本文整理汇总了Python中splunk.entity.getEntities函数的典型用法代码示例。如果您正苦于以下问题:Python getEntities函数的具体用法?Python getEntities怎么用?Python getEntities使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了getEntities函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: getCapabilities4User
def getCapabilities4User(user=None, session_key=None):
"""
Get the capabilities for the given user.
"""
roles = []
capabilities = []
# Get user info
if user is not None:
logger.info('Retrieving role(s) for current user: %s' % (user))
userDict = entity.getEntities('authentication/users/%s' % (user), count=-1, sessionKey=session_key)
for stanza, settings in userDict.items():
if stanza == user:
for key, val in settings.items():
if key == 'roles':
logger.info('Successfully retrieved role(s) for user: %s' % (user))
roles = val
# Get capabilities
for role in roles:
logger.info('Retrieving capabilities for current user: %s' % (user))
roleDict = entity.getEntities('authorization/roles/%s' % (role), count=-1, sessionKey=session_key)
for stanza, settings in roleDict.items():
if stanza == role:
for key, val in settings.items():
if key == 'capabilities' or key =='imported_capabilities':
logger.info('Successfully retrieved %s for user: %s' % (key, user))
capabilities.extend(val)
return capabilities 示例2: get_firewall_credentials
def get_firewall_credentials(session_key):
"""Given a splunk session_key returns a clear text user name
and password from a splunk password container"""
try:
# Get all credentials
logger.debug("Getting firewall credentials from Splunk")
entities = entity.getEntities(['admin', 'passwords'],
namespace=APPNAME, owner='nobody',
sessionKey=session_key)
accounts = entity.getEntities(['admin', 'Splunk_TA_paloalto_account'],
namespace=APPNAME, owner='nobody',
sessionKey=session_key)
except Exception as e:
exit_with_error("Could not get %s credentials from splunk. \
Error: %s" % (APPNAME, str(e)))
# Check for username and passwords
for i, c in accounts.items():
if i.lower() == 'firewall' or i.lower() == 'panorama':
username = accounts[i]['username']
for i, c in entities.items():
if c['username'] == 'Firewall``splunk_cred_sep``1':
logger.debug('Match found for firewall credentials')
clear_password = json.loads(c['clear_password'])
password = clear_password['password']
if username and password:
logger.debug('Credentials have been found')
return username, password
else:
raise NoCredentialsFound("No credentials have been found")示例3: reloadConf
def reloadConf(self, procInputs=[], scriptInputs=[]):
for procInput in procInputs:
en.getEntities( procInput,
sessionKey = self.getSessionKey() )
#TODO: Handle restart of individual cripted
for scriptInput in scriptInputs:
en.getEntities( scriptInput,
sessionKey = self.getSessionKey() )示例4: search
def search(token, srch=None, sort='seed'):
if srch:
return entity.getEntities(ENTITY_PATH, namespace=APP_NAME,
owner='nobody', sessionKey=token,
sort_key=sort, search=srch)
else:
return entity.getEntities(ENTITY_PATH, namespace=APP_NAME,
owner='nobody', sessionKey=token,
sort_key=sort) 示例5: getParsedView
def getParsedView(self, namespace, refresh, rawxml, viewid, viewdigest):
with self.views_lock:
entry = self.digest_to_view_map.get(viewdigest)
if entry:
self.touchCacheEntry(viewdigest)
# Cache hit!
return entry
if len(rawxml) == 0:
# Only do a single viewstate GET for each batch of cache misses.
rawxml.update(en.getEntities(VIEW_ENTITY_CLASS,
namespace=namespace,
refresh=refresh,
count=-1))
parsed_view = None
try:
viewobj = rawxml.get(viewid)
if not viewobj:
# This view's digest appeared in an earlier GET, but it no
# longer exists now that we are trying to fetch its contents.
# It has probably been deleted or re-permissioned. Ignore it.
return None
native_view = viewconf.loads(viewobj.get('eai:data'), viewid, isStorm=splunk.util.normalizeBoolean(cherrypy.config.get('storm_enabled')))
parsed_view = self._generateViewRoster(viewid, native_view, viewobj.getFullPath())
with self.views_lock:
self.digest_to_view_map[viewdigest] = parsed_view
self.touchCacheEntry(viewdigest)
self.evictLeastRecentlyUsed()
logger.info('Populate cache for view "%s" (%s) with digest %s, making cache_size=%s' % (viewid, namespace, viewdigest, len(self.digest_to_view_map)))
except Exception, e:
logger.error('Error loading view "%s"' % viewid)
logger.exception(e)示例6: get_wildfire_apikey
def get_wildfire_apikey(session_key):
"""Given a splunk session_key returns a clear
text API Key from a splunk password container"""
try:
logger.debug("Getting wildfire apikey from Splunk")
entities = entity.getEntities(['admin', 'passwords'],
namespace=APPNAME, owner='nobody',
sessionKey=session_key)
except Exception as e:
entities = {}
exit_with_error("Could not get %s credentials from splunk."
"Error: %s" % (APPNAME, str(e)))
try:
clear_password = json.loads(entities['__REST_CREDENTIAL__#Splunk_TA_paloalto#configs/conf-splunk_ta_paloalto_settings:additional_parameters``splunk_cred_sep``1:']['clear_password'])
api_key = clear_password['wildfire_api_key']
logger.debug('WildFire API key exists')
return api_key
except KeyError:
logger.info(
"There are Palo Alto Networks WildFire malware events, "
"but no WildFire API Key found, please set the API key "
"in the Splunk_TA_paloalto Add-on Configuration dashboard.")
exit_with_error("No WildFire API key is set, "
"set apikey in Add-on configuration.",
log_error=False,
log_traceback=False)
except (ValueError, TypeError):
exit_with_error("Problem getting WildFire API Key from JSON returned by Splunk password API")示例7: get_data
def get_data(self, eai_path, root, msg=None, **kwargs):
entity_path = eai_path
if len(root) > 0:
entity_path = '/'.join([eai_path, root])
try:
entities = en.getEntities(entity_path, sessionKey=cherrypy.session['sessionKey'], **kwargs)
except splunk.RESTException, e:
if e.statusCode == 401:
err = _('Client is not authenticated.')
return (None, (err,400))
elif e.statusCode == 403:
err = _('You are not authorized to perform this action.')
return (None, (err,400))
else:
err = _('Unable to open the selected path. Path doesn\'t exist or access is denied.')
if not msg and len(root)>0:
# return error and the root nodes
logger.warn('%s %s' % (err, e.get_extended_message_text()))
return self.get_data(eai_path, '', msg=err, **kwargs)
else:
# if root node can't be accessed, just display the message
return (None, err)示例8: run
def run():
logger.debug("start running.")
config = get_config()
logger.debug("config = %s" % config)
try:
servers = en.getEntities(["admin","opcservers"], sessionKey=config["session_key"], hostPath=config["server_uri"])
logger.debug("servers = %s" % servers)
except Exception as ex:
logger.critical("%ss" % ex)
server = servers[config["server"]]
logger.debug("server = %s" % server)
opcserver = dict( dcomhost = server["dcomhost"], domain = server["domain"], user = server["user"], password = server["password"],
progid = server["progid"], clsid = server["clsid"])
measures = dict( items = config["measures"], duration = config["duration"],
polltime = config["polltime"], collector = config["collector"], writer = config["writer"], parameters = config.get("parameters", ""))
logger.debug("Measured server = %s." % opcserver)
logger.debug("Measuring the items = %s." % measures)
try:
msg = opc.runMeasure(opcserver, measures)
logger.debug("Measuring is done [%s]." % msg)
except Exception as ex:
logger.critical("Request error as ex = %s" % ex)示例9: getCredentials
def getCredentials(sessionKey):
myapp = 'tanium'
try:
# list all credentials
entities = entity.getEntities(['admin', 'passwords'], namespace=myapp,
owner='nobody', sessionKey=sessionKey)
except Exception, e:
raise Exception("Could not get %s credentials from splunk. Error: %s" % (myapp, str(e)))示例10: getExistingExtractions
def getExistingExtractions(self, constraint=None):
search = "type=inline"
if constraint != None:
search = "%s AND %s" % (search, constraint)
entities = en.getEntities('data/props/extractions', namespace=self._namespace, owner=self._owner,
search=search, count=-1, sessionKey=self._sessionKey)
return entities示例11: _config_dict
def _config_dict(session_key, attempt=0):
"""
:param session_key: A session key for calls to Splunk functions.
:param attempt: The number of the attempt to get the dictionary.
Defaults to 0.
:return: A dictionary containing Splunk config info.
"""
if attempt > 19 or not session_key:
return {}
try:
# list all credentials
password_entities = entity.getEntities(['admin', 'passwords'], namespace='code42',
owner='nobody', sessionKey=session_key)
config_console_entities = entity.getEntities(['code42', 'config', 'console'], namespace='code42',
owner='nobody', sessionKey=session_key)
config_script_entities = entity.getEntities(['code42', 'config', 'script'], namespace='code42',
owner='nobody', sessionKey=session_key)
except Exception as exception:
raise Exception("Could not get code42 credentials from splunk. Error: %s" % (str(exception)))
config = {}
try:
result = [item for _, item in password_entities.items() if 'username' in item and 'clear_password' in item][0]
config['username'] = result['username']
config['password'] = result['clear_password']
result = [item for _, item in config_console_entities.items() if 'hostname' in item and 'port' in item][0]
config['hostname'] = result['hostname']
config['port'] = result['port']
config['verify_ssl'] = result['verify_ssl'] == 'true'
config['collect_analytics'] = result['collect_analytics'] == 'true'
result = [item for _, item in config_script_entities.items() if 'devices' in item][0]
config['devices'] = result['devices']
except IndexError:
pass
keys = ['username', 'password', 'hostname', 'verify_ssl', 'port', 'devices']
all_in_config = all([(key in config) for key in keys])
if not all_in_config:
time.sleep(1)
return _config_dict(session_key, attempt + 1)
else:
return config示例12: _buildConfDict
def _buildConfDict(self):
"""Build configuration dictionary that we will use """
if self.splunkEmbedded and not STANDALONE:
self.logger.info('Retrieving eventgen configurations from /configs/eventgen')
self._confDict = entity.getEntities('configs/eventgen', count=-1, sessionKey=self.sessionKey)
else:
self.logger.info('Retrieving eventgen configurations with ConfigParser()')
# We assume we're in a bin directory and that there are default and local directories
conf = ConfigParser()
# Make case sensitive
conf.optionxform = str
currentdir = os.getcwd()
# If we're running standalone (and thusly using configParser)
# only pick up eventgen-standalone.conf.
conffiles = [ ]
if len(sys.argv) > 1:
if len(sys.argv[1]) > 0:
if os.path.exists(sys.argv[1]):
conffiles = [os.path.join(self.grandparentdir, 'default', 'eventgen.conf'),
sys.argv[1]]
if len(conffiles) == 0:
conffiles = [os.path.join(self.grandparentdir, 'default', 'eventgen.conf'),
os.path.join(self.grandparentdir, 'local', 'eventgen.conf')]
self.logger.debug('Reading configuration files for non-splunkembedded: %s' % conffiles)
conf.read(conffiles)
sections = conf.sections()
ret = { }
orig = { }
for section in sections:
ret[section] = dict(conf.items(section))
# For compatibility with Splunk's configs, need to add the app name to an eai:acl key
ret[section]['eai:acl'] = { 'app': self.grandparentdir.split(os.sep)[-1] }
# orig[section] = dict(conf.items(section))
# ret[section] = { }
# for item in orig[section]:
# results = re.match('(token\.\d+)\.(\w+)', item)
# if results != None:
# ret[section][item] = orig[section][item]
# else:
# if item.lower() in [x.lower() for x in self._validSettings]:
# newitem = self._validSettings[[x.lower() for x in self._validSettings].index(item.lower())]
# ret[section][newitem] = orig[section][item]
self._confDict = ret
# Have to look in the data structure before normalization between what Splunk returns
# versus what ConfigParser returns.
logobj = logging.getLogger('eventgen')
if self._confDict['global']['debug'].lower() == 'true' \
or self._confDict['global']['debug'].lower() == '1':
logobj.setLevel(logging.DEBUG)
if self._confDict['global']['verbose'].lower() == 'true' \
or self._confDict['global']['verbose'].lower() == '1':
logobj.setLevel(logging.DEBUGV)
self.logger.debug("ConfDict returned %s" % pprint.pformat(dict(self._confDict)))示例13: load_db
def load_db(config):
ents = en.getEntities(["admin","conf-inputs"], namespace="splunk-demo-opcda", owner="nobody", sessionKey=config["session_key"], hostPath=config["server_uri"])
# logger.debug("%s" % ents)
for dbn, dbv in [(n, v) for n, v in ents.items() if n.startswith("database://")]:
name = dbn.replace("database://", "")
logger.debug("name=%s" % name)
logger.debug("values=%s" % dbv)
jdbc.updateDatabase(name, dbv["dburl"], dbv["jdbcdriver"], dbv["user"], dbv["password"], dbv["parameters"])
示例14: execute
def execute():
import crawl_factory
results = []
try:
args = { 'add-all':'fail'} ## 'name':'file_crawler'}
keywords, options = splunk.Intersplunk.getKeywordsAndOptions()
args.update(options)
results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
results = [] # we don't care about incoming results
sessionKey = settings.get("sessionKey", None)
owner = settings.get("owner", None)
namespace = settings.get("namespace", None)
########TEST#####################
# sessionKey = splunk.auth.getSessionKey('admin', 'changeme')
########TEST####################
mgr = CrawlerManager(sessionKey, owner, namespace, args)
if len(keywords) == 0:
logger.warn("No crawl type specified. Defaulting to crawling 'files'.")
keywords = ["files"]
# name = args['name']
# add crawler for each keyword
for name in keywords:
crawler = crawl_factory.getCrawler(name, mgr, args)
if crawler == None:
splunk.Intersplunk.generateErrorResults("Unknown crawler '%s'. Legal values are: %s" % (name, crawl_factory.getCrawlerNames()))
return
mgr.addCrawler(crawler)
# do crawl
actions = mgr.execute()
monitors = en.getEntities('/data/inputs/monitor', sessionKey=sessionKey, owner=owner, namespace=namespace)
# convert actions to results -- just a dictionary of attributes
for action in actions:
result = action.getAttrs()
status = "not_added"
try:
if not action.valid(sessionKey, owner, namespace, monitors):
status = "added"
except:
status = "unknown"
result['status'] = status
results.append(result)
# outputresults
splunk.Intersplunk.outputResults(results)
except Exception, e:
import traceback
stack = traceback.format_exc()
splunk.Intersplunk.generateErrorResults(str(e))
logger.error(str(e) + ". Traceback: " + str(stack))示例15: get_firewall_apikey
def get_firewall_apikey(session_key):
"""Given a splunk session_key returns a clear text API Key from a splunk password container"""
try:
entities = entity.getEntities(['admin', 'passwords'], namespace=APPNAME, owner='nobody', sessionKey=session_key)
except Exception as e:
exit_with_error("Could not get %s credentials from splunk. Error: %s" % (APPNAME, str(e)))
for i, c in entities.items():
if c['username'] == 'firewall_api_key':
return c['clear_password']
raise NoCredentialsFound