diff --git a/deployment-apps/eventid/.DS_Store b/deployment-apps/eventid/.DS_Store new file mode 100644 index 00000000..0f328807 Binary files /dev/null and b/deployment-apps/eventid/.DS_Store differ diff --git a/deployment-apps/eventid/appserver/static/appIcon.png b/deployment-apps/eventid/appserver/static/appIcon.png new file mode 100644 index 00000000..5b9c7e92 Binary files /dev/null and b/deployment-apps/eventid/appserver/static/appIcon.png differ diff --git a/deployment-apps/eventid/appserver/static/appIcon_2x.png b/deployment-apps/eventid/appserver/static/appIcon_2x.png new file mode 100644 index 00000000..2fa23aa1 Binary files /dev/null and b/deployment-apps/eventid/appserver/static/appIcon_2x.png differ diff --git a/deployment-apps/eventid/appserver/static/application.css b/deployment-apps/eventid/appserver/static/application.css new file mode 100644 index 00000000..595a77da --- /dev/null +++ b/deployment-apps/eventid/appserver/static/application.css @@ -0,0 +1,553 @@ +body { + background-color: #cedec3; + font-size: 12px; + line-height: 130%; +} + +ul.accountBarItems { + font-size: 11px; +} + +br { + clear: both; +} + +.SplunkModule { + padding: 0px; +} + +.appHeaderWrapper { + background-color: #333333; + background-image: none; +} + +#appContent h1 { + font-size: 24px; + font-weight: normal; + letter-spacing: -1px; + line-height: 130%; + margin-bottom: 15px; + text-shadow: white 0px 1px 1px; +} + +.splButton-primary span, +.splButton-secondary span, +.splButton-tertiary span { + min-width: 110px; +} + +.resultsArea { + background-color: #EDEDE7; +} + +/** app tabs **/ +div.appTabsWrapperOuter { + background: #333 url(./images/bg_tabs.png) repeat-x 50% 100%; +} + +div.appTabsWrapper { + margin: 0px auto 0px; + width: 830px; + overflow: hidden; +} + +/* Target Firefox 2 and older [!] */ +div.appTabsWrapper ul#appTabs, x:-moz-any-link { + position: relative; + top: 1px; +} + +div.appTabsWrapper ul#appTabs, x:-moz-any-link, x:default { + position: relative; + top: 0px; +} + +div.appTabsWrapper ul#appTabs { + list-style-type: none; + margin: 15px 0px 0px; + overflow: hidden; + padding: 0px; + width: 100%; +} + +div.appTabsWrapper ul#appTabs li { + float: left; + list-style-type: none; + margin: 0px 5px 0px 0px; +} + +div.appTabsWrapper ul#appTabs li a { + background-color: #73A550; + -moz-border-radius-topleft: 5px; + -moz-border-radius-topright: 5px; + -webkit-border-top-left-radius: 5px; + -webkit-border-top-right-radius: 5px; + border-top-left-radius: 5px; + border-top-right-radius: 5px; + color: white; + display: block; + font-size: 14px; + padding: 8px 20px; + text-decoration: none; + -moz-text-shadow: #666 0px 1px 1px; + -webkit-text-shadow: #666 0px 1px 1px; + text-shadow: #666 0px 1px 1px; +} + +div.appTabsWrapper ul#appTabs li.current a { + background-color: #EDEDE7; + color: #333; + text-shadow: white 0px 1px 1px; + border: 1px solid white; + border-bottom: none; +} + +div.launcherContent { + margin: 15px auto; + width: 830px; +} + +div.launcherList { + float: left; + width: 549px; +} + +/** launcher links **/ +ul.launcherLinks { +/* -webkit-box-shadow: #DDD 0px 0px 5px; */ + border: 0px; + margin: 0px 0px 0px -25px; + list-style-type: none; + position: relative; +} + +ul.launcherLinks li { + /* background-color: white; */ + xxborder-bottom: 1px solid #edede7; + xxcolor: #666; + /* padding: 15px; */ + position: relative; + z-index: 200; + zoom: 1; + _line-height: 0px; + _font-size: 1%; +} + +ul.launcherLinks li .launcherApplistBackground { + cursor: pointer; +} + +li.launcherMsg { + background-color: white; + margin-left: 25px; +} + +ul.launcherLinks li.launcherMsg p { + padding: 0px; + _font-size: 12px; +} + +li.launcherMsg .launcherMsgUpdate { + background: transparent url(images/icon_update.png) 0px 0px no-repeat; + _background-image: url(images/icon_update_ie6.png); + padding-left: 20px; +} + +li.launcherMsg .launcherMsgSetup { + background: transparent url(images/icon_setup.png) 0px 0px no-repeat; + _background: transparent url(images/icon_setup_ie6.png) 0px 0px no-repeat; + padding-left: 20px; +} + +ul.launcherLinks li.first div.launcherApplistBackground { + -moz-border-radius-topleft: 5px; + -moz-border-radius-topright: 5px; + -webkit-border-top-left-radius: 5px; + -webkit-border-top-right-radius: 5px; + border-top-left-radius: 5px; + border-top-right-radius: 5px; +} + +ul.launcherLinks li.last div.launcherApplistBackground { + -moz-border-radius-bottomleft: 5px; + -moz-border-radius-bottomright: 5px; + -webkit-border-bottom-left-radius: 5px; + -webkit-border-bottom-right-radius: 5px; + border-bottom-left-radius: 5px; + border-bottom-right-radius: 5px; + border-bottom: none; +} + +ul.launcherLinks li:hover { + xxbackground: #fff url(images/bg_gradient_100.png) repeat-x; +} + +ul.launcherLinks li div { + background-repeat: no-repeat; + min-height: 50px; + xxpadding: 0px 0px 0px 46px; + xxmargin-left: -20px; +} + +.appicon { + width: 36px; + height: 36px; + padding: 5px; +} + +ul.launcherLinks li div.launcher-applist-wrapper, +ul.launcherLinks li div.launcherApplistBackground { + _font-size: 12px; + _line-height: 130%; +} + +ul.launcherLinks li.datainputs div.launcherApplistIcon { + background-image:url(images/icon_addData.png); + background-position: 10px 10px; +} + +ul.launcherLinks li.search div.launcherApplistIcon { + background-image:url(images/searchIcon.png); + background-position: 10px 10px; +} + + +ul.launcherLinks li a { + font-size: 16px; +} + +ul.launcherLinks li a:hover { + text-decoration: none; + _text-decoration: underline; +} + +ul.launcherLinks p { + color: #666; + line-height: 130%; + margin: 0px; + padding-top: 5px; +} + +/** launcher messages **/ +ul.launcherLinks li.launcherMsg { + border-bottom: 1px solid #EEE; + cursor: text; + padding: 5px 15px; + -webkit-border-top-left-radius: 5px; + -webkit-border-top-right-radius: 5px; + -moz-border-radius-topleft: 5px; + -moz-border-radius-topright: 5px; + border-top-left-radius: 5px; + border-top-right-radius: 5px; +} + +ul.launcherLinks li.launcherMsg a { + color: red; + display: inline-block; + text-decoration: underline; + font-size: 12px; + line-height: 130%; +} + +/** launcher app list **/ +ul.launcherLinks ul.launcherAppsList { + margin: 0px; + padding: 0px; + list-style: none; + z-index: 200; + position: relative; + *font-size: 1%; +} + +li.launcherShadow { + -webkit-box-shadow: #DDD 0px 0px 5px; + -moz-box-shadow: #DDD 0px 0px 5px; + box-shadow: #DDD 0px 0px 5px; + + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; + z-index: 2 !important; + position: absolute !important; + height: 356px; + width: 529px; + top: 0px; + left: 25px; +} + +/* Firefox 2 hacks for list border */ +li.launcherShadow, x:-moz-any-link { + top: -1px; + left: 24px; + border: 1px solid #CCC; +} + +/* Firefox 3+ hacks for list border */ +li.launcherShadow, x:-moz-any-link, x:default { + top: 0px; + left: 25px; + border: none; +} + +/* Firefox 3.0 - 3.5 hacks for list border */ +body.firefox3 li.launcherShadow { + top: -1px; + left: 24px; + border: 1px solid #CCC; +} + +/* IE 8 and below hacks for list border */ +li.launcherShadow { + border: 1px solid #CCC\9; + top: -1px\9; + left: 24px\9; +} + +/* IE 6 hack */ +#home li.launcherShadow { + _left: -1px; +} + +/** launcher reorder handle **/ +ul.launcherLinks li div.reorderHandle { + position: absolute; + display: block; + background-color: white; + background-image: url("images/icon_reorderHandler.png") !important; + _background-image: url("images/icon_reorderHandler_ie6.png") !important; + background-position: 8px 5px; + left: 0px; + top: 5px; + width: 20px; + height: 20px; + padding: 1px 0px 1px 5px; + -moz-border-radius-topleft: 5px; + -moz-border-radius-bottomleft: 5px; + -webkit-border-top-left-radius: 5px; + -webkit-border-bottom-left-radius: 5px; + border-top-left-radius: 5px; + border-bottom-left-radius: 5px; + min-height: 0px !important; +} + +/* Firefox 2 hacks for reorder handle borders */ +ul.launcherLinks li div.reorderHandle, x:-moz-any-link { + border: 1px solid #CCC; + border-right: none; + left: -1px; +} + +/* Firefox 3+ hacks for reorder handle border */ +ul.launcherLinks li div.reorderHandle, x:default { + border: none; + left: 0px; +} + +/* Firefox 3.0 - 3.5 hacks for reorder handle borders */ +body.firefox3 ul.launcherLinks li div.reorderHandle { + border: 1px solid #CCC; + border-right: none; + left: -1px; +} + +/* IE 8 and below hacks for reorder handle borders */ +ul.launcherLinks li div.reorderHandle { + border: 1px solid #CCC\9; + border-right: none\9; + left: -1px\9; +} + +ul.launcherLinks div.launcherApplistBackground { + margin-left: 25px; + background-color: white; + border-bottom: 1px solid #edede7; + zoom: 1; +} +ul.launcherLinks div.launcherApplistIcon { + padding: 10px; +} + +ul.launcherLinks div.launcherApplistDesc { + margin-left: 45px; + *font-size: 12px; +} + +ul.launcherLinks div.launcherApplistBackground:hover { + background: #fff url(images/bg_gradient_100.png) repeat-x bottom; +} +ul.launcherLinks .disabledApp div.launcherApplistBackground:hover { + background-image: none; +} +ul.launcherLinks li div.reorderHandle:hover { + cursor: move; + background-position: 8px -15px; +} + +/** enable/set up buttons **/ +ul.launcherLinks .setupApp button { + background-color: #BBB; + border: 1px solid #999; +} + +ul.launcherLinks .setupApp button:hover { + border-color: #666; +} + +ul.launcherLinks li.disabledApp button, +ul.launcherLinks li.setupApp button { + position: absolute; + top: 5px; + right: 7px; + height: 23px; + line-height: 20px; + background-position: left -5px; + padding: 0px 10px; +} + +ul.launcherLinks li.disabledApp button span, +ul.launcherLinks li.setupApp button span { + min-width: 0; + line-height: 100%; +} + +ul.launcherLinks li.disabledApp:hover { + background-image: none; +} + +ul.launcherLinks li.disabledApp button:hover { + border-color: #000; +} + +ul.launcherLinks .disabledApp, +ul.launcherLinks .disabledApp a { + cursor: text; +} +ul.launcherLinks .disabledApp .launcher-applist-wrapper { + opacity: 0.6; +} + +ul.launcherLinks .disabledApp p { + color: #333; +} + +/** launchersidebar **/ +div.launchersidebar { + float: left; + margin-left: 30px; + width: 250px; + border: none; +} + +div.section { + -moz-border-radius: 5px; + -webkit-border-radius: 5px; + border-radius: 5px; + -moz-box-shadow: 0 0 5px #DDD; + -webkit-box-shadow: #DDD 0 0 5px; + -moz-box-shadow: #DDD 0 0 5px; + -webkit-box-shadow: #DDD 0 0 5px; + box-shadow: #DDD 0 0 5px; + background: none repeat scroll 0 0 #E5F2F5; + margin-bottom: 10px; + padding: 15px; + border: 1px solid #CCC; +} + +h2, +div.launchersidebar h2 { + color: #333; + font-size: 16px; + font-weight: normal; + margin: 0px; + padding: 0px; + padding-bottom: 10px; + text-shadow: 0 1px 1px white; +} + +div.launchersidebar ul { + margin: 0px 5px; + list-style: none; +} + +div.launchersidebar ul li { + padding: 5px 0px; +} + +/** spotlight section **/ +div.launchersidebar div.spotlight { + background-color: #666; + -moz-box-shadow: 0 0 5px #555 inset; + -webkit-box-shadow: 0 0 5px #555 inset; + box-shadow: 0 0 5px #555 inset; + border: 1px solid #555; +} + +div.launchersidebar div.spotlight h2 { + color: white; + text-shadow: 0px 1px 1px #333; +} + +div.launchersidebar div.spotlight button.splButton-primary { + margin: 5px; + background-color: #77AA44; +} + +div.launchersidebar div.spotlight button.splButton-primary:hover { + background-color: #693; +} + + +/* IE 6 doesn't recognize min_width */ +div.launchersidebar div.spotlight button span { + _width: 110px; +} + +/** icons for launchersidebar links **/ +.apps { + background: url("images/icon_apps.png") no-repeat; + padding-left: 20px; +} + +.tutorial { + background: url("images/icon_tutorial.png") no-repeat; + padding-left: 20px; +} + +.whatsNew { + background: url("images/icon_mail.png") no-repeat; + padding-left: 20px; +} + +.splunkDoc { + background: url("images/icon_file.png") no-repeat; + padding-left: 20px; +} + +.searches { + background: url("images/icon_document.png") no-repeat; + padding-left: 20px; +} + +.more { + background: url("images/icon_circle_add.png") no-repeat; + padding-left: 20px; +} + +.answers { + background: url("images/icon_ask.png") no-repeat; + padding-left: 20px; +} + +/** footer **/ +div.divider { + margin-top: 20px; + width: 100%; + border-bottom: 1px solid #DDD; +} + +div.launcherFooter { + padding-top: 10px; + border-top: 1px solid #FFF; + color: #666; + text-shadow: 0px 1px 1px white; +} diff --git a/deployment-apps/eventid/appserver/static/dashboard.css b/deployment-apps/eventid/appserver/static/dashboard.css new file mode 100644 index 00000000..299cace5 --- /dev/null +++ b/deployment-apps/eventid/appserver/static/dashboard.css @@ -0,0 +1,78 @@ + +/* Set background */ +.main-section-body { + background-color:#cedec3; + background-image:-webkit-gradient(linear, 0 0, 0 100%, from(#e2e9eb), color-stop(400px, #cedec3), to(#cedec3)); + background-image:-webkit-linear-gradient(#e2e9eb, #cedec3 400px, #cedec3); + background-image:-moz-linear-gradient(top, #e2e9eb, #cedec3 400px, #cedec3); + background-image:-o-linear-gradient(#e2e9eb, #cedec3 400px, #cedec3); + background-image:linear-gradient(#e2e9eb, #cedec3 400px, #cedec3); + filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe2e9eb', endColorstr='#ffcedec3', GradientType=0); +} + +/* Make the forms look like they are in a panel */ +/*.fieldset { + border-radius: 4px; + border: 1px solid #cccccc; + background: white; + margin: 0 0px 10px 0; + box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08); + position: relative; + padding: 12px 15px 0px 15px; +} + +.fieldset .hide-label { +} +*/ + +/* Shrink the form text inputs */ +/* Removed because Splunk 6.1 spaces the fields differently */ +/*input, textarea, .uneditable-input { + width: 120px; +}*/ + +/* Make the Search button on each dashboard blue instead of green */ + +.btn-primary { + background-color: #5c9732; + background-image: -moz-linear-gradient(top, #0087df, #004f82); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#0087df), to(#004f82)); + background-image: -webkit-linear-gradient(top, #0087df, #004f82); + background-image: -o-linear-gradient(top, #0087df, #004f82); + background-image: linear-gradient(to bottom, #0087df, #004f82); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0087df', endColorstr='#ff004f82', GradientType=0); + background-color: #0087df; + border: 1px solid #143ab1; + border-bottom-color: #0048c9; + border-top-color: #004f82; + color: #ffffff; + text-shadow: 0 -1px 0 rgba(51, 51, 51, 0.7); + -webkit-box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08); + -moz-box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08); + box-shadow: 0px 1px 1px rgba(0, 0, 0, 0.08); +} + +.btn-primary:hover { + background-color: #7db44d; + background-image: -moz-linear-gradient(top, #6ac1fa, #007fd1); + background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#6ac1fa), to(#007fd1)); + background-image: -webkit-linear-gradient(top, #6ac1fa, #007fd1); + background-image: -o-linear-gradient(top, #6ac1fa, #007fd1); + background-image: linear-gradient(to bottom, #6ac1fa, #007fd1); + background-repeat: repeat-x; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff6ac1fa', endColorstr='#ff007fd1', GradientType=0); + background-color: #389ddf; + border-color: #0c89db; + border-bottom-color: #006eb4; + border-top-color: #3f99d3; + background-position: 0 0; +} + +.btn-primary:active, .btn-primary.active { + background-color: #016baf 9; +} +.btn-primary:hover, .btn-primary:focus, .btn-primary:active, .btn-primary.active, .btn-primary.disabled, .btn-primary[disabled] { + color: #ffffff; + background-color: #016baf; +} diff --git a/deployment-apps/eventid/appserver/static/dashboard.js b/deployment-apps/eventid/appserver/static/dashboard.js new file mode 100644 index 00000000..2d47c545 --- /dev/null +++ b/deployment-apps/eventid/appserver/static/dashboard.js @@ -0,0 +1,1128 @@ +//we listen to the jobResurrected event (triggered in Splunk.Search.resurrect()) +//and because it passes the containing group title of the module resurrecting the job, +//we are able to map the job.getCreateTime() values into 'last refreshed:' header for each panel. + +Splunk.DashboardManager = $.klass({ + dateDict : {}, + NOW_REFRESHED_TIME : _("real-time"), + TODAY_REFRESHED_TIME : _("today at %(timeText)s."), + GENERIC_REFRESHED_TIME : _("%(dateText)s ago"), + FULL_REFRESHED_TIME : _("refreshed: %(dateText)s"), + DISPLAY_REFLOW_EVENT: 'Splunk.Events.REDRAW', + PANEL_DROP_EVENT: 'Splunk.Events.PANEL_DROP', + windowWidth: $(window).width(), +// windowHeight: $(window).height(), + + initialize: function() { + // handlers to keep the last refreshed headers updated. + $(document).bind('jobResurrected', this.onJobExists.bind(this)); + $(document).bind('jobDispatched', this.onJobExists.bind(this)); + $(document).bind('jobProgress', this.onJobProgress.bind(this)); + + var that = this; + + // setup the headers to auto-truncate long titles + this.titleHeaders = $('.layoutCell .splHeader h2'); + this.handlePanelResize(); + + var timeoutID = null; + + $(window).bind('resize', function() { + if ( $(window).width() != that.windowWidth /*|| $(window).height() != that.windowHeight*/ ) { + that.windowWidth = $(window).width(); +// that.windowHeight = $(window).height(); + + if ( timeoutID ) + window.clearTimeout(that.timeoutID); + + timeoutID = window.setTimeout(function(){ + $(window).trigger("real_resize"); + }, 100); + } + }); + + $(window).bind('real_resize', this.handlePanelResize.bind(this)); +// $(document).bind('Splunk.Events.REDRAW', this.handlePanelResize.bind(this)); + $(document).bind('allModulesLoaded', this.handlePanelResize.bind(this)); + $(document).bind('jobDone', function(){ + if(!this.editMode) { + setTimeout(this.equalizeHeights, 500); + } + }.bind(this)); + + // custom event fired by chart modules when they are resized manually by the user + $(document).bind('ChartManualResize', this.handlePanelResize.bind(this)); + + $(document).bind('RefreshPage', this.softRefresh.bind(this)); +// $(window).bind('resize', function(){DebugUtils.trace("window.resize invoked")}); +// $(window).bind('real_resize', function(){DebugUtils.trace("window.real_resize invoked")}); +// $(document).bind('Splunk.Events.REDRAW', function(){DebugUtils.trace("Splunk.Events.REDRAW invoked")}); +// $(document).bind('allModulesLoaded', function(){DebugUtils.trace("allModulesLoaded invoked")}); +// $(document).bind('jobDone', function(){DebugUtils.trace("jobDone invoked")}); +// $(document).bind('ChartManualResize', function(){DebugUtils.trace("ChartManualResize invoked")}); + + + $(document).bind('PrintStart', this.insertPageBreakers.bind(this)); + $(document).bind('PrintEnd', this.removePageBreakers.bind(this)); + + this.searchIdToGroupNames = {}; + this.panelRowsSelector = 'div.layoutRow[class*="panel_row"]'; +// this.panelRowsSelector = 'div.layoutRow[class="panel_row*"]'; + this.$panelRows = $(this.panelRowsSelector); + + this.$isAwesomeBrowser = ! ($.browser.msie && $.browser.version < 9); + + // DebugUtils.trace( this.panelRowsSelector); + + //do equal heights + this.equalizeHeights(); + + var dragAndDropEnabled = false; + if ( Splunk.ViewConfig && ! ($.browser.msie && $.browser.version == 6) && 0 == $(".FlashWrapperContainer").length ) { + dragAndDropEnabled = (Splunk.ViewConfig.view.nativeObjectMode == "SimpleDashboard") && Splunk.ViewConfig.view.canWrite && ! Splunk.ViewConfig.view.hasRowGrouping; + } + + this.editMode = false; + $(document).bind('Splunk.Module.DashboardTitleBar.editMode', function(event, enabled){ + var $paneledit = $('.paneledit'); + + if (enabled) { + $paneledit.show(); + if(dragAndDropEnabled) { + that.dragAndDropControllerInit(); + that.editMode = true; + } + } else { + $paneledit.hide(); + if(dragAndDropEnabled) { + that.dragAndDropControllerDestroy(); + that.editMode = false; + } + } + }.bind(this)); + + that.panelEditInit(); + + //setup panel editor and focus model + this.messenger = Splunk.Messenger.System.getInstance(); + }, + + /** + * Reloads the existing page preserving old search jobs if they are present via the + * fragment identifier. + * + * @param {String} excludeGimpId (Optional) An optional gimpId to exclude form the soft-refresh (forces job refresh) + */ + softRefresh: function(excludeGimpId) { + var frag = {}; //Splunk.util.queryStringToProp(Splunk.util.getHash()); + var gimps = $('.Gimp'); + for (var i = 0; i < gimps.length; i++) { + var gimpId = gimps[i].id; + if (gimpId==excludeGimpId) { + continue; + } + var gimpModule = Splunk.Globals['ModuleLoader'].getModuleInstanceById(gimpId); + var search = gimpModule.getContext().get("search"); + + if (!search || !search.job) continue; + + var sid = search.job.getSearchId(); + + if (!sid) continue; + + var meta = gimpModule.container.closest('.dashboardCell').find('.paneledit').attr("data-sequence"); + frag['panel_' + meta + ".sid"] = sid; + search.job.setAsAutoCancellable(false); + } + + frag['edit'] = 1; + window.location.hash = Splunk.util.propToQueryString(frag); + window.location.reload(); + }, + + // iterate on all the panels besides the one clicked on, and remove the menu. + // since this is a draggable object, the events are not propagating to the top and document.click is never triggered. + // we could manually trigger a dummy event, or a doc.click event, besides IE is garbage and it is throwing a weird error when we do so. + menusGC: function(orig){ + var that = this; + $('.paneledit').each(function(){ + if (this != orig){ + that.hideMenu(this.actionsMenu); + } + }); + }, + + hideMenu: function(menu){ + if (menu) { + menu.getMenu().remove(); + menu = null; + } + }, + + panelEditInit: function() { + var that = this; + + $('.paneledit').click(function(event) { + + that.menusGC(this); + + // since events are not being propagated, we have to manually hide our menu item if it is in a visible mode. + if (this.actionsMenu && this.actionsMenu.getMenu().is(':visible')) { + that.hideMenu(this.actionsMenu); + event.stopImmediatePropagation(); + return false; + } + + // remove the previous menu, since our id could have been changed. + that.hideMenu(this.actionsMenu); + + var meta = $(this);//.parent(); + + var sequence = meta.attr('data-sequence'); + var intersectX = meta.attr('data-intersect-x'); + var intersectY = meta.attr('data-intersect-y'); + var dashboardId = meta.attr('data-dashboard-id'); + var app = meta.attr('data-app'); + var panelType = meta.attr('data-paneltype'); + var id = $($('.Gimp')[sequence]).attr('id'); + + var gimpModule = Splunk.Globals['ModuleLoader'].getModuleInstanceById(id); + //shallow object of k/v pairs adapted for panel editor + var panelSettings = gimpModule.getPanelSettings(panelType, 'options.'); + + + panelSettings.id = dashboardId; + panelSettings.panelType = panelType; + panelSettings.enable_fragment_id = 0; + panelSettings.enable_controls = 1; + + + + //search meta data + var context = null, search = null, job = null; + context = gimpModule.getContext(); + if (context) search = context.get('search'); + if (search) job = search.job; + + if (!job || job.areResultsTransformed()) + panelSettings.is_transforming = true; + else + panelSettings.is_transforming = false; + + //set the href to the panel editor + var editVisualizationHref = Splunk.util.make_url('paneleditor', app, 'edit', intersectX, intersectY)+ '?' + Splunk.util.propToQueryString(panelSettings); + + + + var menuDict = [ + { + label: _("Edit search"), + uri: Splunk.util.make_url('paneleditor', app, 'searchedit', intersectX, intersectY) + '?id=' + encodeURIComponent(dashboardId), + callback: function(event) { + $(document).trigger('SessionTimeout.Jobber'); + that.showExpose(id); + var options = { + onBeforeDestroy: function() { + //restart the jobber + $(document).trigger('SessionStart.Jobber'); + $(".dashboardCellEditable").removeClass("dashboardCellActive"); + that.hideExpose(); + }, + onFrameLoad: function(popup, iframe) { + $(document).bind('panelsave', function() { + popup.destroyPopup(); + that.softRefresh(id); + }); + }, + isModal: false, + pclass: 'panelEditorPopup' + }; + Splunk.Popup.IFramer(event.target.href, _("Edit search"), options); + return false; + } + }, + { + label: _("Edit visualization"), + uri: editVisualizationHref, + callback: function(event) { + $(document).trigger('SessionTimeout.Jobber'); + //panel meta found on + //gimp module lookup + var id = $($('.Gimp')[sequence]).attr('id'); + that.showExpose(id); + var options = { + onBeforeDestroy: function() { + //restart the jobber + $(document).trigger('SessionStart.Jobber'); + $(".dashboardCellEditable").removeClass("dashboardCellActive"); + that.hideExpose(); + }, + onFrameLoad: function(popup, iframe) { + $(document).bind('panelsave', function() { + popup.destroyPopup(); + that.softRefresh(id); + }); + }, + isModal: false, + pclass: 'panelEditorPopup' + }; + Splunk.Popup.IFramer(event.target.href, _("Edit visualization"), options); + return false; + } + }, + { + label: _("Delete"), + uri: '', + callback: function(event) { + that.showExpose(id); + setTimeout(function(){ + var deletePanel = confirm(_('Are you sure you would like to delete this panel?')); + that.hideExpose(); + if (deletePanel) { + var url = Splunk.util.make_url('paneleditor', app, 'delete', intersectX, intersectY)+ '?' + Splunk.util.propToQueryString({id: dashboardId}); + $.ajax({ + url: url, + type: 'POST', + timeout: 10000, + complete: function(jqXHR, textStatus) { + if (jqXHR.status==204) { + //delete node beacuse we are going to reset sequence + meta.closest('.layoutCell').remove(); + that.resetSequence(); + that.softRefresh(id); + } else { + alert(_('Sorry, the specified panel could not be deleted.')); + } + } + }); + } + }, 600); + return false; + } + } + ]; + this.actionsMenu = new Splunk.MenuBuilder({ + menuDict: menuDict, + activator: (that.$isAwesomeBrowser ? meta : meta.parent()), + menuClasses: 'splMenu-primary' + }); + this.actionsMenu.showMenu(); + return false; + }); + }, + + panelRowsAddOverlayLayers: function(doBind) { + + var that = this; + that.isDNDEditMode = doBind; + + if(doBind) { + $(window).unbind("real_resize", doAddOverlays); + $(window).bind("real_resize", doAddOverlays); + doAddOverlays(); + } + + + function doAddOverlays(e) { + + if ( ! that.isDNDEditMode ) { + return ; + } + + var start = DebugUtils.getCurrfentTime(); + + var mySelection = $(that.panelRowsSelector); + mySelection.find(".vmPanelDropPlaceholderOverlay").remove(); + + // reset z-index since IE is dumb. + if ( ! that.$isAwesomeBrowser ) { + mySelection.children().css({"z-index": "1"}); + } + + mySelection.find(".layoutCellInner").each(function(){ + var overlayNode = $(document.createElement("div")).addClass("layoutCellInner vmPanelDropPlaceholderOverlay"); + $(this).after(overlayNode); + var ieThingy = 25; + + var height = ($(this).parent().height()); + if( ! that.$isAwesomeBrowser ) + height -= ieThingy; + + height += "px"; + + var top = that.$isAwesomeBrowser ? "0" : ieThingy+"px"; + bindAttributes(overlayNode, ($(this).parent().width() - 15) + "px", height, top); + + + if ( ! that.$isAwesomeBrowser ) { + overlayNode = $(document.createElement("div")).addClass("layoutCellInner vmPanelDropPlaceholderOverlay"); + $(this).after(overlayNode); + bindAttributes(overlayNode, ($(this).parent().width() - 100) + "px", ieThingy + "px", 0); + } + }); + + + function bindAttributes(element, width, height, top) { + element.css({ + 'width': width, + 'height': height, + 'z-index': 2, +// 'background-color': 'red', + 'top': top + }).bind({ + mouseover: function(){ + var selection = $(this).parent().children().first(); + selection.find(".dashboardContent, .splHeader").css("opacity", "0.6"); + }, + mouseout: function(){ + that.dragAndDropMouseOut($(this).parent().children().first()); + } + }); + } + + DebugUtils.trace( "doAddOverlays", start) ; + + } + + }, + + dragAndDropMouseOut: function (selection) { + if (selection) { + selection.find(".dashboardContent, .splHeader").css("opacity", "1.0"); + } + else { + this.dragAndDropMouseOut($(this.panelRowsSelector).find('.layoutCellInner')); + } + }, + + dragAndDropControllerInit: function() { + + var that = this; + + var maxHeight = 250; + var newRowHeight = 20; + + var sortableParameters = { + connectWith: that.panelRowsSelector, + placeholder: 'vmPanelDropPlaceholder', + opacity: 0.7, + tolerance: 'pointer', + cursor: 'move', + delay: 100, + cursorAt: { top: (maxHeight / 2) }, + handle: '.vmPanelDropPlaceholderOverlay' + }; + + //help IE get out of class early + if(! this.$isAwesomeBrowser){ + sortableParameters.helper = function(){ + return $('
'); + }; + sortableParameters.opacity = 1; + } + + $('.splLastRefreshed').hide(); + + $(that.panelRowsSelector).fadeOut('fast', function(){$(this).fadeIn('fast');}); + + + // FIXME hide the "move panels" button + // this should be removed from the template once the feature is stable + $(".editmode > .splButton-tertiary.move").hide(); + + + _removeEmptyRows(); + + // set max height + var selector = $(that.panelRowsSelector); + + selector.find(".layoutCell").css({"max-height": (maxHeight + "px")/*, "overflow": "hidden"*/}); + selector.find(".layoutCellInner").css({"min-height": "0", "max-height": ((maxHeight - 10) + "px"), "overflow": "hidden"}); + selector.find(".dashboardContent").css({"max-height": ((maxHeight - 60) + "px"), "overflow": "hidden"}); + + that.panelRowsAddOverlayLayers(true); + + _generateEmptyRows(false); + + that.changeChartFlow(); + + /** END COMMANDS - METHODS START HERE */ + + + function _bindEvents() { + + var myRowSelection = $(that.panelRowsSelector); + + myRowSelection.unbind('sortstart'); + myRowSelection.unbind('sortactivate'); + myRowSelection.unbind('sortover'); + myRowSelection.unbind('sortstop'); + + myRowSelection.bind( "sortstart", _sortableStart ); + myRowSelection.bind( "sortactivate", _sortableActivate ); + myRowSelection.bind( "sortover", _sortableOver ); + myRowSelection.bind( "sortstop", _sortableStop ); + } + + + function _sortableStart(event, ui) { + $('.vmPanelDropPlaceholder').css("height", Math.floor( $(ui.item).height() - 15) + 'px' ); //TODO: this seems hacky + $('.vmPanelDropPlaceholder').css("width", Math.floor($(ui.item).width() - 25) + 'px'); + } + + function _sortableActivate(event, ui) { +// var start = DebugUtils.getCurrfentTime(); + + if( ! (this === ui.item.parent()[0]) ) { + if ( $(this).children().length > 2 ) { // disable rows that has 3 panels - this is a UI constrain + $(this).sortable("disable"); + _sortableRefresh(); + } + } + else if ( $(this).children().length == 2 ) { // for a single panel row - disable the insertion points above and below + $(this).next().sortable("disable");//.css("background-color", "red"); + $(this).prev().sortable("disable");//.css("background-color", "green"); + _sortableRefresh(); + } + +// DebugUtils.trace( "_sortableActivate", start) ; + + } + /** + * handle sortable over target + */ + function _sortableOver(event, ui) { + // var start = DebugUtils.getCurrfentTime(); + + that.equalizeWidths(event, ui); + + var numItems = $(this).children().length; + if ( $(ui.sender).context === $(this).context ) + numItems--; + + var width = Math.floor(96 / numItems) + "%"; + $('.vmPanelDropPlaceholder').css("width",width); + + // attempt to set width of helper to width of placeholder + //$(ui.helper).width($(ui.placeholder).width()); + +// var height = Math.max($(this).height(), $(ui.item).height()) + "px"; +// // DebugUtils.trace( "_sortableOver", start) ; + } + + function _sortableStop(event, ui) { + var start = DebugUtils.getCurrfentTime(); + + // on some rare cases you can drop the panel top a position where the mouse is not over it. + // for these cases we would like to apply the mouseout styling ann all panels, just to play safe. + that.dragAndDropMouseOut(); + + + // hide any visible menus + that.menusGC(); + + DebugUtils.trace("_sortableStop invoked") ; + + $(that.panelRowsSelector).sortable('destroy'); + + _removeEmptyRows(); + + that.equalizeWidths(event, ui, true); + + // save the state to the system + _save(); + + that.changeChartFlow(); + + $(".vmPanelDropPlaceholderOverlay", $(that.panelRowsSelector)).remove(); + + _generateEmptyRows(true); + + that.panelRowsAddOverlayLayers(true); + + // fire off the panel drop event, passing the dropped element as extra data + $(document).trigger(that.PANEL_DROP_EVENT, {droppedElement: ui.item[0]}); + + DebugUtils.trace( "_sortableStop end", start) ; + } + + + function _sortableInit( setParams ) { + var start = DebugUtils.getCurrfentTime(); + var sortable; + + if (setParams ) + sortable = $(that.panelRowsSelector).sortable(sortableParameters); + else + sortable = $(that.panelRowsSelector).sortable(); + + + sortable.disableSelection(); + + _bindEvents(); + + DebugUtils.trace( "_sortableInit ("+(setParams)+") ", start) ; + return sortable; + } + + function _sortableRefresh(setParams) { + var start = DebugUtils.getCurrfentTime(); + var sortable = _sortableInit(setParams).sortable("refresh"); + DebugUtils.trace( "_sortableRefresh", start) ; + return sortable; + } + + + function _generateEmptyRows(doRefresh) { + + var counter = 1; + $(that.panelRowsSelector).each(function(){ + _addEmptyRow($(this), "before"); + }); + _addEmptyRow($(that.panelRowsSelector).last(), "after", 100); + + // XXX not sure what is causing this, but sometimes new rows are getting a 0 opacity. + // This ugly woraround takes care of that. + $(".layoutRow").fadeTo(0, 1); + + doRefresh ? _sortableRefresh(true) : _sortableInit(true); + + + function _addEmptyRow(element, where, rowHeight) { + var start = DebugUtils.getCurrfentTime(); + + rowHeight = rowHeight ? rowHeight : newRowHeight; + var newElement = $(document.createElement("div")).addClass("layoutRow equalHeightRow splClearfix panel_row1_col").css("min-height", rowHeight + "px"); + ( where == "after" ) ? element.after(newElement) : element.before(newElement); + + DebugUtils.trace( "_addEmptyRow", start) ; + } + } + + + function _removeEmptyRows() { + var start = DebugUtils.getCurrfentTime(); + + $(that.panelRowsSelector).each(function(){ + if ( $(this).children().length == 0 ) + $(this).remove(); + }); + +// $(".vmPanelDropPlaceholderOverlay", $(that.panelRowsSelector)).css("opacity", "0.2").css("background-color", "white"); +// $(".layoutCellInner", $(that.panelRowsSelector)).parent().children().first().css("box-shadow", "0 0 5px #CCCCCC"); + + DebugUtils.trace( "_removeEmptyRows", start) ; + } + + + + + function _save() { +// var start = DebugUtils.getCurrfentTime(); + $.post(Splunk.util.make_url(['viewmaster', Splunk.util.getCurrentApp(), Splunk.ViewConfig.view.id].join('/')), { + 'action': 'edit', + 'view_json': JSON.stringify(_toJSON()) + }, + _onSaveCallback, 'json'); + +// DebugUtils.trace( "_save", start) + function _toJSON() { + var output = {}; + output['new_panel_sequence'] = []; + + $(that.panelRowsSelector).each(function() { + var rowSet = []; + $('.paneledit', this).each(function() { + var s = parseInt($(this).attr('data-sequence'), 10); + if (!isNaN(s)) + rowSet.push(s); + }); + output['new_panel_sequence'].push(rowSet); + }); + return output; + } + + function _onSaveCallback(jsonObject){ + if (jsonObject.success) { + // reset the current indexing to future actions + that.resetSequence(); + } + else { + for (var i=0,L=jsonObject.messages.length; iThis dashboard is empty. Edit the dashboard to add a panel.
')).bind('click', function() { + Splunk.Globals.Viewmaster.openDashEditForm(Splunk.util.getCurrentView()); + return false; + }).appendTo($('.layoutRow.firstRow')); + } + }, + /** + * This method equalizes heights of dashboard cells within the same panel + */ + equalizeHeights: function() { + var start = DebugUtils.getCurrfentTime(); + $(".equalHeightRow").each(function(){ + $(this).find('.layoutCellInner').css({'min-height': 0}); + if ($.browser.msie && $.browser.version == 6.0) { + $(this).children().css({'height': 0}); + } + var max = 0; + $(this).find('.layoutCellInner').each(function(i){ + if ($(this).height() > max) { max = $(this).height(); } + }); + if ($.browser.msie && $.browser.version == 6.0) { $(this).find('.layoutCellInner').css({'height': max}); } + $(this).find('.layoutCellInner').css({'min-height': max}); + }); + DebugUtils.trace( "equalizeHeights", start) ; + }, + + /** + * This method traverses the dashboard rows from top to bottom, whenever it finds one that will have a page break + * in the middle of it, inserts a page-breaking element above it + */ + insertPageBreakers: function() { + // IE9 and IE10 can handle page breaking purely in CSS + if($.browser.msie && parseFloat($.browser.version) >= 9) { + return; + } + var $row, rowHeight, + currentHeight = 0, + $pageBreaker = $(''), + pageBreakHeight = ($.browser.msie) ? 800 : 900; // pixel height to use when breaking up the page + + $('.equalHeightRow').each(function(i, row) { + $row = $(row); + // caclulate the row height, force to zero for empty elements, since some browsers will report a non-zero height + rowHeight = ($row.is(':empty')) ? 0 : $row.outerHeight(true); // true means include margin + if(i != 0 && rowHeight > 0 && currentHeight + rowHeight >= pageBreakHeight) { + // this element needs a page break before it + $pageBreaker.clone().insertBefore($row); + currentHeight = rowHeight; + } + else { + currentHeight += rowHeight; + } + }); + }, + + removePageBreakers: function() { + if($.browser.msie && parseFloat($.browser.version) >= 9) { + return; + } + $('.page-breaker').remove(); + } + +}); + +var DebugUtils = { + + traceEnabled: false, + + getCurrfentTime: function() { + if(this.traceEnabled) + return (new Date()).getTime(); + }, + trace: function(arg, start) { + if( this.traceEnabled && window.console) { + var now = this.getCurrfentTime(); + arg = this._addSpaces(arg, 30); + if (start) + arg += ["\t", (now - start)].join(''); + console.log([now, "\t", arg].join('')); + } + }, + _addSpaces: function(str, len) { + var newStr = str; + while(newStr.length < len) + newStr += " "; + + return newStr; + } +}; + + + + + diff --git a/deployment-apps/eventid/appserver/static/default.css b/deployment-apps/eventid/appserver/static/default.css new file mode 100644 index 00000000..37a0cd51 --- /dev/null +++ b/deployment-apps/eventid/appserver/static/default.css @@ -0,0 +1,2152 @@ +/* + * Glorious Splunk Skin + * + */ + + + + +/* Basic Typography +---------------------------------*/ +body, td { + font-family:Arial,Helvetica,sans-serif; + font-size:11px; + color: #333; +} + +input, textarea, select, optgroup { + font-family:Arial,Helvetica,sans-serif; + font-size:12px; + color: #111; +} + +h1 { + font-size: 18px; + font-weight: normal; + color:#73A550; +} +h2 { + font-size: 12px; + font-weight:bold; + color: #333; +} +h3 { + font-size: 12px; + font-weight: bold; + color: #333; +} +h4 { + font-size: 11px; + font-weight: bold; + color: #333; +} + +/* font styles */ +.splFont-mono, .SearchBar label { + font-family: Consolas,Monaco,Courier New,monospace; +} + +.SearchBar textarea, .SearchBar label { + font-size: 12px; + -moz-box-shadow: none; + -webkit-box-shadow: none; + box-shadow: none; +} +.SearchBar textarea:focus { + outline: 0; +} + +/* link colors +---------------------------------*/ +a { + color: #1a7996; +} +a.disabled { + color:#999; +} + +/* panel-specific font colors +---------------------------------*/ +.appHeaderWrapper { + color: #666; +} +.appHeaderWrapper a { + color: #CCC; +} + +.appHeaderWrapper a.help { + background: url(../../../img/skins/default/icon-help-12.png) no-repeat left center; + _background: url(../../../img/skins/default/icon-help-12-black-ie6.png) no-repeat left center; /* for ie 6 */ + display: block; + padding-left: 16px; + float: left; +} + + +/* Application Header +_________________________________*/ +/* app header wrapper */ +/* - this can be used to set a background for the entire header area. */ +.appHeaderWrapper { + background: #000 url(/static/img/skins/default/bg_appHeaderWrapper.png) repeat-x; +} +/* application header */ +.appHeader { + /* height:100px; // to change the height of the header area, add a height property here. */ +} + +/* change the app logo here. set the height/width for your image, as well as the path to the image */ +.appLogo { + height: 43px; + width: 80px; + background: url(/static/img/skins/default/splunk_logo_black.png) no-repeat 0 0; + _background: url(/static/img/skins/default/splunk_logo_black.gif) no-repeat 0 0; +} + +/* +use this to display the name of the app. +use line-height to adjust alignment with logo. if +if the name of the app is in the logo, set this to display: none; +*/ +.appHeaderWrapper h1 { + color:#73a550; + line-height: 43px; +} + + +/* background colors +---------------------------------*/ + +/* default page color */ +body, .splBackground-default, .graphArea, .resultsArea, +.reportSecondPanel, .reportThirdPanel, .sidebarCollapsed, +.SearchBar .saTypeaheadWrapper { + background-color: #FFF; +} + +/* primary background - applies to search controls and primary action panels */ +.viewHeader, .mainSearchControls, .splSearchControls-inline, +.SearchBar .saHelpWrapper { + background-color: #edede7; +} + +/* secondary background - sidebar, other panels */ +.splBackground-secondary, .sidebarExpanded { + background-color:#edede7; +} + +/* Specific overrides */ +.layoutCellInner .ResultsHeader .splHeader, .layoutCellInner .ResultsHeader .splHeader-secondary { + background: transparent none; +} + + +/* headers +---------------------------------*/ +.splHeader-primary { + border-top-width: 1px; + border-top-style: solid; +} + +.splHeader-secondary { + border-top-width: 1px; + border-top-style: solid; +} + + + +.splHeader-secondary { + background-color: #edede7; + _background-position: 0px -111px; +} +/* navigation bar */ +.splHeader-navigation { + background-image: none; + _background-image: none; +} + +.splHeader h2 a { + font-weight:normal; +} + +/* Specific overrides */ +.TitleBar .splHeader, .FieldPickerPopup .splHeader-primary { + background-color: #edede7; + background-image: none; +} + +.FlashTimeline .splHeader-primary { + background: #fff url(/static/img/skins/default/overlay_topgradient_7.png) repeat-x; + _background-image: none; +} + +.FlashTimeline { + background: #fff url(/static/img/skins/default/overlay_bottomgradient_7.png) repeat-x bottom center; + _background-image:none; +} + +.DisableRequiredFieldsButton { + background: #edede7 url(/static/img/skins/default/overlay_topgradient_32.png) repeat-x; + _background-image:none; +} + +.splView-flashtimeline .ResultsHeader .splHeader-primary { + background: #edede7 url(/static/img/skins/default/overlay_topgradient_32.png) repeat-x; + _background-image:none; + border-color: #a4a4a4; + padding-top: 5px; +} + +.splView-flashtimeline .ResultsHeader .splHeader-primary h2 { + background-color: #fff; + -webkit-border-top-left-radius: 6px; + -moz-border-radius-topleft: 6px; + border-top-left-radius: 6px; +} + +/* borders +---------------------------------*/ +* { + border-color: #ccc; +} + +div.sidebarCollapsed .sidebarControl { + -moz-border-radius: 0 0 5px 0; + -webkit-border-radius: 0 0 5px 0; + border-radius: 0 0 5px 0; + background: #edede7 url(/static/img/skins/default/overlay_topgradient_32.png) repeat-x; + border-top: 1px solid #A4A4A4; +} + +div.sidebar .FieldPicker { + border-color: #a4a4a4; +} + +/* Dashboards +_______________________________*/ + +/* dashboard headers */ + +body.splTemplate-dashboard { + background-color: #EDEDE7; +} +.splHeader-dashboard { + background-image: none; +} +.splHeader-dashboard { + background-color: transparent; +} +.splHeader-dashboard h2, +.dashboardContent .ServerSideInclude h2, +.dashboardContent .GenericHeader h3 { + font-size:12px; + color: #73a550; + font-weight:bold; + background-color: transparent; +} +/* rounded box for dashboard modules */ +.dashboardCell { + position: relative; + background: #fff; + border-style: solid; + border-width: 1px; + -moz-border-radius: 5px; + -webkit-border-radius: 5px; + border-radius: 5px; + -moz-box-shadow: 0 0 5px rgba(0, 0, 0, 0.25); + -webkit-box-shadow: #ccc 0 0 5px; + box-shadow: #ccc 0 0 5px; + _background-image: none; +} + +.dashboardContent .SimpleResultsTableResults, .dashboardContent .EventsViewer { + background-image: none; + background: transparent; +} + + + +/* form elements +_________________________________*/ +fieldset legend { + color: #73A550; + font-size: 14px; + font-weight: bold; +} +fieldset legend span{ + color: #000; + font-size: 10px; + font-weight: normal; +} +input, textarea, select { + font-family: Arial, Helvetica, sans-serif; + font-size: 11px; +} +input[type="text"], input[type="textfield"], input[type="password"], +textarea, .input-facade, +.splTextAreaStd, +.codeMirrorTextAreaWrapper, +div.accumulator-scrollbox { + box-shadow: inset 0px 1px 3px #ccc; +} +.input-hide, input.input-hide, textarea.input-hide, +.splTextAreaStd textarea { + box-shadow: none; +} +label { + font-size: 12px; +} +label.disabledLabel { + color:#666; +} +select option[disabled] { + color:#999; + box-shadow: none; +} +input.readonly { + background-color: #999; + box-shadow: none; +} +p.exampleText { + color: #666; + clear: both; +} +p.fieldsetHelpText { + color: #666; +} +input[disabled]{ +background-color: #f4f4f1; +color: #333; +padding-left: 0; +box-shadow: none; +} +.splTextArea { + border:1px solid #ccc; +} + + +/* tables +------------------------------*/ +table.splTable { + border-color: #999; +} +table.splTable th { + border-color: #999; +} +table.splTable th a { + color: #000; +} +table.splTable td { + border-color: #CCC; +} +.empty_results { + background: #edede7; + border: 0px !important; + font-size: 12px; + font-weight: normal !important; + padding: 10px !important; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; + color: #666 !important; +} + +/* sorting */ +.splSortNone, .splSortAsc, .splSortDesc { + background-image: url(/static/img/skins/default/splIcons.gif); + background-position: -67px -446px; + background-repeat: no-repeat; + cursor: pointer; +} +.splSortDesc { + background-position: -67px -365px; +} +.splSortDesc:hover { + background-position: -67px -385px; +} +.splSortAsc{ + background-position: -67px -385px; +} +.splSortAsc:hover { + background-position: -67px -366px; +} + +/* global elements +---------------------------------*/ +.splPipe { + color:#999; +} +.splDivider { + border-bottom-style: solid; + border-bottom-width: 1px; +} +#loading { + background-color:#73a550; + color:#fff; +} /* I smell a refactor here... */ +#loadingmessage { + font-size:18px; + background: url(/static/img/skins/default/loading_white.gif) no-repeat 0 0; +} +.popupLoading { + background: url(/static/img/skins/default/loading_white.gif) no-repeat 0 20px; + font-size:18px; +} +.mouseoverHighlight, .mouseoverHighlight td { + background-color:#f5e998; +} + +.searchFieldGhost { + border-color: #333; +} +.widgeterror { color: red; font-weight: bold; } + +.resultStatusMessage { + color: #666; +} + +/* percentage bar graph +_________________________________*/ +.splBarGraph { + background: #edede7; +} +.splBarGraphBar { + background: #73a550 url(/static/img/skins/default/overlay_gradient_28.png) repeat-x; +} +.splBarGraphValue { + +} + +.graphLoading { + padding-bottom: 5px; +} + +/* popups +---------------------------------*/ + +.popupContainer { + z-index:10000; + border-color: #666; + -moz-box-shadow: 0 0 8px rgba(0, 0, 0, 0.7); + -webkit-box-shadow: #222 0 0 8px; + box-shadow: #222 0 0 8px; +} + +.wizardPopup .popupContent iframe { + width:400px; + border:none; + display: block; +} + +.wideTreeviewPopup .popupContent iframe { + width:700px; + height:433px; + border:none; + display: block; +} + +.panelEditorPopup .popupContent iframe { + width:340px; + border:none; + display: block; +} +.panelEditorPopup .popupContent { + min-width:340px; +} + +.fieldValuePopup { + border-color: #666; + -moz-box-shadow: none; /* needs dropshadow for others than ff3.5 and safari 4, removing this one and adding the jank normal dropshadow from menu*/ + -webkit-box-shadow: none; + box-shadow: none; + border: none; +} +.fieldValuePopup .fieldValuePopupInner { + border:1px solid #CCC; + background-image:url(/static/img/skins/default/bg_reversegradient_28.png); +} + +/* fieldpicker popup */ +.fieldLayers .popupContainer { + border-color: #ccc; +} + +.pdfPopup { + background: #fff; +} + +/* popup header bar */ +.splHeader-popup { + background: #000 url(/static/img/skins/default/overlay_gradient_28.png) repeat-x 0 0; + _background: #000 url(/static/img/skins/default/backgrounds_ie6.gif) repeat-x 0 -450px; +} +.splHeader-popup h2 { + color:#FFF; + font-size:14px; +} + +.splHeader-popup, .splHeader-popup h2 { + cursor: move; +} + +/*iframe loading*/ +.popupContent .popup-loading { + width: 100%; + height:100%; + position:absolute; + top:0; + text-indent:-1000em; + direction:ltr; + background: #fff url('/static/img/skins/default/loading_white.gif') no-repeat center center; + _height:100px; /* IE6 won't recalculate height properly :( */ +} + +/* popup content */ +.popupContent { + background-color: #FFF; + position:relative; + _zoom:1; +} + +.popupContent .error, .wizard .error { + font-size: 12px; + background: #af4444; + margin: 10px; + margin-bottom: 0px; + + -moz-border-radius:4px 4px 4px 4px; + -webkit-border-radius: 4px 4px 4px 4px; + border-radius: 4px 4px 4px 4px; +} + +/* popup footer (button container) */ +.popupFooter { + background: #edede7 url(/static/img/skins/default/overlay_topInnerShadow_35.png) repeat-x; + _background: #000 url(/static/img/skins/default/backgrounds_ie6.gif) repeat-x 0 -231px; +} + +/* Field Value popup-specific styles */ + +.fieldValuePopup h3 em { + font-size:11px; +} + +.fieldValuePopup table th.fieldName { + font-weight: normal; +} + +.fieldValuePopup table tr:first-child th.fieldName { + font-weight: bold; +} + +.fieldValuePopup table td, .fieldValuePopup table th { + color:#333; + border-bottom-style: dotted; + border-bottom-width: 1px; +} + +.fieldValuePopup table tr.fieldNameHeaderRow th { + border-bottom-style: solid; + border-bottom-width: 1px; +} + +.fieldValuePopup table tr.fieldNameHeaderRow td { + font-weight:bold; + color:#000; + border-bottom: none; +} +.fieldValuePopup p.reportLinks, +.fieldValuePopup div.reportLinks +{ + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; +} + +/* overlays and shadows +---------------------------------*/ +.splOverlay, .splOverlay-white { + background-color: #000; + opacity:0.7; + filter:alpha(opacity=70); +} +.splOverlay-white { + background-color:#FFF; +} + +.splShadow { + background: url(/static/img/skins/default/shadow_soft.png) no-repeat bottom right; + -moz-border-radius-bottomleft: 16px; /*is this supposed to be different?*/ + -moz-border-radius-topright: 17px; + -webkit-border-top-right-radius: 17px; + -webkit-border-bottom-left-radius: 17px; + border-top-right-radius:17px; + border-bottom-left-radius:17px; + _background: none; +} + +/* buttons +---------------------------------*/ + +.splButton-primary, +.splButton-secondary, +.splButton-tertiary { + background: #73a550 url(/static/img/skins/default/overlay_gloss_28.png) repeat-x left -3px; + color: #FFF; + font-family: Arial, Helvetica, sans-serif; + font-size:12px; + border: 1px solid #5e8d3d; + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; + _background-image: none; +} +button.splButton-primary span, +button.splButton-secondary span, +button.splButton-tertiary span +{ + line-height:21px; /*Note: line-height won't work on buttons in FF*/ +} + +.splButton-primary { + color:#fff; + background-color: #659c40; + border: 1px solid #5e8d3d; +} +.splButton-secondary { + color: #333; + background-color:#fff; + border: 1px solid #bbb; +} +.splButton-tertiary { + color:#fff; + background-color: #548ea0; + border: 1px solid #498a99; +} + +.splButton-primary:hover, +.splButton-primary:focus { + background-color: #4e7830; + outline: none; +} + +.splButton-secondary:hover, +.splButton-secondary:focus { + background-color: #f3f3f3; + border-color: #aaa; + outline: none; +} + +.splButton-tertiary:hover, +.splButton-tertiary:focus { + background-color: #326c79; + outline: none; +} + +.splButton-disabled, +.splButton-disabled:hover, +.splButton-disabled:focus { + background: #bbb; + color: #999; + border-color: #999; +} + +.splButton-disabled .splButtonIcon { + opacity:0.5; +} + +.splButton-primary span.splMenuIcon, +.splButton-tertiary span.splMenuIcon { + background-position: 0 -300px; +} + +/* buttons Groups +---------------------------------*/ + +.splButtonGroup .splButton-primary, +.splButtonGroup .splButton-secondary, +.splButtonGroup .splButton-tertiary { + -moz-border-radius: 0; + -webkit-border-radius: 0; + border-radius: 0; + margin:0; + border-left-color: #8FB777; +} +.splButtonGroup .splButton-secondary { + border-left-color: #ddd; +} + +.splButtonGroup .splButton-tertiary { + border-left-color: #7ca6b0; +} + +.splButtonGroup .splButton-disabled { + border-left-color: #bbb; +} + +.splButtonGroup .splButton-primary:first-child, +.splButtonGroup .splButton-secondary:first-child, +.splButtonGroup .splButton-tertiary:first-child { + -moz-border-radius-bottomleft: 4px; + -webkit-border-bottom-left-radius: 4px; + border-bottom-left-radius: 4px; + -moz-border-radius-topleft: 4px; + -webkit-border-top-left-radius: 4px; + border-top-left-radius: 4px; + border-left-color: #5E8D3D; +} + +.splButtonGroup .splButton-secondary:first-child { + border-left-color: #ccc; +} + +.splButtonGroup .splButton-tertiary:first-child { + border-left-color: #498A99; +} + +.splButtonGroup .splButton-disabled:first-child { + border-left-color: #999; +} + +.splButtonGroup .splButton-primary:last-child, +.splButtonGroup .splButton-secondary:last-child, +.splButtonGroup .splButton-tertiary:last-child { + -moz-border-radius-bottomright: 4px; + -webkit-border-bottom-right-radius: 0; + border-bottom-right-radius: 4px; + -moz-border-radius-topright: 4px; + -webkit-border-top-right-radius: 0; + border-top-right-radius: 4px; + border-right-width:1px; +} + +/* Iconic Links +---------------------------------*/ + +.splIconicLinkIcon, .splButtonIcon, span.splMenuIcon { + background-image: url(/static/img/skins/default/sprite_button_icons.png); + _background-image: url(/static/img/skins/default/sprite_button_icons.gif); + background-position: 0 0; +} + + +.splIconicLinkIcon { + margin-top:2px; +} +.splIconicLinkLabel { + font-size:11px; +} + +.splIconicLinkDisabled { + background-image: none; + color: #999; +} + + +.splIconicLinkDisabled .splIconicLinkIcon { + -moz-opacity: 0.45; + opacity: 0.45; + -ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=45)"; /* IE8 */ + filter: progid:DXImageTransform.Microsoft.Alpha(Opacity=45); /* IE7 */ + filter:alpha(opacity=50); /* IE6 */ + + color: #999; + -moz-border-radius: 3px; + -webkit-border-radius: 3px; + border-radius: 3px; +} + +.splIcon-export { + background-position: -26px -660px; +} + +.splIconicLinkDisabled .splIcon-export { + background-position: -13px -660px; +} + +.splIcon-options { + background-position: -26px -680px; +} + + +/* Splunk search button */ + +/* search button */ +input.searchButton { + background-color: #659c40; + background-image: url(/static/img/skins/default/search_button.png); + /* white > */ + background-position: right center; + /* black > -- uncomment for black arrow. -- + background-position: left center; + */ + /* corner rounding for good browsers */ + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; + + border: 1px solid #5e8d3d; + font-family: Arial, Helvetica, sans-serif; + cursor: pointer; + + + _background-image: url(/static/img/skins/default/green_search_button.png); + _background-color:transparent; + _border: none; + _zoom:1; +} + +input.searchButton:hover, +input.searchButton:focus { + background-color: #4e7830; + _background-color:transparent; +} + +table.mainSearchControlsTable input.searchButton { + border-left-color: #8fb777; + -moz-border-radius-topleft: 0; + -moz-border-radius-bottomleft: 0; + -webkit-border-top-left-radius: 0; + -webkit-border-bottom-left-radius: 0; + border-bottom-left-radius: 0; + border-top-left-radius: 0; + border-bottom-left-radius: 0; +} + +/* button wrapper */ +.splButtonWrapper { + border-top-width:1px; + border-top-style:solid; +} + +/* icons +---------------------------------*/ +.splIcon { + background-image: url(/static/img/skins/default/splIcons.gif); + background-color: #999; +} + +/*-- external link icon --*/ +.spl-icon-external-link-xsm { + background: transparent url(/static/img/skins/default/icon-external-xsm.png) no-repeat 0 0; + _background: transparent url(/static/img/skins/default/icon-external-xsm.gif) no-repeat 0 0; + background-repeat:no-repeat; + background-position: 0% 50%; + display:inline-block; + padding-left: 15px; + margin-left: 5px; + font-style: normal; +} +.spl-icon-external-link-xsm.inline-icon { + margin-left: 0px; +} + +/*-- sidebar collapse icon --*/ +.splIcon-sidebar-open .splIconicLinkIcon { background-position: -26px -320px; } +.splIcon-sidebar-closed .splIconicLinkIcon { background-position: -26px -340px; } + +/*-- linear and log scale buttons --*/ +div.FlashTimeline a.linLogToggle { + color:#000; +} + +div.FlashTimeline a.linLogToggle:focus { + background-color: #ccc; +} + +div.FlashTimeline a.linLogToggle .splIcon-triangle-4-s { + background-position: -67px -367px; +} + + + +/*-- clear buttons --*/ +.splIcon-clear { + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 5px; + background-position: 0px 0px; +} +html>/**/body .splIcon-clear, x:-moz-any-link, x:default { /* do rounding for ff3, not ff2 */ + -moz-border-radius: 5px; +} +.splIcon-clear:hover { background-position: -20px 0px; } + +/*-- close icons --*/ +.splIcon-close { background-position: 0px 0px; } +.splIcon-close:hover { background-position: -20px 0px; } + +/*-- arrow icons --*/ +.splIcon-arrow-n, .splIcon-arrow-e, .splIcon-arrow-s, .splIcon-arrow-w { + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 5px; + background-color: #999; +} +html>/**/body .splIcon-arrow-n, html>/**/body .splIcon-arrow-s, html>/**/body .splIcon-arrow-e, +html>/**/body .splIcon-arrow-w, x:-moz-any-link, x:default { /* do rounding for ff3, not ff2 */ + -moz-border-radius: 5px; +} +.splIcon-arrow-n { background-position: 0px -100px; } +.splIcon-arrow-e { background-position: 0px -140px; } +.splIcon-arrow-s { background-position: 0px -120px; } +.splIcon-arrow-w { background-position: 0px -160px; } +.splIcon-arrow-n:hover { background-position: -20px -100px; } +.splIcon-arrow-e:hover { background-position: -20px -140px; } +.splIcon-arrow-s:hover { background-position: -20px -120px; } +.splIcon-arrow-w:hover { background-position: -20px -160px; } + +/*-- results view buttons --*/ +.splIcon-events-list, .splIcon-events-table, .splIcon-results-table, .splIcon-results-chart { + background-image: url(/static/img/skins/default/sprite_button_icons.png); + _background-image: url(/static/img/skins/default/sprite_button_icons.gif); +} +.splIcon-events-list { background-position: -26px -740px; } +.splIcon-events-table { background-position: -26px -760px; } +.splIcon-results-table { background-position: -26px -780px; } +.splIcon-results-chart { background-position: -26px -800px; } +.splIcon-events-list:hover { background-position: -39px -740px; } +.splIcon-events-table:hover { background-position: -39px -760px; } +.splIcon-results-table:hover { background-position: -39px -780px; } +.splIcon-results-chart:hover { background-position: -39px -800px; } + +/* triangles */ +/* Note: to separate color from implementation, we're using a numbering system to differentiate colors. + 1=grey,2=white,3=green,4=black,5=blue. If the icon sprite changes, the number mapping to colors would be different */ +.splIcon-triangle, +.splIcon-triangle-1-n, .splIcon-triangle-1-s, .splIcon-triangle-1-e, .splIcon-triangle-1-w, +.splIcon-triangle-2-n, .splIcon-triangle-2-s, .splIcon-triangle-2-e, .splIcon-triangle-2-w, +.splIcon-triangle-3-n, .splIcon-triangle-3-s, .splIcon-triangle-3-e, .splIcon-triangle-3-w, +.splIcon-triangle-4-n, .splIcon-triangle-4-s, .splIcon-triangle-4-e, .splIcon-triangle-4-w, +.splIcon-triangle-5-n, .splIcon-triangle-5-s, .splIcon-triangle-5-e, .splIcon-triangle-5-w { + background-color:transparent; +} +.splIcon-triangle-large { + background-color:transparent; +} + +/* grey */ +.splIcon-triangle-1-n { background-position: -7px -386px; } +.splIcon-triangle-1-s { background-position: -7px -367px; } +.splIcon-triangle-1-e { background-position: -7px -407px; } +.splIcon-triangle-1-w { background-position: -7px -427px; } +/* white */ +.splIcon-triangle-2-n { background-position: -27px -386px; } +.splIcon-triangle-2-s { background-position: -27px -367px; } +.splIcon-triangle-2-e { background-position: -27px -407px; } +.splIcon-triangle-2-w { background-position: -27px -427px; } +/* green */ +.splIcon-triangle-3-n { background-position: -47px -386px; } +.splIcon-triangle-3-s { background-position: -47px -367px; } +.splIcon-triangle-3-e { background-position: -47px -407px; } +.splIcon-triangle-3-w { background-position: -47px -427px; } +/* black */ +.splIcon-triangle-4-n { background-position: -67px -386px; } +.splIcon-triangle-4-s { background-position: -67px -367px; } +.splIcon-triangle-4-e { background-position: -67px -407px; } +.splIcon-triangle-4-w { background-position: -67px -427px; } +/* blue */ +.splIcon-triangle-5-n { background-position: -87px -386px; } +.splIcon-triangle-5-s { background-position: -87px -367px; } +.splIcon-triangle-5-e { background-position: -87px -407px; } +.splIcon-triangle-5-w { background-position: -87px -427px; } + +/* state interaction +_________________________________*/ + +.fatal, .error, .warn, .info, .persistent { + background: url(/static/img/skins/default/overlay_gradient_28_plus.png) repeat-x top left; + _background: #000 none; + font-weight: bold; +} + +.fatal, .error { + background-color: #a62f2f; + color: #fff; +} +.warn, .persistent { + background-color: #ffee91; + color: #000; +} +.info { + background-color: #e8f8ff; + color: #000; +} + + +.fatal .remove, .error .remove, .warn .remove, .info .remove, .persistent .remove { + background: #000 url(/static/img/skins/default/splIcons.gif) no-repeat top left; + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; +} + +.fatal .remove, .error .remove { + background-color: #6f2121; +} +.warn .remove, .persistent .remove { + background-color: #b9ac66; +} +.info .remove { + background-color: #94a9b2; +} + + +/* menu classes +---------------------------------*/ + +.splMenu { + font-size: 11px; + font-family: Arial, Helvetica, sans-serif; +} + +/* primary menu - white */ +.splMenu-primary, .splMenu-primary a { + color: #333; +} +.splMenu-primary li.disabled a { + color:#999; +} +.splMenu-primary ul { + background-color: #FFF; +} +.splMenu-primary .actionsMenuDivider { +} + +/* primary menu hover styles */ +.splMenu-primary li:hover { + background: #f3ecbb; +} +.splMenu-primary ul li.htmlBlock:hover { + background-color: transparent; +} + +/* secondary menu - black */ +.splMenu-secondary, .splMenu-secondary a { + color: #CCC; +} +.splMenu-secondary li.disabled a { + color:#999; +} +.splMenu-secondary ul { + background-color: #000; + border-color: #333; +} + +/* primary menu hover styles */ +.splMenu-secondary li:hover { + background-color: #7b9059; +} +.splMenu-secondary a:hover { + color: #FFF; +} +.splMenu-secondary ul li.htmlBlock:hover { + background-color: transparent; +} + +/* Tab styles +-------------------------------*/ + +.tabsWrapper { + background-color: #bdbdb7; +} +ul.tabs li { + background: #666 url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat 0 -68px; +} +ul.tabs li a { + background: #666 url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat right -102px; + color: #FFF; + font-size: 12px; +} +/* on state */ +ul.tabs li.selected { + background-color: #FFF; + background: #FFF url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat 0 0; +} +ul.tabs li.selected a { + color: #333; + background: #FFF url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat right -34px; +} + +/* jquery ui styles +_______________________________*/ + +/* datepicker styles */ +.ui-datepicker { + border: 1px solid #ccc; + background: #FFF; +} +.ui-datepicker a { + color: #333; +} +.ui-datepicker-inline { + border-style: solid; + border-width: 1px; +} +.ui-datepicker-header { + background: #edede7 url(/static/img/skins/default/overlay_gradient_28.png) repeat-x scroll 0 -5px; + _background: #edede7 url(/static/img/skins/default/backgrounds_ie6.gif) repeat-x scroll 0 -5px; +} +.ui-datepicker-header a { + background-image: url(/static/img/skins/default/splIcons.gif); + background-repeat: no-repeat; +} +.ui-datepicker-prev { + background-position: -67px -418px; +} +.ui-datepicker-next { + background-position: -67px -398px; +} +.ui-datepicker-current-day { + background-color: #a8c479; +} + +/* resizable styles */ +.ui-resizable-s { + background:#cdcdc7 url(/static/img/skins/default/bg_resizer.gif) center no-repeat !important; + _font-size:0; +} + +.ui-resizable-helper { + border: 1px dashed #999; +} + +/* TimeSpinner styles */ +.TimeSpinner { + border: 1px solid #ccc; +} + +/*********************************** + Module styles +************************************/ + +/* Dev note: putting these in here for now, figuring out what refactoring can be done later */ + + +/*** Gandalf ***/ + +/* TimeRangeBinning */ +.TimeRangeBinning .trbToggle { + font-size:12px; +} +.TimeRangeBinning .trbToggle span.splIcon-triangle { + background-position: -87px -407px; + background-color: transparent; +} +.TimeRangeBinning .trbOn span.splIcon-triangle { + background-position: -87px -367px; +} + +/*** Jobs ***/ + +/* Job Status */ + +.JobStatus { + background-color: #EDEDE7; +} + +.JobStatus .output .scanned, +.JobStatus .output .results { + font-style:normal; + font-size:12px; +} +.JobStatus .output .running h2, +.JobStatus .output .runningReport h2, +.JobStatus .output .finalizing h2 { + background: url(/static/img/skins/default/loader_green_on_grey.gif) left no-repeat; + /* use loader.gif for green on white */ +} + +.JobStatus .output .complete h2 { + background: url(/static/img/skins/default/bg_job_status.png) 0 -13px no-repeat; +} + +.JobStatus .output .paused h2 { + background: url(/static/img/skins/default/bg_job_status.png) 0 8px no-repeat; +} + +.autoPauseText > strong { + color: #900; +} + +/* link icons */ + + + +.save .splButtonIcon { + background-position: 0 -160px; +} + +.create .splButtonIcon { + background-position: 0 -180px; +} +.inspector .splButtonIcon { + background-position: 0 -120px; +} + +.print .splButtonIcon { + background-position: 0 -140px; +} + +.background .splButtonIcon{ + background-position: 0 -20px; +} + +.finalize .splButtonIcon { + background-position: 0 -80px; +} + +.pause .splButtonIcon { + background-position: 0 -60px; +} + +.unpause .splButtonIcon{ + background-position: 0 -40px; +} + +.cancel .splButtonIcon{ + background-position: 0 -100px; +} + +.schedulepdf .splButtonIcon{background-position:0 -560px;} +.move .splButtonIcon{background-position:0 -580px;} +.add .splButtonIcon{background-position:0 -640px;} +.permissions .splButtonIcon{background-position:0 -600px;} +.xml .splButtonIcon{background-position:0 -620px;} + +/* IE6 removal of gradient overlays */ +.JobStatus .splHeader { + _background-image: none; +} + +.JobStatus .autoPauseTip { + color: #800; +} +.JobStatus .autoPauseTip a { + color: #1a7996; +} + +/*** Nav ***/ + +/* AppBar */ +ul.appBarNav li a:hover, +ul.appBarNav li a.menuOpen { + background: url(/static/img/skins/default/overlay_white_28.png) repeat-x 0 0; + _background: url(/static/img/skins/default/backgrounds_ie.gif) repeat-x 0 -727px; +} +ul.appBarNav li a { + font-size: 11px; + font-weight: bold; +} +.splMenu-primary ul li.splUserCreated { + background-image: url(/static/img/skins/default/greendot.gif); + background-repeat: no-repeat; + background-position: 4px 10px; +} + +/* BreadCrumb */ +.BreadCrumb { + font-size:14px; +} +.BreadCrumb .gt { + color:#888; +} + +/* TitleBar */ +.TitleBar div.menuOpen, .TitleBar a.menuOpen { + background-color: #CCC; +} +.TitleBar h2 em { + font-style:normal; +} +.TitleBar .splPipe { + font-size:12px; +} + +/*** Results header ***/ +h2 .timeRangeStr { + font-weight: normal; +} + + +/*** Message ***/ +.Message ol { + font-size: 0px; + line-height: 1; +} +.Message ol li { + font-size: 11px; + line-height: 16px; + padding: 6px 10px; +} + +/*** Paginator ***/ + +.Paginator a, .Paginator .disabled:hover { + border-style: solid; + border-width: 1px; + border-color: #fff; + -moz-border-radius: 3px; + -webkit-border-radius: 3px; + border-radius: 3px; + _border-width:0px; +} +.Paginator a:hover { + border-color: #ccc; + text-decoration:none; +} +.Paginator .active a, .Paginator .active a:hover { + background-color: #999; + -webkit-box-shadow: inset 1px 1px 1px 0px #333333; + -moz-box-shadow: inset 1px 1px 1px 0px #333333; + box-shadow: inset 1px 1px 1px 0px #333333; + color: #fff; + border-color: #fff; +} +.Paginator .previous, .Paginator .next { + color:#999; +} + + +/*** Prototypes ***/ + +/* SimpleEventsViewer */ + +.SimpleEventsViewer { + background-color:#fff; +} +.SimpleEventsViewer span.searchTermHighlight { + background-color:#f5e998; +} +.SimpleEventsViewer .eventFields { + color: LightSlateGrey; +} +.SimpleEventsViewer .eventFields .value { + color: #000; +} + +/*** Results ***/ + +/* EventsViewer */ + +.EventsViewer, .SimpleResultsTableResults { +} + +.EventsViewerScroller { + border-top-style: solid; + border-top-width: 1px; +} +.EventsViewer .header { + font-weight:normal; + font-size:11px; + color:#333; +} +.EventsViewer .header em { + font-weight:bold; + font-style:normal; +} + +.EventsViewer .tb { + border:1px solid red; +} +.EventsViewer .tb h2 { + font-size:11px; + font-weight:bold; +} +.EventsViewer .tb h3 { + font-size:10px; + font-weight:bold; +} +.EventsViewer .tb td:first-child { + color:#666; +} +.EventsViewer .default .pos { + font-style:normal; + font-size:11px; + color:#bbb; +} +.EventsViewer .default .time { + font-style:normal; + font-size:11px; + color:#666; +} +.EventsViewer .default .audit { + font-style:normal; + display:block; + padding:2px 0px 4px 20px; + color:#666; +} +/* BEGIN NOTICE: decoration_audit_ class names currently have no indirection, do not change! */ +.EventsViewer .default .decoration_audit_valid { + background:url(/static/img/skins/default/audit_valid.gif) no-repeat; +} +.EventsViewer .default .decoration_audit_gap { + background:url(/static/img/skins/default/audit_gap.gif) no-repeat; +} +.EventsViewer .default .decoration_audit_tampered { + background:url(/static/img/skins/default/audit_tampered.gif) no-repeat; +} +.EventsViewer .default .decoration_audit_cantvalidate { + background:url(/static/img/skins/default/audit_cantvalidate.gif) no-repeat; +} +/* END NOTICE: decoration_audit_ class names currently have no indirection, do not change! */ +.EventsViewer .default .event { + font-family:Consolas, Monaco, Courier New, monospace; + font-size: 12px; + color:#333; +} +.EventsViewer .default .a, .EventsViewer .default .h, .EventsViewer .default .fields .v:hover, .EventsViewer .default .fields .tg:hover, .EventsViewer .default .time:hover { + background-color:#f5e998; +} +.EventsViewer .default .showinline { + color:#4D9BB3; +} +.EventsViewer .default .fields li { + color:#778899; +} +.EventsViewer .default .fields em { + font-style:normal; +} +.EventsViewer .default .fields .k { + color:#999; +} +.EventsViewer .default .fields .v { + color:#333; +} +.EventsViewer .default .fields .tg { + color:#999; + font-style:italic; +} +.EventsViewer .default .fields .fm { + background: url(/static/img/skins/default/splIcons.gif) no-repeat -67px -364px; + color:#FFF; +} +.actions .splButtonIcon { + background-position: 0 -280px; +} + + +.results-table-help { + font-size: 12px; +} + +/* BEGIN: tag field popup styles */ +.tagfieldpopup { + background:#FFF; +} +.tagfieldpopup input { + font-size:11px; + color:#333; +} + + + +/* FancyChartTypeFormatter */ +.FancyChartTypeFormatter .chartTypeTitle { + font-size: 12px; +} +.FancyChartTypeFormatter .chartTypeActivator { + border-style: solid; + border-width: 1px; + background: url(/static/img/skins/default/overlay_gradient_28.png) repeat-x 0 0; +} +.FancyChartTypeFormatter .chartTypeActivator span { + background: url(/static/img/skins/default/arrows.gif) no-repeat 0 0 ; +} +.FancyChartTypeFormatter .chartTypeMenu ul { + background-color:#FFF; + border-style: solid; + border-width: 1px; +} +.FancyChartTypeFormatter .chartTypeMenu li:hover { + background-color: #f3ecbb; +} +.FancyChartTypeFormatter .chartTypeActivator a, +.FancyChartTypeFormatter .chartTypeMenu li a { + color:#333; + text-decoration:none; + font-size:12px; + background-image:url(/static/img/skins/default/chart_type_icons.gif); + background-repeat:no-repeat; + background-position: 5px -45px; +} +.FancyChartTypeFormatter .chartTypeMenu li.column a, +.FancyChartTypeFormatter .chartTypeActivator a.column { + background-position: 5px 3px; +} +.FancyChartTypeFormatter .chartTypeMenu li.line a, +.FancyChartTypeFormatter .chartTypeActivator a.line { + background-position: 5px -45px; +} +.FancyChartTypeFormatter .chartTypeMenu li.area a, +.FancyChartTypeFormatter .chartTypeActivator a.area { + background-position: 5px -94px; +} +.FancyChartTypeFormatter .chartTypeMenu li.bar a, +.FancyChartTypeFormatter .chartTypeActivator a.bar { + background-position: 5px -144px; +} + +/* Timeline */ +/* + background-color -> controls bgcolor + border-left-color -> controls foregroundColor + color -> controls fontColor + border-right-color -> controls seriesColor +*/ + + +/********************************** +Timeline and charts +***********************************/ + +div.FlashTimeline, +div.FlashTimeline .splHeader { + background-color: #fff; + + /* Color of the chart lines */ + border-left-color: #000; + + /* Color of the columns */ + border-right-color: #73a550; + + color: #000; +} + +div.FlashTimeline a.splIconicLinkDisabled { + color: #999; +} + +div.FlashTimeline .splHeader { +/* background-image: none;*/ + border-top-width: 0; +} + + +div.FlashTimeline a.hideshow .splIconicLinkIcon { + background-position: -26px -400px; +} + +div.FlashTimeline .minimized a.hideshow .splIconicLinkIcon { + background-position: -26px -420px; +} + + +.TimelineContainer, +.FlashWrapperContainer { + padding-bottom: 7px; + _padding-bottom:0; +} + +.FlashTimeline .zoomIn .splIconicLinkIcon { + background-position: -26px -480px; +} + +.FlashTimeline .zoomOut .splIconicLinkIcon { + background-position: -26px -500px; +} + +.FlashTimeline .selectAll .splIconicLinkIcon { + background-position: -26px -520px; +} +.FlashTimeline .splIconicLinkDisabled.zoomIn .splIconicLinkIcon { + background-position: -13px -480px; +} + +.FlashTimeline .splIconicLinkDisabled.zoomOut .splIconicLinkIcon { + background-position: -13px -500px; +} + +.FlashTimeline .splIconicLinkDisabled.selectAll .splIconicLinkIcon { + background-position: -13px -520px; +} + + + +/* FlashChart */ +/* + background-color -> controls bgcolor + border-left-color -> controls foregroundColor + color -> controls fontColor +*/ +div.FlashChart { + background-color: #fff; + border-left-color: #000; + color: #000; +} + +/* JSChart: + * + * JSChart will adopt the same styles as FlashChart, this allows backwards compatibility with any styling + * applied to FlashChart in an application.css file + */ + +/* MultiFieldViewer + SuggestedFieldViewer */ +.MultiFieldViewer .fieldTabs .mouseoverHighlight, +.MultiFieldViewer .fieldTabs .selected, +.SuggestedFieldViewer .fieldTabs .mouseoverHighlight, +.SuggestedFieldViewer .fieldTabs .selected { + background-color:#C2D4DA; +} + +.MultiFieldViewer .fieldTabs .mouseoverHighlight a, +.SuggestedFieldViewer .fieldTabs .mouseoverHighlight a { + background-image: url(/static/img/skins/default/graph_icon.png); + background-repeat: no-repeat; + background-position: right 3px; +} + +.MultiFieldViewer .valueCount, +.SuggestedFieldViewer .valueCount { + color: #999; +} + +.MultiFieldViewer .iconNumeric, +.SuggestedFieldViewer .iconNumeric, +.MultiFieldViewer .iconString, +.SuggestedFieldViewer .iconString { + font-family: "Times New Roman", Georgia, Times, serif; + color: #999; + font-style: italic; + font-weight: bold; + font-size: 13px; + line-height: 12px; +} + +/* Count */ +.Count label, .Count select { + font-size: 11px; +} + +.pageControls .Count .perPageLabel{ + color: #333; +} + +/* EnablePreview */ +.pageControls .EnablePreview label { + font-size:11px; +} + +/* ResultsActionsButtons */ +.ResultsActionButtons { + background-color: #EDEDE7; +} + +/* SimpleResultsTable */ +table.simpleResultsTable td.pos, +table.simpleResultsTable th.pos { + color: #bbb; + border: none; +} +table.simpleResultsTable td.lowValue { + border: 1px solid blue; +} +table.simpleResultsTable td.highValue { + border: 1px solid red; +} + +/* SingleValue */ +.SingleValueHolder { + background-color: #ccc; + -moz-border-radius: 4px; + -webkit-border-radius: 4px; + border-radius: 4px; + font-size: 16px; + font-weight: bold; + -moz-box-shadow: inset 0 0 5px rgba(0, 0, 0, 0.25); + -webkit-box-shadow: inset 0 0 5px rgba(0, 0, 0, 0.25); + box-shadow: inset 0 0 5px rgba(0, 0, 0, 0.25); + background-image:url(/static/img/skins/default/overlay_gradient_50.png); + background-repeat: repeat-x; + _background-image: none; + +} +.SingleValue .severe { + background-color: #bb2121; + color: #fff; +} +.SingleValue .high { + background-color: #e67918; + color: #fff; +} +.SingleValue .elevated { + background-color: #e9da34; + color: #000; +} +.SingleValue .guarded { + background-color: #4da6df; + color: #fff; +} +.SingleValue .low { + background-color: #72c72d; + color: #fff; +} +.SingleValue .None { + background-color: #999; + color: #fff; +} + +/*** Search ***/ + +/* Field Picker */ + +.FieldPickerPopup .fpUpdateFields, .FieldPickerPopup .fpUpdateFieldsUpdate { + color: #E5F2F5; +} +.FieldPickerPopup li.fpSelFieldsNotPresent { + color:#999; +} +.FieldPickerPopup .fpAddTermCell span.splIcon-arrow-e { + background-color: #73a550; +} +.FieldPickerPopup li.fpSelFieldsNotPresent span { + background-color: #CCC; +} +.FieldPickerPopup .fpFilterFields label { + font-weight: bold; + font-size: 11px; +} +.FieldPickerPopup .fpFieldListContainerOuter { + _background: url(/static/img/skins/default/field_list_header.png) repeat-x 0 0; +} +.FieldPickerPopup .fpFieldListContainerOuter thead tr { + background-position: left -5px; +} +.FieldPickerPopup .fpFieldListContainerOuter th span { + background-color: transparent; + background-position: -67px -441px; +} +.FieldPickerPopup .fpFieldListContainerOuter +.headerSortUp span { + background-position: -67px -379px; +} +.FieldPickerPopup .fpFieldListContainerOuter th.headerSortDown span { + background-position: -67px -360px; +} +.FieldPickerPopup .fpFieldList tr.fieldSelected td.fpFieldTerm { + color:#999; +} +.FieldPickerPopup .fpFieldList tr.fieldSelected td.fpAddTermCell span { + background-color: #CCC; +} + +.fpFieldList .splHeader { + background-image: url(/static/img/skins/default/overlay_gradient_28.png); + _background-image: none; +} + + + +/* adding this class on hover via jquery, handles row highlighting and graph icon */ +.FieldPickerPopup .fpFieldList tbody tr:hover, .FieldPickerPopup .fpFieldList tbody tr.mouseoverHighlight { + background-color: #f5e998; +} +.FieldPickerPopup .fpFieldList tbody tr:hover .fpFieldListSecond a, +.FieldPickerPopup .fpFieldList tbody tr.mouseoverHighlight .fpFieldListSecond a { + background: url(/static/img/skins/default/graph_icon.png) no-repeat center right; +} + + + + +/*** SearchBar for DEFAULT.CSSS ***/ + +table .SearchBar .searchFieldWrapper { +} + +table.mainSearchControlsTable .SearchBar .searchFieldWrapper { + border: 1px solid #5e8d3d; + background-color: #5e8d3d; + + + border-right-width: 0; + -moz-border-radius-topright: 0; + -moz-border-radius-bottomright: 0; + -webkit-border-top-right-radius: 0; + -webkit-border-bottom-right-radius: 0; + border-bottom-right-radius: 0; + border-top-right-radius: 0; + border-bottom-right-radius: 0; + background: #73a550 url(/static/img/skins/default/search_bar.png); + _background: #73a550; + _background-image: none; +} + +.SearchBar .searchFieldWrapperInner { + border-color: #a0c288; +} + +.SearchBar label { + color: #bbb; +} + +.SearchBar .assistantActivator { + background-color:#689549; + background-image: url(/static/img/skins/default/overlay_gradient_28.png); + _background-image: none; + background-repeat: repeat-x; +} +.SearchBar .assistantEnabled span.assistantAutoOpener { + color: #fff; +} +.SearchBar .assistantEnabled span.saHandle { + background:transparent url(/static/img/skins/default/bg_resizer_white.png) center no-repeat; + _background:transparent url(/static/img/skins/default/bg_resizer_white.gif) center no-repeat; +} +.SearchBar h4 { + color: #73A550; +} +.sakeywordCount{ + background-color: #fff; + color: #333; +} +.saKeywordSelected { + background-color: #f5e998; +} +.saKeywordSelected .sakeywordCount{ + background-color: #f5e998; +} + +.sakeyword:hover { + background-color: #EDEDE7; +} +.sakeyword:hover .sakeywordCount{ + background-color: #EDEDE7; +} +.splSearchControls-inline { + background-repeat: repeat-x; + background-position: bottom; + _background-image: none; +} +.SearchBar .assistantWrapperEnabled { + -webkit-box-shadow: 2px 2px 3px 0px rgba(0, 0, 0, 0.4); + -moz-box-shadow: 2px 2px 3px 0px rgba(0, 0, 0, 0.4); + box-shadow: 2px 2px 3px 0px rgba(0, 0, 0, 0.4); + border-top:1px solid #A0C288 ; +} + +.SearchBar .assistantInner { + background: #edede7 url(/static/img/skins/default/bg_search_assistant.png) left top repeat-y; + zoom:1; +} +.SearchBar .assistantInnerHelpOnly { + background-color: #edede7; + background-image: none; +} + + +.SearchBar .assTab .splIcon { + background-position: 0 -582px; + background-color: transparent; +} +.SearchBar .assistantWrapperEnabled .assTab .splIcon { + background-position: 0 -562px; +} + + +.SearchBar .saHelpWrapper { + border-left-color: #fff; +} +.SearchBar .sakeyword em { + font-style: normal; + font-weight: bold; + color: #046a89; +} +.SearchBar .saNotice { + background-color: #f5e998; + border-color: #CCC !important; +} +.SearchBar .error { + background-color: #f5e998; + border-color: #CCC !important; + color: #900; + background-image: none; +} + +.introstep { + color: #333; +} +.intro code { + color: #73A550; +} +.SearchBar .intro ul li{ + list-style-type: disc; +} + +.splView-flashtimeline .JobStatus { + background: #EDEDE7 url('/static/img/skins/default/overlay_bottomgradient_32.png') repeat-x bottom left; + _background-image: none; + border-bottom-color: #a4a4a4; +} + + +.splView-flashtimeline .ChartTypeFormatter { + border-bottom: 1px solid #ccc; +} + +.splView-flashtimeline .ShowHideHeader div.secondary h2 { + font-size: 12px; +} +.splView-flashtimeline .ShowHideHeader { + border-top-width: 2px; +} + + +div.splSearchFormatChart-tabs ul li.selected .linkSwitcherSelectedIcon { + background: transparent url(/static/img/skins/default/splIcons.gif) -68px -346px no-repeat; +} + +/* TimeRangePicker */ +.TimeRangePicker .timeRangeActivatorWrapper { + background-image: url(/static/img/skins/default/overlay_topgradient_white.png); + background-repeat: repeat-x; + background-color:#d5d5d1; + _background-image:url(/static/img/skins/default/backgrounds_ie6.gif); + -moz-border-radius: 5px; + -webkit-border-radius: 5px; + border-radius: 5px; +} + + +table.mainSearchControlsTable .TimeRangePicker .timeRangeActivator { + padding-top: 3px; +} + +table.mainSearchControlsTable .TimeRangePicker .timeRangeActivatorWrapper { + border: 1px solid #5e8d3d; + border-left-width: 0; + -moz-border-radius: 0; + -webkit-border-radius: 0; + border-radius: 0; + + color: #fff; + + background: #659c40 url(/static/img/skins/default/search_bar.png); + _background-image: url('/static/img/skins/default/green_search_button.png'); + _background-repeat: no-repeat; + _background-position: 0px -74px; + + font-size: 12px; + height: 26px; +} + +/* IE6 & 7 FIX*/ +.mainSearchControlsTable .timeRangeActivatorWrapper{*position:relative;} +.mainSearchControlsTable .dropDown +{ + *position:absolute; + *top:0px; + *right:10px; +} +/*IE7 double input border*/ +*+html .mainSearchControlsTable .SubmitButton fieldset{border:1px solid #5E8D3D ;} +*+html .mainSearchControlsTable .SubmitButton input { + border:0; + height: 26px; + width: 42px; +} +/*IE7 min width */ +*+html .mainSearchControlsTable .timeRangeActivator { + min-width:100px; + width:expression(this.currentStyle.getAttribute('minWidth')); +} + +table.mainSearchControlsTable .TimeRangePicker .timeRangeActivatorWrapper:hover, +table.mainSearchControlsTable .TimeRangePicker .timeRangeActivatorWrapper:focus { + background-color: #4e7830; + text-decoration: none; +} + +table.mainSearchControlsTable .TimeRangePicker .timeRangeActivatorWrapper .dropDown { + background-position: -27px -367px; + margin-top: 11px; +} + + +.trpCustomDateTime .rangeType { + border-bottom: 1px solid #CCC; +} +.trpCustomDateTime input.disabled { + background-color: #DDD; + border-color:#DDD; + color:#666; +} +.trpCustomDateTime .earliestDateTime, +.trpCustomDateTime .latestDateTime { + border: 1px solid #ccc; +} +.trpCustomDateTime .dateTimeDisabled { + background-color: #f4f4f1; + border-color:#f4f4f1; + color:#666; +} +.trpCustomDateTime .dateTimeDisabled input { + background:transparent; +} +.trpCustomDateTime input.customDate { + border: none; + background: transparent; +} +.trpCustomDateTime div.outputString { + background-color: #f4f4f1; + border: 1px solid #f4f4f1; + color:#333; +} + + +/*** Report builder ***/ + +.report_builder_format_report .viewHeader { + border: 0; +} + +.report_builder_format_report .JobStatus { + border: 0; +} +.ShowHideHeader { + border-top-width: 1px; + border-top-style: solid; +} + +/*** Advanced charting ***/ + +.splView-charting .ResultsHeader .splHeader-primary { + background-image: none; +} + +/*** Switchers ***/ + +/* ButtonSwitcher */ +.ButtonSwitcher ul li.selected .splIcon-events-list { + background-position: 0 -740px; +} +.ButtonSwitcher ul li.selected .splIcon-events-table { + background-position: 0 -760px; +} +.ButtonSwitcher ul li.selected .splIcon-results-table { + background-position: 0 -780px; +} +.ButtonSwitcher ul li.selected .splIcon-results-chart { + background-position: 0 -800px; +} +.ButtonSwitcher ul li.disabled .splIcon-events-list { + background-position: -13px -740px; +} +.ButtonSwitcher ul li.disabled .splIcon-events-table { + background-position: -13px -760px; +} +.ButtonSwitcher ul li.disabled .splIcon-results-table { + background-position: -13px -780px; +} +.ButtonSwitcher ul li.disabled .splIcon-results-chart { + background-position: -13px -800px; +} +.ButtonSwitcher ul li.disabled a * { + cursur:default; +} + + +.ButtonSwitcher ul li { + border-color: #fff; + -moz-border-radius: 3px; + -webkit-border-radius: 3px; + border-radius: 3px; +} + +.ButtonSwitcher ul li.selected, .ButtonSwitcher ul li.selected:hover { + background-color: #999; + -webkit-box-shadow: inset 1px 1px 1px 0px #333333; + -moz-box-shadow: inset 1px 1px 1px 0px #333333; + box-shadow: inset 1px 1px 1px 0px #333333; +} + +/* Link Switcher */ +.LinkSwitcher a { + font-size: 12px; +} +.LinkSwitcher ul li.selected a { + color:#333; + font-weight: bold; + text-decoration:none; +} + +/* ShowHideHeader */ +.ShowHideHeader div.secondary { + background-image: none; +} +.ShowHideHeader h2 span.splIcon-triangle { + background-position: -67px -367px; +} +.ShowHideHeader div.secondary h2 { + font-size: 11px; + font-weight: normal; +} +.ShowHideHeader div.secondary h2 span.splIcon-triangle { + background-position: -87px -367px; +} +.ShowHideHeader div.secondary h2:hover { + text-decoration:underline; +} +.ShowHideHeader h2.closed span.splIcon-triangle { + background-position: -67px -407px; +} +.ShowHideHeader div.secondary h2.closed span.splIcon-triangle { + background-position: -87px -407px ; +} + +/* TabSwitcher */ +.TabSwitcher { + background-color: #bdbdb7; +} +.TabSwitcher ul li { + background: #666 url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat 0 -68px; +} +.TabSwitcher ul li a { + font-size: 12px; + background: #666 url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat right -102px; + color: #FFF; +} +.TabSwitcher ul li.selected { + background-color: #FFF; + background: #FFF url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat 0 0; +} +.TabSwitcher ul li.selected a { + color: #333; + background: #FFF url(/static/img/skins/default/tab_switcher_rounded_corners.gif) no-repeat right -34px; +} + +/* progress bar */ + +.JobProgressIndicator .splBarGraph { + background-image:url(/static/img/skins/default/overlay_innershadow_4.png); + _background-image: none; +} + +.JobProgressIndicator .splBarGraphBar { + background-image:url(/static/img/skins/default/overlay_gradient_4.png); + _background-image: none; +} + + + +/********************************** +Interactive Field Extractor +***********************************/ +.ifxHelpColumn { + background-color:#E5F2F5; +} + +.ifxHelpColumn h4 { + color:#111 +} + + +/********************************** +hacks +***********************************/ + +/* safari focus outline */ +/* +*:focus {outline: 0;} +*/ + diff --git a/deployment-apps/eventid/bin/ev_process_proc.py b/deployment-apps/eventid/bin/ev_process_proc.py new file mode 100755 index 00000000..3f5eccf2 --- /dev/null +++ b/deployment-apps/eventid/bin/ev_process_proc.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +import csv +import sys +import re + + +# arp.exe,Target Discovery,Obtains information about hosts on the local broadcast domain +# New_Process_Name = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe +# C:\Windows\System32\wbem\WmiPrvSE.exe + +def process_interesting(full_path_process): + try: + process_path_elements = full_path_process.split("\\") + process = process_path_elements[len(process_path_elements)-1] + return process + except: + return full_path_process + +def main(): + if len(sys.argv) != 3: + print "Usage: python ev_process_proc.py [full_path_process] [process]" + print sys.argv[1] + print len(sys.argv) + sys.exit(1) + + full_path_process = sys.argv[1] + process = sys.argv[2] + + infile = sys.stdin + outfile = sys.stdout + + r = csv.DictReader(infile) + header = r.fieldnames + + w = csv.DictWriter(outfile, fieldnames=r.fieldnames) + w.writeheader() + + for result in r: + if result[full_path_process]: + result[process] = process_interesting(result[full_path_process]) + if result[process]: + w.writerow(result) + +main() diff --git a/deployment-apps/eventid/bin/ev_process_xml_parameters.py b/deployment-apps/eventid/bin/ev_process_xml_parameters.py new file mode 100755 index 00000000..b6ec9a79 --- /dev/null +++ b/deployment-apps/eventid/bin/ev_process_xml_parameters.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python + +import csv +import sys +import re +import xml.etree.ElementTree as ET + +# Windows Modules InstallerstoppedWelcome to the EventID.Net Windows Event Logs app!
+ +The Windows Event Log App assumes that Splunk is collecting information from Windows servers and workstation via one of the following methods: +
All these methods will collect the events and either collect them in the "wineventlog" Splunk index or record them in the default index with source the source set as "*WinEventLog*" (notice the wildcards). The app analyzes the entries matching these criteria (index="wineventlog" OR source=*WinEventLog*). This matches the defaults used by the Universal Forwarder, the collection of local Windows event logs and the collection via WMI.
+ +In order to create the proper indexes, we recommend the installation of the Splunk Add-on for Microsoft Windows app.
+ +To collect the logs from remote computers without installing the Universal Forwarded on each computer, configure the forwarding of event logs to central location using the Windows built-in event forwarding. See Configure Computers to Forward and Collect Events for details on how to configure a computer as a collector of logs.
+ + +If no data is displayed, please verify that the Universal Forwarder is installed properly and that the all the Windows event logs are sent to the "wineventlog" index (or the WinEventLog* sources).
+ +If the data is stored in a different index, the user can update the macros.conf [event_sources] section by using the application setup.
+ +The Interesting Processes section from the Processes dashboard is partially based on a presentation by Michael Gough from www.malwarearchaeology.com: "The Top 10 Windows Event ID's Used To Catch Hackers In The Act". See for the presentation slides and information on how to enable the auditing of processes, including command-line based ones. The list of "interesting processes" is based on a study by JPCERT CC (Japan Computer Emergency Response Team Coordination Center) on detecting lateral movement through tracking of event logs. The list is stored in C:\Program Files\Splunk\etc\apps\eventid\lookups\interesting_processes.csv and it can be adjusted with a text editor if needed. For full functionality the audit of the command line arguments has to be enabled as described in Command Line Process Auditing
+ +The XML dashboard is design to report Windows events rendered from the XML by using the renderXML stanza. The renderXML option reduced the volume of data to about 25% of the regular events, however some details such as the full description of the event are no longer recorded. See Feature Overview: XML Event Logs for more details.
+ +Each of the dashboard can be set as an alarm (i.e. notifications when a certain number of failed logins are recorded, when certain processes are executed, etc).
+ +Send any suggestions and questions to support@altairtech.ca. We can also provide advice in setting up the Splunk receiver for the Universal Forwarder.
+ +We publish the most current version of EventID.Net Windows Event Logs Splunk app on www.eventid.net. Splunk may takes weeks or months to certify a new version.
+ + +