class ClusterMasterPeer(SplunkAppObjModel):
'''
Represents a master's cluster peer state
'''
resource = 'cluster/master/peers'
active_bundle_id = Field(is_mutable=False)
apply_bundle_status = DictField(is_mutable=False)
base_generation_id = IntField(is_mutable=False)
bucket_count = IntField(is_mutable=False)
bucket_count_by_index = DictField(is_mutable=False)
delayed_buckets_to_discard = ListField(is_mutable=False)
fixup_set = ListField(is_mutable=False)
host_port_pair = Field(is_mutable=False)
is_searchable = BoolField(is_mutable=False)
label = Field(is_mutable=False)
last_heartbeat = EpochField(is_mutable=False)
latest_bundle_id = Field(is_mutable=False)
pending_job_count = IntField(is_mutable=False)
primary_count = IntField(is_mutable=False)
primary_count_remote = IntField(is_mutable=False)
replication_count = IntField(is_mutable=False)
replication_port = IntField(is_mutable=False)
replication_use_ssl = BoolField(is_mutable=False)
search_state_counter = DictField(is_mutable=False)
site = Field(is_mutable=False)
status = Field(is_mutable=False)
status_counter = DictField(is_mutable=False)
class Slave(SplunkAppObjModel):
'''
Represents a Splunk license slave server
'''
resource = 'licenser/slaves'
added_usage_parsing_warnings = BoolField()
pool_names = ListField(api_name='pool_ids', is_mutable=False)
stack_names = ListField(api_name='stack_ids', is_mutable=False)
warning_count = IntField()
label = Field()
class ClusterMasterSite(SplunkAppObjModel):
'''
Represents a master's cluster sites
'''
resource = 'cluster/master/sites'
peers = ListField(is_mutable=False)
class ClusterMasterIndex(SplunkAppObjModel):
'''
Represents a master's cluster indexes
'''
resource = 'cluster/master/indexes'
buckets_with_excess_copies = IntField(is_mutable=False)
buckets_with_excess_searchable_copies = IntField(is_mutable=False)
index_size = IntField(is_mutable=False)
is_searchable = BoolField(is_mutable=False)
num_buckets = IntField(is_mutable=False)
replicated_copies_tracker = ListField(is_mutable=False)
searchable_copies_tracker = ListField(is_mutable=False)
sort_order = IntField(is_mutable=False)
total_excess_bucket_copies = IntField(is_mutable=False)
total_excess_searchable_copies = IntField(is_mutable=False)
class Summarization(SplunkAppObjModel):
'''
Represents an auto-summarization for a saved search
'''
resource = 'admin/summarization'
saved_searches = DictField('saved_searches', is_mutable=False)
saved_searches_count = Field('saved_searches.count')
buckets = Field('summary.buckets', is_mutable=False)
complete = Field('summary.complete', is_mutable=False)
hash = Field('summary.hash', is_mutable=False)
regularHash = Field('summary.regularHash', is_mutable=False)
normHash = Field('summary.normHash', is_mutable=False)
unique_id = Field('summary.id', is_mutable=False)
regular_id = Field('summary.regular_id', is_mutable=False)
normalized_id = Field('summary.normalized_id', is_mutable=False)
chunks = Field('summary.chunks', is_mutable=False)
earliest_time = Field('summary.earliest_time', is_mutable=False)
latest_time = Field('summary.latest_time', is_mutable=False)
time_range = Field('summary.time_range', is_mutable=False)
load_factor = Field('summary.load_factor', is_mutable=False)
total_time = Field('summary.total_time', is_mutable=False)
run_stats = ListField('summary.run_stats', is_mutable=False)
last_error = ListField('summary.last_error', is_mutable=False)
mod_time = Field('summary.mod_time', is_mutable=False)
access_time = Field('summary.access_time', is_mutable=False)
access_count = Field('summary.access_count', is_mutable=False)
size = Field('summary.size', is_mutable=False)
timespan = Field('summary.timespan', is_mutable=False)
is_inprogress = BoolField('summary.is_inprogress', is_mutable=False)
is_suspended = BoolField('summary.is_suspended', is_mutable=False)
suspend_expiration = EpochField('summary.suspend_expiration',
is_mutable=False)
verification_buckets_failed = Field('verification_buckets_failed',
is_mutable=False)
verification_buckets_skipped = Field('verification_buckets_skipped',
is_mutable=False)
verification_buckets_passed = Field('verification_buckets_passed',
is_mutable=False)
verification_state = Field('verification_state', is_mutable=False)
verification_time = Field('verification_time', is_mutable=False)
verification_error = Field('verification_error', is_mutable=False)
verification_progress = Field('verification_progress', is_mutable=False)
class Group(SplunkAppObjModel):
'''
Represents a license group object
'''
resource = 'licenser/groups'
is_active = BoolField()
stack_names = ListField(api_name='stack_ids', is_mutable=False)
class WinEventLogInput(Input):
resource = 'data/inputs/win-event-log-collections'
checkpoint_interval = IntField(api_name='checkpointInterval')
current_only = BoolField()
evt_dc_name = Field()
evt_dns_name = Field()
evt_resolve_ad_obj = BoolField()
logs = ListField()
start_from = Field()
class License(SplunkAppObjModel):
'''
Represents a single license object
'''
resource = 'licenser/licenses'
creation_time = EpochField()
expiration_time = EpochField()
features = ListField()
hash = Field(api_name='license_hash')
label = Field()
max_violations = IntField()
payload = Field()
quota_bytes = FloatField(api_name='quota')
sourcetypes = ListField()
stack_name = Field(api_name='stack_id')
status = Field()
type = Field()
window_period = IntField()
class Pool(SplunkAppObjModel):
'''
Represents a license pool container
'''
resource = 'licenser/pools'
description = Field()
is_catch_all = BoolField()
penalty = IntField()
quota_bytes = IntByteField(api_name='quota')
slaves = ListField()
slaves_usage_bytes = DictField(is_mutable=False)
stack_name = Field(api_name='stack_id', is_mutable=False)
used_bytes = FloatField()
class FiredAlert(SplunkAppObjModel):
'''
Represents a Splunk fired/triggered alert
'''
resource = 'alerts/fired_alerts/-'
actions = ListField()
alert_type = Field()
savedsearch_name = Field()
sid = Field()
severity = IntField()
trigger_time = EpochField()
# these are rendered time string in the current user's timezone
trigger_time_rendered = Field()
expiration_time_rendered = Field()
digest_mode = BoolField()
triggered_alerts = IntField()
def get_savedsearch(self):
from splunk.models.saved_search import SavedSearch
return SavedSearch.get(self.entity.getLink('savedsearch'))
def get_job(self):
job_id = self.entity.getLink('job')
#TODO: return a search job object
return None
@classmethod
def get_alerts(cls, alerts_id):
'''
Returns a SplunkQuerySet that can be used to access the alerts fired by the given id.
The SplunkQuerySet can be modified to include a search, custom ordering etc..
example alerts_id:
absolute: https://localhost:8089/servicesNS/nobody/search/aalerts/fired_alerts/AlertTest1
relative: /servicesNS/nobody/search/alerts/fired_alerts/AlertTest1
'''
k = SplunkQuerySet(FiredAlert.manager(), 30)
k._uri = alerts_id
return k
class SelfConfig(SplunkAppObjModel):
'''
Represents a Splunk license tracker (master) server
'''
resource = 'licenser/localslave'
resource_default = 'licenser/localslave/license'
connection_timeout = IntField(is_mutable=False)
features = DictField(is_mutable=False)
last_master_contact_attempt_time = EpochField(is_mutable=False)
last_master_contact_success_time = EpochField(is_mutable=False)
last_trackerdb_service_time = EpochField(is_mutable=False)
license_keys = ListField(is_mutable=False)
master_guid = Field(is_mutable=False)
master_uri = Field()
receive_timeout = IntField(is_mutable=False)
send_timeout = IntField(is_mutable=False)
slave_name = Field(api_name='slave_id', is_mutable=False)
slave_label = Field(is_mutable=False)
squash_threshold = IntField(is_mutable=False)
class User(SplunkAppObjModel):
'''
Represents a Splunk user object.
'''
resource = 'authentication/users'
default_app = Field('defaultApp')
default_app_is_user_override = BoolField('defaultAppIsUserOverride',
is_mutable=False)
default_app_source_role = Field('defaultAppSourceRole', is_mutable=False)
email = Field()
password = Field()
realname = Field()
create_role = Field('createrole', is_mutable=False)
roles = ListField(is_mutable=False)
type = Field(is_mutable=False)
@classmethod
def get(self, uname):
'''
Overriden function lets retrieving user objects by user name instead of id
'''
return super(User, self).get('%s/%s' % (self.resource, uname))