def sid(self, app, action, sid, **kwargs): ''' return details for a specific alertevent''' alertevent = None output = None user = cherrypy.session['user']['name'] host_app = cherrypy.request.path_info.split('/')[3] try: job = splunk.search.getJob(sid) #for r in job.results: # logger.debug("results %s" % r) fired = FiredAlert.all() fired = fired.search('sid=%s' % sid)[0] hosts = sorted(list({str(x.get('host')) for x in job.results if x.get('hosts')})) alertevent = {'alert_name': job.label, 'time': fired.trigger_time, 'description': fired.savedsearch_name, 'severity': fired.severity, 'hosts': hosts, 'sid': sid, 'et': job.earliestTime, 'lt': job.latestTime} logger.debug(alertevent) except Exception, ex: logger.exception(ex) logger.warn('problem retreiving alertevent %s' % id) raise cherrypy.HTTPRedirect(self._redirect(host_app, app, 'alertevent_not_found', sid=sid), 303)
def index(self, app, **params): # request param cast/defaults offset = int(params.get('offset', 0)) count = int(params.get('count', 25)) alerts_app = getArgValue('eai:acl.app', params, app) alerts_user = urllib.unquote_plus(getArgValue('eai:acl.owner', params, '-')) # fired alerts search filters search_params = ['severity', 'search'] search_string = [] for key in search_params: value = params.get(key) if value and value != '*': if key=='search': search_string.append('%s' % value) else: search_string.append('%s="%s"' % (key, urllib.unquote_plus(value))) # fired alerts query if not 'alerts_id' in params: fired_alerts = FiredAlert.all() else: fired_alerts = FiredAlert.get_alerts(urllib.unquote_plus(params.get('alerts_id'))) # augment query with search if len(search_string) > 0: fired_alerts = fired_alerts.search(' '.join(search_string)) # augment query with app or user filters fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user(alerts_user) fired_alerts._count_per_req = count if 'sort_by' in params or 'sort_dir' in params: fired_alerts = fired_alerts.order_by(params.get('sort_by', 'trigger_time'), sort_dir=params.get('sort_dir', 'desc')) # fired alert summary information fired_alert_summary = FiredAlertSummary.all().filter_by_app(alerts_app).filter_by_user(alerts_user) fired_alert_summary._count_per_req = count # apps listings apps = App.all().filter(is_disabled=False) # users listings users = User.all() max_users = 250 users._count_per_req = max_users users = users[:max_users] # paginator pager = paginator.Google(fired_alerts.get_total(), max_items_page=count, item_offset=offset) app_label=splunk.bundle.getConf('app', namespace=app)['ui'].get('label') # view variables template_args = dict(app=alerts_app, apps=apps, users=users, count=count, fired_alerts=fired_alerts, fired_alert_summary=fired_alert_summary, offset=offset, pager=pager, app_label=app_label) return self.render_template('alerts/index.html', template_args)
def index(self, app, **params): # request param cast/defaults offset = int(params.get('offset', 0)) count = int(params.get('count', 25)) alerts_app = getArgValue('eai:acl.app', params, app) alerts_user = urllib.unquote_plus( getArgValue('eai:acl.owner', params, '-')) # fired alerts search filters search_params = ['severity', 'search'] search_string = [] for key in search_params: value = params.get(key) if value and value != '*': if key == 'search': search_string.append('%s' % value) else: search_string.append('%s="%s"' % (key, urllib.unquote_plus(value))) # fired alerts query if not 'alerts_id' in params: fired_alerts = FiredAlert.all() else: fired_alerts = FiredAlert.get_alerts( urllib.unquote_plus(params.get('alerts_id'))) # augment query with search if len(search_string) > 0: fired_alerts = fired_alerts.search(' '.join(search_string)) # augment query with app or user filters fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user( alerts_user) fired_alerts._count_per_req = count if 'sort_by' in params or 'sort_dir' in params: fired_alerts = fired_alerts.order_by( params.get('sort_by', 'trigger_time'), sort_dir=params.get('sort_dir', 'desc')) # fired alert summary information fired_alert_summary = FiredAlertSummary.all().filter_by_app( alerts_app).filter_by_user(alerts_user) fired_alert_summary._count_per_req = count try: fired_alert_summary[0] except Exception, e: if e.statusCode == 402: return self.render_template('admin/402.html', {'feature': _('Alerting')})
def sid(self, app, action, sid, **kwargs): ''' return details for a specific alertevent''' alertevent = None output = None user = cherrypy.session['user']['name'] host_app = cherrypy.request.path_info.split('/')[3] try: job = splunk.search.getJob(sid) #for r in job.results: # logger.debug("results %s" % r) fired = FiredAlert.all() fired = fired.search('sid=%s' % sid)[0] hosts = sorted( list({ str(x.get('host')) for x in job.results if x.get('hosts') })) alertevent = { 'alert_name': job.label, 'time': fired.trigger_time, 'description': fired.savedsearch_name, 'severity': fired.severity, 'hosts': hosts, 'sid': sid, 'et': job.earliestTime, 'lt': job.latestTime } logger.debug(alertevent) except Exception, ex: logger.exception(ex) logger.warn('problem retreiving alertevent %s' % id) raise cherrypy.HTTPRedirect( self._redirect(host_app, app, 'alertevent_not_found', sid=sid), 303)
def index(self, app, **params): # request param cast/defaults offset = int(params.get('offset', 0)) count = int(params.get('count', 25)) alerts_app = getArgValue('eai:acl.app', params, app) alerts_user = urllib.unquote_plus( getArgValue('eai:acl.owner', params, '-')) # fired alerts search filters search_params = ['severity', 'search'] search_string = [] for key in search_params: value = params.get(key) if value and value != '*': if key == 'search': search_string.append('%s' % value) else: search_string.append('%s="%s"' % (key, urllib.unquote_plus(value))) # fired alerts query if not 'alerts_id' in params: fired_alerts = FiredAlert.all() else: fired_alerts = FiredAlert.get_alerts( urllib.unquote_plus(params.get('alerts_id'))) # augment query with search if len(search_string) > 0: fired_alerts = fired_alerts.search(' '.join(search_string)) # augment query with app or user filters fired_alerts = fired_alerts.filter_by_app(alerts_app).filter_by_user( alerts_user) fired_alerts._count_per_req = count if 'sort_by' in params or 'sort_dir' in params: fired_alerts = fired_alerts.order_by( params.get('sort_by', 'trigger_time'), sort_dir=params.get('sort_dir', 'desc')) # fired alert summary information fired_alert_summary = FiredAlertSummary.all().filter_by_app( alerts_app).filter_by_user(alerts_user) fired_alert_summary._count_per_req = count # apps listings apps = App.all().filter(is_disabled=False) # users listings users = User.all() max_users = 250 users._count_per_req = max_users users = users[:max_users] # paginator pager = paginator.Google(fired_alerts.get_total(), max_items_page=count, item_offset=offset) app_label = splunk.bundle.getConf('app', namespace=app)['ui'].get('label') # view variables template_args = dict(app=alerts_app, apps=apps, users=users, count=count, fired_alerts=fired_alerts, fired_alert_summary=fired_alert_summary, offset=offset, pager=pager, app_label=app_label) return self.render_template('alerts/index.html', template_args)