def sid(self, app, action, sid, **kwargs):
''' return details for a specific alertevent'''
alertevent = None
output = None
user = cherrypy.session['user']['name']
host_app = cherrypy.request.path_info.split('/')[3]
try:
job = splunk.search.getJob(sid)
#for r in job.results:
# logger.debug("results %s" % r)
fired = FiredAlert.all()
fired = fired.search('sid=%s' % sid)[0]
hosts = sorted(list({str(x.get('host')) for x in job.results if x.get('hosts')}))
alertevent = {'alert_name': job.label,
'time': fired.trigger_time,
'description': fired.savedsearch_name,
'severity': fired.severity,
'hosts': hosts,
'sid': sid,
'et': job.earliestTime,
'lt': job.latestTime}
logger.debug(alertevent)
except Exception, ex:
logger.exception(ex)
logger.warn('problem retreiving alertevent %s' % id)
raise cherrypy.HTTPRedirect(self._redirect(host_app, app, 'alertevent_not_found', sid=sid), 303)
def index(self, app, **params):
# request param cast/defaults
offset = int(params.get('offset', 0))
count = int(params.get('count', 25))
alerts_app = getArgValue('eai:acl.app', params, app)
alerts_user = urllib.unquote_plus(getArgValue('eai:acl.owner', params, '-'))
# fired alerts search filters
search_params = ['severity', 'search']
search_string = []
for key in search_params:
value = params.get(key)
if value and value != '*':
if key=='search':
search_string.append('%s' % value)
else:
search_string.append('%s="%s"' % (key, urllib.unquote_plus(value)))
# fired alerts query
if not 'alerts_id' in params:
fired_alerts = FiredAlert.all()
else:
fired_alerts = FiredAlert.get_alerts(urllib.unquote_plus(params.get('alerts_id')))
# augment query with search
if len(search_string) > 0:
fired_alerts = fired_alerts.search(' '.join(search_string))
# augment query with app or user filters
fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(alerts_user)
fired_alerts._count_per_req = count
if 'sort_by' in params or 'sort_dir' in params:
fired_alerts = fired_alerts.order_by(params.get('sort_by', 'trigger_time'), sort_dir=params.get('sort_dir', 'desc'))
# fired alert summary information
fired_alert_summary = FiredAlertSummary.all().filter_by_app(alerts_app).filter_by_user(alerts_user)
fired_alert_summary._count_per_req = count
# apps listings
apps = App.all().filter(is_disabled=False)
# users listings
users = User.all()
max_users = 250
users._count_per_req = max_users
users = users[:max_users]
# paginator
pager = paginator.Google(fired_alerts.get_total(), max_items_page=count, item_offset=offset)
app_label=splunk.bundle.getConf('app', namespace=app)['ui'].get('label')
# view variables
template_args = dict(app=alerts_app, apps=apps, users=users, count=count,
fired_alerts=fired_alerts,
fired_alert_summary=fired_alert_summary,
offset=offset, pager=pager, app_label=app_label)
return self.render_template('alerts/index.html', template_args)
def index(self, app, **params):
# request param cast/defaults
offset = int(params.get('offset', 0))
count = int(params.get('count', 25))
alerts_app = getArgValue('eai:acl.app', params, app)
alerts_user = urllib.unquote_plus(
getArgValue('eai:acl.owner', params, '-'))
# fired alerts search filters
search_params = ['severity', 'search']
search_string = []
for key in search_params:
value = params.get(key)
if value and value != '*':
if key == 'search':
search_string.append('%s' % value)
else:
search_string.append('%s="%s"' %
(key, urllib.unquote_plus(value)))
# fired alerts query
if not 'alerts_id' in params:
fired_alerts = FiredAlert.all()
else:
fired_alerts = FiredAlert.get_alerts(
urllib.unquote_plus(params.get('alerts_id')))
# augment query with search
if len(search_string) > 0:
fired_alerts = fired_alerts.search(' '.join(search_string))
# augment query with app or user filters
fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(
alerts_user)
fired_alerts._count_per_req = count
if 'sort_by' in params or 'sort_dir' in params:
fired_alerts = fired_alerts.order_by(
params.get('sort_by', 'trigger_time'),
sort_dir=params.get('sort_dir', 'desc'))
# fired alert summary information
fired_alert_summary = FiredAlertSummary.all().filter_by_app(
alerts_app).filter_by_user(alerts_user)
fired_alert_summary._count_per_req = count
try:
fired_alert_summary[0]
except Exception, e:
if e.statusCode == 402:
return self.render_template('admin/402.html',
{'feature': _('Alerting')})
def sid(self, app, action, sid, **kwargs):
''' return details for a specific alertevent'''
alertevent = None
output = None
user = cherrypy.session['user']['name']
host_app = cherrypy.request.path_info.split('/')[3]
try:
job = splunk.search.getJob(sid)
#for r in job.results:
# logger.debug("results %s" % r)
fired = FiredAlert.all()
fired = fired.search('sid=%s' % sid)[0]
hosts = sorted(
list({
str(x.get('host'))
for x in job.results if x.get('hosts')
}))
alertevent = {
'alert_name': job.label,
'time': fired.trigger_time,
'description': fired.savedsearch_name,
'severity': fired.severity,
'hosts': hosts,
'sid': sid,
'et': job.earliestTime,
'lt': job.latestTime
}
logger.debug(alertevent)
except Exception, ex:
logger.exception(ex)
logger.warn('problem retreiving alertevent %s' % id)
raise cherrypy.HTTPRedirect(
self._redirect(host_app, app, 'alertevent_not_found', sid=sid),
303)
def index(self, app, **params):
# request param cast/defaults
offset = int(params.get('offset', 0))
count = int(params.get('count', 25))
alerts_app = getArgValue('eai:acl.app', params, app)
alerts_user = urllib.unquote_plus(
getArgValue('eai:acl.owner', params, '-'))
# fired alerts search filters
search_params = ['severity', 'search']
search_string = []
for key in search_params:
value = params.get(key)
if value and value != '*':
if key == 'search':
search_string.append('%s' % value)
else:
search_string.append('%s="%s"' %
(key, urllib.unquote_plus(value)))
# fired alerts query
if not 'alerts_id' in params:
fired_alerts = FiredAlert.all()
else:
fired_alerts = FiredAlert.get_alerts(
urllib.unquote_plus(params.get('alerts_id')))
# augment query with search
if len(search_string) > 0:
fired_alerts = fired_alerts.search(' '.join(search_string))
# augment query with app or user filters
fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(
alerts_user)
fired_alerts._count_per_req = count
if 'sort_by' in params or 'sort_dir' in params:
fired_alerts = fired_alerts.order_by(
params.get('sort_by', 'trigger_time'),
sort_dir=params.get('sort_dir', 'desc'))
# fired alert summary information
fired_alert_summary = FiredAlertSummary.all().filter_by_app(
alerts_app).filter_by_user(alerts_user)
fired_alert_summary._count_per_req = count
# apps listings
apps = App.all().filter(is_disabled=False)
# users listings
users = User.all()
max_users = 250
users._count_per_req = max_users
users = users[:max_users]
# paginator
pager = paginator.Google(fired_alerts.get_total(),
max_items_page=count,
item_offset=offset)
app_label = splunk.bundle.getConf('app',
namespace=app)['ui'].get('label')
# view variables
template_args = dict(app=alerts_app,
apps=apps,
users=users,
count=count,
fired_alerts=fired_alerts,
fired_alert_summary=fired_alert_summary,
offset=offset,
pager=pager,
app_label=app_label)
return self.render_template('alerts/index.html', template_args)
