class NetworkToolsConfig(SplunkAppObjModel):
"""
Represents the network_tools.conf custom conf file.
"""
resource = '/admin/network_tools'
index = Field()
class ClusterMasterGeneration(SplunkAppObjModel):
'''
Represents a master's generation info
'''
resource = '/cluster/master/generation'
generation_id = IntField(is_mutable=False)
generation_peers = DictField(is_mutable=False)
last_complete_generation_id = IntField(is_mutable=False)
multisite_error = Field(is_mutable=False)
pending_generation_id = IntField(is_mutable=False)
pending_last_attempt = IntField(is_mutable=False)
pending_last_reason = Field(is_mutable=False)
replication_factor_met = BoolField(is_mutable=False)
search_factor_met = BoolField(is_mutable=False)
was_forced = BoolField(is_mutable=False)
class Input(SplunkRESTModel):
resource = 'data/inputs'
disabled = BoolField(is_mutable=False)
host = Field()
index = Field()
queue = Field()
rcvbuf = IntField(api_name='_rcvbuf', is_mutable=False)
source = Field()
sourcetype = Field()
def _reload(self):
path = '/'.join([self.id.rsplit('/', 1)[0], '_reload'])
response, content = rest.simpleRequest(path, method='POST')
if response.status == 200:
return True
return False
class Input(SplunkAppObjModel):
resource = 'data/inputs'
disabled = BoolField(is_mutable=False)
host = Field()
index = Field()
sourcetype = Field()
def _reload(self):
path = '/'.join([self.id.rsplit('/', 1)[0], '_reload'])
response, content = rest.simpleRequest(path, method='POST')
if response.status == 200:
return True
return False
def enable(self):
if not self.action_links:
return True
for item in self.action_links:
if 'enable' in item:
response, content = rest.simpleRequest(item[1], method='POST')
if response.status == 200:
return True
return False
def disable(self):
if not self.action_links:
return True
for item in self.action_links:
if 'disable' in item:
response, content = rest.simpleRequest(item[1], method='POST')
if response.status == 200:
return True
return False
def delete(self):
if not self.action_links:
return False
for item in self.action_links:
if 'remove' in item:
response, content = rest.simpleRequest(item[1],
method='DELETE')
if response.status == 200:
return True
return False
class CookedTCPInput(SocketInput):
resource = 'data/inputs/tcp/cooked'
compressed = BoolField()
enable_s2s_heartbeat = BoolField()
input_shutdown_timeout = IntField()
# TODO: cast to RouteField()
route = Field()
s2s_heartbeat_timeout = IntField()
class App(SplunkAppObjModel):
"""
Represents a Splunk app
"""
resource = 'apps/local'
is_disabled = BoolField('disabled')
is_configured = BoolField('configured')
label = Field()
class ClusterMasterBucket(SplunkAppObjModel):
'''
Represents a master's cluster bucket state
'''
resource = 'cluster/master/buckets'
bucket_size = IntField(is_mutable=False)
constrain_to_origin_site = BoolField(is_mutable=False)
force_roll = BoolField(is_mutable=False)
frozen = BoolField(is_mutable=False)
index = Field(is_mutable=False)
origin_site = Field(is_mutable=False)
peers = DictField(is_mutable=False)
primaries_by_site = DictField(is_mutable=False)
rep_count_by_site = DictField(is_mutable=False)
search_count_by_site = DictField(is_mutable=False)
service_after_time = IntField(is_mutable=False)
standalone = BoolField(is_mutable=False)
class FiredAlert(SplunkAppObjModel):
'''
Represents a Splunk fired/triggered alert
'''
resource = 'alerts/fired_alerts/-'
actions = ListField()
alert_type = Field()
savedsearch_name = Field()
sid = Field()
severity = IntField()
trigger_time = EpochField()
# these are rendered time string in the current user's timezone
trigger_time_rendered = Field()
expiration_time_rendered = Field()
digest_mode = BoolField()
triggered_alerts = IntField()
def get_savedsearch(self):
from splunk.models.saved_search import SavedSearch
return SavedSearch.get(self.entity.getLink('savedsearch'))
def get_job(self):
job_id = self.entity.getLink('job')
#TODO: return a search job object
return None
@classmethod
def get_alerts(cls, alerts_id):
'''
Returns a SplunkQuerySet that can be used to access the alerts fired by the given id.
The SplunkQuerySet can be modified to include a search, custom ordering etc..
example alerts_id:
absolute: https://localhost:8089/servicesNS/nobody/search/aalerts/fired_alerts/AlertTest1
relative: /servicesNS/nobody/search/alerts/fired_alerts/AlertTest1
'''
k = SplunkQuerySet(FiredAlert.manager(), 30)
k._uri = alerts_id
return k
class HydraCacheStanza(SOLNAppObjModel):
'''
Provides object mapping for the hydra cache stanzas
This can be used as an example when making your own cache models
The conf file should NEVER be managed manually, it is a datastore for the shared session objects
Field Meanings:
string_data - This is a string representing some string data
python_data - This is the serialized python object representing some serialized python data
worker - This is a pointer to the worker that is currently editing the cache,
workers will use this field to 'lock' this session to avoid collisions
'''
resource = 'configs/conf-hydra_cache'
use_model_as_spec = True
string_data = Field()
python_data = PythonObjectField()
worker = Field()
last_lock_time = ISODateTimeField()
class SelfConfig(SplunkAppObjModel):
'''
Represents a Splunk license tracker (master) server
'''
resource = 'licenser/localslave'
resource_default = 'licenser/localslave/license'
connection_timeout = IntField(is_mutable=False)
features = DictField(is_mutable=False)
last_master_contact_attempt_time = EpochField(is_mutable=False)
last_master_contact_success_time = EpochField(is_mutable=False)
last_trackerdb_service_time = EpochField(is_mutable=False)
license_keys = ListField(is_mutable=False)
master_guid = Field(is_mutable=False)
master_uri = Field()
receive_timeout = IntField(is_mutable=False)
send_timeout = IntField(is_mutable=False)
slave_name = Field(api_name='slave_id', is_mutable=False)
slave_label = Field(is_mutable=False)
squash_threshold = IntField(is_mutable=False)
class Slave(SplunkAppObjModel):
'''
Represents a Splunk license slave server
'''
resource = 'licenser/slaves'
added_usage_parsing_warnings = BoolField()
pool_names = ListField(api_name='pool_ids', is_mutable=False)
stack_names = ListField(api_name='stack_ids', is_mutable=False)
warning_count = IntField()
label = Field()
class SplunkLookupTableFile(SplunkAppObjModel):
'''Class for Splunk lookup table files.
Note that on save(), the "path" is actually
the file that will be copied into place to replace the existing lookup
table.
'''
resource = '/data/lookup-table-files'
name = Field()
path = Field(api_name="eai:data")
@staticmethod
def reload( session_key=None ):
path = SplunkLookupTableFile.resource + "/" + '_reload'
response, content = rest.simpleRequest(path, method='GET', sessionKey=session_key)
if response.status == 200:
return True
return False
class ClusterMasterPeer(SplunkAppObjModel):
'''
Represents a master's cluster peer state
'''
resource = 'cluster/master/peers'
active_bundle_id = Field(is_mutable=False)
apply_bundle_status = DictField(is_mutable=False)
base_generation_id = IntField(is_mutable=False)
bucket_count = IntField(is_mutable=False)
bucket_count_by_index = DictField(is_mutable=False)
delayed_buckets_to_discard = ListField(is_mutable=False)
fixup_set = ListField(is_mutable=False)
host_port_pair = Field(is_mutable=False)
is_searchable = BoolField(is_mutable=False)
label = Field(is_mutable=False)
last_heartbeat = EpochField(is_mutable=False)
latest_bundle_id = Field(is_mutable=False)
pending_job_count = IntField(is_mutable=False)
primary_count = IntField(is_mutable=False)
primary_count_remote = IntField(is_mutable=False)
replication_count = IntField(is_mutable=False)
replication_port = IntField(is_mutable=False)
replication_use_ssl = BoolField(is_mutable=False)
search_state_counter = DictField(is_mutable=False)
site = Field(is_mutable=False)
status = Field(is_mutable=False)
status_counter = DictField(is_mutable=False)
class App(SplunkAppObjModel):
'''
Represents a Splunk app.
'''
resource = 'apps/local'
check_for_updates = BoolField()
is_configured = BoolField(api_name='configured')
is_disabled = BoolField('disabled')
is_visible = BoolField(api_name='visible')
label = Field()
requires_restart = BoolField(api_name='state_change_requires_restart')
class TAVMwareVCenterForwarderStanza(SOLNAppObjModel):
'''
Provides object mapping for the vcenter forwarder stanzas
The conf file is for storing information on accessing splunk forwarders.
Note that by convention the name of these stanzas must match the vc stanza in ta_vmware_collection.conf
Field Meanings:
host - The routable address of the virtual center splunk forwarder management, e.g. https://vcenter.splunk.com:8089
user - The user to use when administering the forwarder
credential_validation - boolean indicating the credentials have been validated
addon_validation - boolean indicating the addon (TA-vcenter) has been validated as installed
'''
resource = 'configs/conf-vcenter_forwarder'
use_model_as_spec = True
host = Field()
user = Field()
#The field stores the state of VC log collection
vc_collect_logs = BoolField()
credential_validation = BoolField()
addon_validation = BoolField()
class DispatchField(StructuredField):
'''
Represents the splunk search dispatch parameters
'''
buckets = Field()
earliest_time = Field()
latest_time = Field()
lookups = BoolField()
max_count = Field()
max_time = Field()
reduce_freq = Field()
spawn_process = BoolField()
time_format = Field()
ttl = Field()
class MonitorInput(Input):
resource = 'data/inputs/monitor'
blacklist = Field()
check_index = BoolField(api_name='check-index')
check_path = BoolField(api_name='check-path')
crc_salt = Field(api_name='crc-salt')
follow_tail = BoolField(api_name='followTail')
host_regex = Field()
host_segment = Field()
ignore_older_than = Field(api_name='ignore-older-than')
recursive = BoolField()
rename_source = Field(api_name='rename-source')
whitelist = Field()
class Dashboard(SplunkAppObjModel):
'''
Represents a simple XML dashboard. This is a wrapper model class for the
view objects previously defined in /models/legacy_views.
'''
resource = 'data/ui/views'
#
# properties
#
data = Field('eai:data')
def get_label(self):
return self._obj.label
def set_label(self, label):
self._obj.label = label
label = property(get_label, set_label)
#
# constructor
#
def __init__(self, namespace, owner, name, entity=None, **kwargs):
super(Dashboard, self).__init__(namespace,
owner,
name,
entity=entity,
**kwargs)
self._obj = dashboard.SimpleDashboard()
#
# internal adapters
#
def from_entity(self, entity):
super(Dashboard, self).from_entity(entity)
data = entity['eai:data']
if data:
root = et.fromstring(unicode(data).encode('utf-8'))
self._obj = dashboard.SimpleDashboard()
try:
self._obj.fromXml(root)
except Exception, e:
logger.warn('Could not load xml %s' % e)
class AutoSummarizeField(StructuredField):
'''
Represents the auto-summarrize related parameters
'''
enabled = BoolField('auto_summarize')
can_summarize = Field(is_mutable=False)
is_good_summarization_candidate = Field(is_mutable=False)
cron_schedule = Field()
earliest_time = Field('auto_summarize.dispatch.earliest_time')
latest_time = Field('auto_summarize.dispatch.latest_time')
timespan = Field(is_mutable=False)
class AlertOverlay(SplunkAppObjModel):
resource = 'unix/alert_overlay'
description = Field()
business_impact = Field()
remediation = Field()
escalation = Field()
threshold_max = IntField()
threshold_min = IntField()
threshold_type = Field()
threshold_unit = Field()
class TAVMwareCacheStanza(SOLNAppObjModel):
'''
Provides object mapping for the TA-vmware cache stanzas
The conf file should NEVER be managed manually, it is a datastore for the shared objects
'''
resource = 'configs/conf-ta_vmware_cache'
use_model_as_spec = True
#This is the serialized python object representing inv_data
inv_data = PythonObjectField()
inv_time = ISODateTimeField()
#This is a pointer to the worker that is currently editing the cache,
#workers will use this field to 'lock' this session to avoid collisions
worker = Field()
last_lock_time = ISODateTimeField()
class ClusterMasterInfo(SplunkAppObjModel):
'''
Represents a master node's state
'''
resource = 'cluster/master/info'
active_bundle = DictField(is_mutable=False)
apply_bundle_status = DictField(is_mutable=False)
indexing_ready_flag = BoolField(is_mutable=False)
initialized_flag = BoolField(is_mutable=False)
label = Field(is_mutable=False)
latest_bundle = DictField(is_mutable=False)
maintenance_mode = BoolField(is_mutable=False)
multisite = BoolField(is_mutable=False)
rolling_restart_flag = BoolField(is_mutable=False)
service_ready_flag = BoolField(is_mutable=False)
start_time = IntField(is_mutable=False)
class TAVMwareSyslogForwarderStanza(SOLNAppObjModel):
'''
Provides object mapping for the syslog forwarder stanzas
The conf file is for storing configuration information related to syslog forwarding.
Note that by convention the name of stanzas must match the vc stanza in ta_vmware_collection.conf
Field Meanings:
status - boolean on/off switch for data collection
validation_status - boolean indicating if validation has passed
syslog_uri - csv list of target ssylog forwarders
'''
resource = 'configs/conf-ta_vmware_syslog_forwarder'
use_model_as_spec = True
status = BoolField()
validation_status = BoolField()
uri = CSVField()
config_status_msg = Field()
class MonitorInput(Input):
resource = 'data/inputs/monitor'
always_open_file = BoolField()
blacklist = Field()
crc_salt = Field(api_name='crcSalt')
file_count = IntField(api_name='filecount', is_mutable=False)
follow_symlink = BoolField(api_name='followSymlink')
follow_tail = BoolField()
host_regex = Field()
host_segment = Field()
# TODO : cast to TimeField()
ignore_older_than = Field()
move_policy = Field()
recursive = BoolField()
time_before_close = IntField()
whitelist = Field()
class Message(SplunkAppObjModel):
'''
Represnts a licenser message
'''
resource = 'licenser/messages'
category = Field(is_mutable=False)
create_time = EpochField()
description = Field()
pool_name = Field(api_name='pool_id')
severity = Field(default_value='ERROR')
slave_name = Field(api_name='slave_id')
stack_name = Field(api_name='stack_id')
class EmailActionField(StructuredField):
'''
Represents the email alert action configuration
'''
enabled = BoolField('action.email')
format = Field()
inline = BoolField()
sendresults = BoolField()
to = Field()
subject = Field()
pdfview = Field()
#TODO: use splunk.models.server_config.PDFConfig.is_enabled instead
sendpdf = BoolField()
papersize = Field()
paperorientation = Field()
class ClusterConfig(SplunkAppObjModel):
'''
Represents the current node
'''
resource = 'cluster/config'
cxn_timeout = IntField()
disabled = BoolField()
forwarderdata_rcv_port = IntField()
forwarderdata_use_ssl = BoolField()
heartbeat_period = IntField()
heartbeat_timeout = IntField()
master_uri = Field()
max_peer_build_load = IntField()
max_peer_rep_load = IntField()
mode = Field()
multisite = BoolField()
percent_peers_to_restart = IntField()
ping_flag = BoolField()
quiet_period = IntField()
rcv_timeout = IntField()
register_forwarder_address = Field()
register_replication_address = Field()
register_search_address = Field()
rep_cxn_timeout = IntField()
rep_max_rcv_timeout = IntField()
rep_max_send_timeout = IntField()
rep_rcv_timeout = IntField()
rep_send_timeout = IntField()
replication_factor = IntField()
replication_port = IntField()
replication_use_ssl = BoolField()
restart_timeout = IntField()
search_factor = IntField()
search_files_retry_timeout = IntField()
secret = Field()
send_timeout = IntField()
site = Field()
class License(SplunkAppObjModel):
'''
Represents a single license object
'''
resource = 'licenser/licenses'
creation_time = EpochField()
expiration_time = EpochField()
features = ListField()
hash = Field(api_name='license_hash')
label = Field()
max_violations = IntField()
payload = Field()
quota_bytes = FloatField(api_name='quota')
sourcetypes = ListField()
stack_name = Field(api_name='stack_id')
status = Field()
type = Field()
window_period = IntField()
class User(SplunkAppObjModel):
'''
Represents a Splunk user object.
'''
resource = 'authentication/users'
default_app = Field('defaultApp')
default_app_is_user_override = BoolField('defaultAppIsUserOverride',
is_mutable=False)
default_app_source_role = Field('defaultAppSourceRole', is_mutable=False)
email = Field()
password = Field()
realname = Field()
create_role = Field('createrole', is_mutable=False)
roles = ListField(is_mutable=False)
type = Field(is_mutable=False)
@classmethod
def get(self, uname):
'''
Overriden function lets retrieving user objects by user name instead of id
'''
return super(User, self).get('%s/%s' % (self.resource, uname))
class AlertField(StructuredField):
'''
Represents the saved search alerting configuration
'''
class SuppressAlertField(StructuredField):
'''
Represents the suppression configuration for saved search alerting
configuration
'''
enabled = BoolField('alert.suppress')
period = Field()
fieldlist = Field('alert.suppress.fields')
type = Field('alert_type')
comparator = Field('alert_comparator')
threshold = Field('alert_threshold')
condition = Field('alert_condition')
suppress = SuppressAlertField()
digest_mode = BoolField()
expires = Field()
severity = Field()
fired_count = IntField('triggered_alert_count')
track = BoolField()