def index(self, app, **params):
# request param cast/defaults
offset = int(params.get('offset', 0))
count = int(params.get('count', 25))
alerts_app = getArgValue('eai:acl.app', params, app)
alerts_user = urllib.unquote_plus(getArgValue('eai:acl.owner', params, '-'))
# fired alerts search filters
search_params = ['severity', 'search']
search_string = []
for key in search_params:
value = params.get(key)
if value and value != '*':
if key=='search':
search_string.append('%s' % value)
else:
search_string.append('%s="%s"' % (key, urllib.unquote_plus(value)))
# fired alerts query
if not 'alerts_id' in params:
fired_alerts = FiredAlert.all()
else:
fired_alerts = FiredAlert.get_alerts(urllib.unquote_plus(params.get('alerts_id')))
# augment query with search
if len(search_string) > 0:
fired_alerts = fired_alerts.search(' '.join(search_string))
# augment query with app or user filters
fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(alerts_user)
fired_alerts._count_per_req = count
if 'sort_by' in params or 'sort_dir' in params:
fired_alerts = fired_alerts.order_by(params.get('sort_by', 'trigger_time'), sort_dir=params.get('sort_dir', 'desc'))
# fired alert summary information
fired_alert_summary = FiredAlertSummary.all().filter_by_app(alerts_app).filter_by_user(alerts_user)
fired_alert_summary._count_per_req = count
# apps listings
apps = App.all().filter(is_disabled=False)
# users listings
users = User.all()
max_users = 250
users._count_per_req = max_users
users = users[:max_users]
# paginator
pager = paginator.Google(fired_alerts.get_total(), max_items_page=count, item_offset=offset)
app_label=splunk.bundle.getConf('app', namespace=app)['ui'].get('label')
# view variables
template_args = dict(app=alerts_app, apps=apps, users=users, count=count,
fired_alerts=fired_alerts,
fired_alert_summary=fired_alert_summary,
offset=offset, pager=pager, app_label=app_label)
return self.render_template('alerts/index.html', template_args)
def delete(self, app, action, id=None, **params):
if isinstance(id, list):
for idx in id:
try:
FiredAlert.get(idx).delete()
except:
logger.warn('Could not delete fired alert: %s' % idx)
elif isinstance(id, basestring):
try:
FiredAlert.get(id).delete()
except:
logger.warn('Could not delete fired alert: %s' % id)
raise cherrypy.HTTPRedirect(self.make_url(['alerts', app]) + '?%s' % cherrypy.request.query_string, 303)
def delete(self, app, action, id=None, **params):
if isinstance(id, list):
for idx in id:
try:
FiredAlert.get(idx).delete()
except:
logger.warn('Could not delete fired alert: %s' % idx)
elif isinstance(id, basestring):
try:
FiredAlert.get(id).delete()
except:
logger.warn('Could not delete fired alert: %s' % id)
raise cherrypy.HTTPRedirect(
self.make_url(['alerts', app]) +
'?%s' % cherrypy.request.query_string, 303)
def index(self, app, **params):
# request param cast/defaults
offset = int(params.get('offset', 0))
count = int(params.get('count', 25))
alerts_app = getArgValue('eai:acl.app', params, app)
alerts_user = urllib.unquote_plus(
getArgValue('eai:acl.owner', params, '-'))
# fired alerts search filters
search_params = ['severity', 'search']
search_string = []
for key in search_params:
value = params.get(key)
if value and value != '*':
if key == 'search':
search_string.append('%s' % value)
else:
search_string.append('%s="%s"' %
(key, urllib.unquote_plus(value)))
# fired alerts query
if not 'alerts_id' in params:
fired_alerts = FiredAlert.all()
else:
fired_alerts = FiredAlert.get_alerts(
urllib.unquote_plus(params.get('alerts_id')))
# augment query with search
if len(search_string) > 0:
fired_alerts = fired_alerts.search(' '.join(search_string))
# augment query with app or user filters
fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(
alerts_user)
fired_alerts._count_per_req = count
if 'sort_by' in params or 'sort_dir' in params:
fired_alerts = fired_alerts.order_by(
params.get('sort_by', 'trigger_time'),
sort_dir=params.get('sort_dir', 'desc'))
# fired alert summary information
fired_alert_summary = FiredAlertSummary.all().filter_by_app(
alerts_app).filter_by_user(alerts_user)
fired_alert_summary._count_per_req = count
try:
fired_alert_summary[0]
except Exception, e:
if e.statusCode == 402:
return self.render_template('admin/402.html',
{'feature': _('Alerting')})
def sid(self, app, action, sid, **kwargs):
''' return details for a specific alertevent'''
alertevent = None
output = None
user = cherrypy.session['user']['name']
host_app = cherrypy.request.path_info.split('/')[3]
try:
job = splunk.search.getJob(sid)
#for r in job.results:
# logger.debug("results %s" % r)
fired = FiredAlert.all()
fired = fired.search('sid=%s' % sid)[0]
hosts = sorted(list({str(x.get('host')) for x in job.results if x.get('hosts')}))
alertevent = {'alert_name': job.label,
'time': fired.trigger_time,
'description': fired.savedsearch_name,
'severity': fired.severity,
'hosts': hosts,
'sid': sid,
'et': job.earliestTime,
'lt': job.latestTime}
logger.debug(alertevent)
except Exception, ex:
logger.exception(ex)
logger.warn('problem retreiving alertevent %s' % id)
raise cherrypy.HTTPRedirect(self._redirect(host_app, app, 'alertevent_not_found', sid=sid), 303)
def get_alerts(self):
'''
Returns a SplunkQuerySet that can be used to access the alerts fired by this saved search, if no
alerts have been fired this method will return None
The SplunkQuerySet can be modified to include a search, custom ordering etc..
'''
alerts_id = self.entity.getLink('alerts')
if alerts_id == None:
return None
from splunk.models.fired_alert import FiredAlert
return FiredAlert.get_alerts(alerts_id)
def get_alerts(self):
'''
Returns a SplunkQuerySet that can be used to access the alerts fired by this saved search, if no
alerts have been fired this method will return None
The SplunkQuerySet can be modified to include a search, custom ordering etc..
'''
alerts_id = self.entity.getLink('alerts')
if alerts_id == None:
return None
from splunk.models.fired_alert import FiredAlert
return FiredAlert.get_alerts(alerts_id)
def sid(self, app, action, sid, **kwargs):
''' return details for a specific alertevent'''
alertevent = None
output = None
user = cherrypy.session['user']['name']
host_app = cherrypy.request.path_info.split('/')[3]
try:
job = splunk.search.getJob(sid)
#for r in job.results:
# logger.debug("results %s" % r)
fired = FiredAlert.all()
fired = fired.search('sid=%s' % sid)[0]
hosts = sorted(
list({
str(x.get('host'))
for x in job.results if x.get('hosts')
}))
alertevent = {
'alert_name': job.label,
'time': fired.trigger_time,
'description': fired.savedsearch_name,
'severity': fired.severity,
'hosts': hosts,
'sid': sid,
'et': job.earliestTime,
'lt': job.latestTime
}
logger.debug(alertevent)
except Exception, ex:
logger.exception(ex)
logger.warn('problem retreiving alertevent %s' % id)
raise cherrypy.HTTPRedirect(
self._redirect(host_app, app, 'alertevent_not_found', sid=sid),
303)
def index(self, app, **params):
# request param cast/defaults
offset = int(params.get('offset', 0))
count = int(params.get('count', 25))
alerts_app = getArgValue('eai:acl.app', params, app)
alerts_user = urllib.unquote_plus(
getArgValue('eai:acl.owner', params, '-'))
# fired alerts search filters
search_params = ['severity', 'search']
search_string = []
for key in search_params:
value = params.get(key)
if value and value != '*':
if key == 'search':
search_string.append('%s' % value)
else:
search_string.append('%s="%s"' %
(key, urllib.unquote_plus(value)))
# fired alerts query
if not 'alerts_id' in params:
fired_alerts = FiredAlert.all()
else:
fired_alerts = FiredAlert.get_alerts(
urllib.unquote_plus(params.get('alerts_id')))
# augment query with search
if len(search_string) > 0:
fired_alerts = fired_alerts.search(' '.join(search_string))
# augment query with app or user filters
fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(
alerts_user)
fired_alerts._count_per_req = count
if 'sort_by' in params or 'sort_dir' in params:
fired_alerts = fired_alerts.order_by(
params.get('sort_by', 'trigger_time'),
sort_dir=params.get('sort_dir', 'desc'))
# fired alert summary information
fired_alert_summary = FiredAlertSummary.all().filter_by_app(
alerts_app).filter_by_user(alerts_user)
fired_alert_summary._count_per_req = count
# apps listings
apps = App.all().filter(is_disabled=False)
# users listings
users = User.all()
max_users = 250
users._count_per_req = max_users
users = users[:max_users]
# paginator
pager = paginator.Google(fired_alerts.get_total(),
max_items_page=count,
item_offset=offset)
app_label = splunk.bundle.getConf('app',
namespace=app)['ui'].get('label')
# view variables
template_args = dict(app=alerts_app,
apps=apps,
users=users,
count=count,
fired_alerts=fired_alerts,
fired_alert_summary=fired_alert_summary,
offset=offset,
pager=pager,
app_label=app_label)
return self.render_template('alerts/index.html', template_args)
