller_util.get_current_ta_project() input_builder = builder_ta_input.TAInputBuilder( appname, splunkd_uri, session_key) dryrun_result = input_builder.dryrun_modinput_code(params) return self.render_json(dryrun_result) except CommonException as ce: logger.error('Fail to dryrun data input. meta:%s, error:%s', params, traceback.format_exc()) return self.render_json({'err_code': ce.get_err_code(), 'err_args': ce.get_options()})
def global_settings(self, resource, **params): session_key = cherrypy.session.get("sessionKey") splunkd_uri = scc.getMgmtUri() tabuilder = builder.TABuilder(controller_util.get_current_ta_project(), splunkd_uri, session_key) if cherrypy.request.method == 'GET': global_settings = tabuilder.get_global_settings() if global_settings is None: global_settings = {} return self.render_json(global_settings) elif cherrypy.request.method == 'POST': cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) try: # did some clean up in case frontend does not clean it up if 'customized_settings' in params and len( params['customized_settings']) == 0: del params['customized_settings'] logger.info("global settings params are : %s", params) tabuilder.update_global_settings(params) return self.render_json({"status": "success"}) except CommonException as e: logger.error("fail to save global settings. Error: %s", traceback.format_exc()) return self.render_json({ 'err_code': e.get_err_code(), 'err_args': e.get_options() }) except Exception as e: logger.error("fail to save global settings. Error: %s", traceback.format_exc()) raise e
def delete_alias(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() appname = controller_util.get_current_ta_project() sourcetype = params['sourcetype'] input_field = params['input_field'] output_field = params['output_field'] search = params["search"] try: builder = TACIMBuilder(appname, splunk_uri, session) res = builder.delete_alias(sourcetype, output_field, input_field, search) return self.render_json({"data": res}) except CommonException as e: logger.error( 'Get CommonException when deleting alias. meta:%s, error:%s', params, traceback.format_exc()) return self.render_json({ 'err_code': e.get_err_code(), 'err_args': e.get_options() }) except Exception as e: logger.error("Cannot delete alias %s. error: %s", output_field, traceback.format_exc()) raise e
def edit_data_input(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) appname = controller_util.get_current_ta_project() reload_input = params.get('reload_input', True) if 'reload_input' in params: del params['reload_input'] splunkd_uri, session_key = scc.getMgmtUri(), cherrypy.session.get( "sessionKey") try: tabuilder = builder.TABuilder(appname, splunkd_uri, session_key) tabuilder.update_TA_input(params, reload_input) return self.render_json({"status": "success", "meta": params}) except CommonException as e: logger.error( 'Get CommonException when update data input. meta:%s, error:%s', params, traceback.format_exc()) return self.render_json({'err_code': e.get_err_code(), 'err_args': e.get_options()}) except Exception as e: logger.error( 'Get exception when update data input. meta:%s, error:%s', params, traceback.format_exc()) raise e
def check_cim_available(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() appname = controller_util.get_current_ta_project() try: builder = TACIMBuilder(appname, splunk_uri, session) confs = builder.check_cim_available() res = {"data": {"successful": True}} if confs: res = {"data": {"successful": False, "conf_names": confs}} return self.render_json(res) except CommonException as e: logger.error( 'Get CommonException when checking CIM available for app %s. meta:%s, error:%s', appname, params, traceback.format_exc()) return self.render_json({ 'err_code': e.get_err_code(), 'err_args': e.get_options() }) except Exception as e: logger.error("Cannot check CIM available for app %s. error: %s", appname, traceback.format_exc()) raise e
def save_models(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() appname = controller_util.get_current_ta_project() eventtype_name = params["eventtype_name"] new_models = params['new_models'] old_models = params['old_models'] try: builder = TACIMBuilder(appname, splunk_uri, session) res = builder.save_models(eventtype_name, new_models, old_models) return self.render_json({"data": {"successful": True}}) except CommonException as e: logger.error( 'Get CommonException when saving models for eventtype %s. meta:%s, error:%s', eventtype_name, params, traceback.format_exc()) return self.render_json({ 'err_code': e.get_err_code(), 'err_args': e.get_options() }) except Exception as e: logger.error( "Cannot save models objects for eventtype %s. error: %s", eventtype_name, traceback.format_exc()) raise e
def get_modular_alerts_summary(self, action, **params): session_key = cherrypy.session.get("sessionKey") splunkd_uri = scc.getMgmtUri() tabuilder = builder.TAAlertBuilder( controller_util.get_current_ta_project(), splunkd_uri, session_key) all_modular_alerts = tabuilder.get_all_TA_alerts() or [] return self.render_json(all_modular_alerts)
def create_eventtype(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() appname = controller_util.get_current_ta_project() name = params['name'] search = params['search'] sourcetype_dict = params['sourcetypes'] try: builder = TACIMBuilder(appname, splunk_uri, session) builder.create_eventtype(name, search, sourcetype_dict) return self.render_json({"data": {"successful": True}}) except CommonException as e: logger.error( 'Get CommonException when creating eventtype. meta:%s, error:%s', params, traceback.format_exc()) return self.render_json({ 'err_code': e.get_err_code(), 'err_args': e.get_options() }) except Exception as e: logger.error("Cannot create eventtype %s. error: %s", name, traceback.format_exc()) raise e
def code_kill_all(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) appname = controller_util.get_current_ta_project() code_killer = runner.CodeKiller() code_killer.kill_all(appname, params['name']) return self.render_json({"status": "successful"})
def get_input_names(self, action, **params): session_key = cherrypy.session.get("sessionKey") splunkd_uri = scc.getMgmtUri() service = common_util.create_splunk_service(session_key, splunkd_uri) tabuilder = builder.TABuilder(controller_util.get_current_ta_project(), splunkd_uri, session_key, service) all_inputs = tabuilder.get_all_TA_inputs() or [] return self.render_json({"input_names": [_input['name'] for _input in all_inputs]})
def code_test(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) appname = controller_util.get_current_ta_project() session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() tabuilder = builder.TAAlertBuilder(appname, splunk_uri, session) output = tabuilder.test_modular_alert_code(params) return self.render_json(output)
def get_app_sourcetype_names(self, action, **params): session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() app_name = controller_util.get_current_ta_project() try: tabuilder = TABuilder(app_name, splunk_uri, session) sourcetypes = tabuilder.get_app_sourcetypes() return self.render_json([{'name': s} for s in sourcetypes]) except Exception as e: logger.error("Cannot get basic info. error: %s", traceback.format_exc()) raise e
def code_save(self, action, **params): # TODO: delete this api. Save the code when savin the input cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) appname = controller_util.get_current_ta_project() session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() tabuilder = builder.TABuilder(appname, splunk_uri, session) tabuilder.save_TA_input_code(params) return self.render_json({"status": "successful"})
def get_indexed_sourcetypes(self, action, **params): session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() app_name = controller_util.get_current_ta_project() try: tabuilder = TABuilder(app_name, splunk_uri, session) res = tabuilder.get_import_sourcetype() return self.render_json({'indexed_sourcetypes': res}) except Exception as e: logger.error("Cannot get sourcetype names from index. error: %s", traceback.format_exc()) raise e
def get_input_load_status(self, action, **param): session_key = cherrypy.session.get("sessionKey") splunkd_uri = scc.getMgmtUri() input_builder = builder_ta_input.TAInputBuilder( controller_util.get_current_ta_project(), splunkd_uri, session_key) response = {} try: response = input_builder.get_input_loaded_status() except CommonException as ce: logger.error('get input load status fails. %s', traceback.format_exc()) response['err_code'] = ce.get_err_code() response['err_args'] = ce.get_options() return self.render_json(response)
def get_imported_sourcetype_contents(self, action, **params): session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() app_name = controller_util.get_current_ta_project() sourcetype = params['sourcetype'] try: builder = SourcetypeBuilder(app_name, splunk_uri, session) res = builder.get_sourcetype_contents(sourcetype) return self.render_json({'sourcetype_contents': res}) except Exception as e: logger.error("Cannot get contents of sourcetype %s. error: %s", sourcetype, traceback.format_exc()) raise e
def get_sourcetypes(self, action, **params): session_key = cherrypy.session.get("sessionKey") splunkd_uri = scc.getMgmtUri() try: tabuilder = builder.TABuilder( controller_util.get_current_ta_project(), splunkd_uri, session_key) return self.render_json([{ 'name': _sourcetype } for _sourcetype in tabuilder.get_all_sourcetypes()]) except CommonException as ce: return self.render_json({ 'err_code': ce.get_err_code(), 'err_args': ce.get_options() })
def fetch_modular_alert_code(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) appname = controller_util.get_current_ta_project() splunkd_uri, session_key = scc.getMgmtUri(), cherrypy.session.get( "sessionKey") try: tabuilder = builder.TAAlertBuilder(appname, splunkd_uri, session_key) meta = tabuilder.fetch_modular_alert_code(params) logger.info('fetch modular alert code:%s', meta) return self.render_json(meta) except Exception as e: logger.error('generate modular alert code error. %s', traceback.format_exc()) raise e
def gen_test_id(self, action, **params): username = cherrypy.session.get('user').get('name') session_key = cherrypy.session.get("sessionKey") splunkd_uri = scc.getMgmtUri() service = common_util.create_splunk_service(session_key, splunkd_uri) r = app_util.is_user_allow_to_create_ta(username, service) if r: # if getting error code, just render it return self.render_json(r) cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) meta = json.loads(raw_body) # params is the meta for this input appname = controller_util.get_current_ta_project() input_builder = builder_ta_input.TAInputBuilder( appname, splunkd_uri, session_key) meta = input_builder.get_dry_run_job_id(meta) return self.render_json(meta)
def get_inputs_summary(self, action, **params): session_key = cherrypy.session.get("sessionKey") splunkd_uri = scc.getMgmtUri() service = common_util.create_splunk_service(session_key, splunkd_uri) tabuilder = builder.TABuilder(controller_util.get_current_ta_project(), splunkd_uri, session_key, service) all_inputs = tabuilder.get_all_TA_inputs() or [] search_result = search_util.get_sourcetype_from_index(service) sourcetypes_totalcount = {entry['sourcetype']: entry['totalCount'] for entry in search_result} for _input in all_inputs: _input['sample_count'] = sourcetypes_totalcount.get( _input['sourcetype'], 0) # get the code for customized modinput input_codes = tabuilder.get_customized_data_input_code(all_inputs) for _input in all_inputs: if _input['name'] in input_codes: _input['code'] = input_codes[_input['name']] return self.render_json(all_inputs)
def get_app_sourcetypes(self, action, **params): session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() appname = controller_util.get_current_ta_project() try: builder = TACIMBuilder(appname, splunk_uri, session) res = builder.get_app_sourcetypes() return self.render_json({"data": res}) except CommonException as e: logger.error( 'Get CommonException when getting sourcetypes for app %s. meta:%s, error:%s', appname, params, traceback.format_exc()) return self.render_json({ 'err_code': e.get_err_code(), 'err_args': e.get_options() }) except Exception as e: logger.error("Cannot get sourcetypes for app %s. error: %s", appname, traceback.format_exc()) raise e
def create_alias(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) @metric_util.function_run_time(tags=['app_edit_cimmapping']) def cherrypy_session_get(): return cherrypy.session.get("sessionKey") session = cherrypy_session_get() @metric_util.function_run_time(tags=['tab_edit_fieldextraction']) def scc_getMgmtUri(): return scc.getMgmtUri() splunk_uri = scc_getMgmtUri() appname = controller_util.get_current_ta_project() sourcetypes = params['sourcetypes'] output_field = params['output_field'] input_field = params['input_field'] search = params["search"] try: builder = TACIMBuilder(appname, splunk_uri, session) res = builder.update_alias(sourcetypes, output_field, input_field, search, check_exist=True) return self.render_json({"data": res}) except CommonException as e: logger.error( 'Get CommonException when creating field alias. meta:%s, error:%s', params, traceback.format_exc()) return self.render_json({ 'err_code': e.get_err_code(), 'err_args': e.get_options() }) except Exception as e: logger.error("Cannot create field alias %s. error: %s", output_field, traceback.format_exc()) raise e
def delete_modular_alert(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) appname = controller_util.get_current_ta_project() splunkd_uri, session_key = scc.getMgmtUri(), cherrypy.session.get( "sessionKey") try: tabuilder = builder.TAAlertBuilder(appname, splunkd_uri, session_key) tabuilder.delete_TA_alert(params) return self.render_json({"status": "success"}) except CommonException as e: logger.error('Fail to delete modular alert. meta:%s, error:%s', params, traceback.format_exc()) return self.render_json({ 'err_code': e.get_err_code(), 'err_args': e.get_options() }) except Exception as e: logger.error('Fail to delete modular alert. meta:%s, error:%s', params, traceback.format_exc()) raise e
def merge_confs_from_default_to_local(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() appname = controller_util.get_current_ta_project() try: builder = TACIMBuilder(appname, splunk_uri, session) builder.merge_confs_from_default_to_local() return self.render_json({"data": {"successful": True}}) except CommonException as e: logger.error( 'Get CommonException when merging conf files from default to local for app %s. meta:%s, error:%s', appname, params, traceback.format_exc()) return self.render_json({ 'err_code': e.get_err_code(), 'err_args': e.get_options() }) except Exception as e: logger.error( "Cannot merge conf files from default to local for app %s. error: %s", appname, traceback.format_exc()) raise e
def get_knowledge_objects(self, action, **params): cl = cherrypy.request.headers["Content-Length"] raw_body = cherrypy.request.body.read(int(cl)) params = json.loads(raw_body) session = cherrypy.session.get("sessionKey") splunk_uri = scc.getMgmtUri() appname = controller_util.get_current_ta_project() sourcetypes = params['sourcetypes'] try: builder = TACIMBuilder(appname, splunk_uri, session) res = builder.get_knowledge_objects(sourcetypes) return self.render_json({"data": res}) except CommonException as e: logger.error( 'Get CommonException when getting knowledge objects for app %s. meta:%s, error:%s', appname, params, traceback.format_exc()) return self.render_json({ 'err_code': e.get_err_code(), 'err_args': e.get_options() }) except Exception as e: logger.error("Cannot get knowledge objects for app %s. error: %s", appname, traceback.format_exc()) raise e