# Copyright (C) 2005-2024 Splunk Inc. All Rights Reserved. from splunk.clilib.bundle_paths import make_splunkhome_path from splunk.util import safeURLQuote # NOTE TO DEV: Set this to the last version supported during development LAST_SUPPORTED_VERSION = '4.16.0' # NOTE TO DEV: Set this to the latest version during development NEW_VERSION = '4.19.1' # The Jars to backup. # Whenever you want to backup old jars, add an key-value pair with: # key: the last version running with the old jars. # value: list of jar files to be backed up EVENTMANAGEMENT_JARS = { '4.1': [ "akka-actor_2.11-2.3.15.jar", "akka-slf4j_2.11-2.3.15.jar", "scala-library-2.11.5.jar", "slf4j-api-1.7.21.jar", "slf4j-api-1.7.25.jar", "config-1.2.1.jar", "log4j-api-2.3.jar", "log4j-core-2.3.jar", "log4j-slf4j-impl-2.3.jar", "jackson-annotations-2.3.5.jar", "jackson-core-2.3.5.jar", "jackson-databind-2.3.5.jar" ], '4.4': [ "jackson-databind-2.9.9.2.jar", "jackson-core-2.9.9.jar", "jackson-annotations-2.9.9.jar" ], '4.4.3': [ "log4j-api-2.5.jar", "log4j-core-2.5.jar", "log4j-slf4j-impl-2.5.jar" ], '4.5.0': [ "log4j-api-2.13.1.jar", "log4j-core-2.13.1.jar", "log4j-slf4j-impl-2.13.1.jar", "commons-codec-1.11.jar" ], '4.9.0': [ "jackson-databind-2.10.0.jar", "jackson-core-2.10.0.jar", "jackson-annotations-2.10.0.jar" ], '4.9.4': [ "log4j-api-2.13.2.jar", "log4j-core-2.13.2.jar", "log4j-slf4j-impl-2.13.2.jar" ], '4.9.5': [ "log4j-api-2.15.0.jar", "log4j-core-2.15.0.jar", "log4j-slf4j-impl-2.15.0.jar" ], '4.11.2': [ "log4j-api-2.16.0.jar", "log4j-core-2.16.0.jar", "log4j-slf4j-impl-2.16.0.jar" ], '4.11.3': [ "log4j-api-2.17.0.jar", "log4j-core-2.17.0.jar", "log4j-slf4j-impl-2.17.0.jar" ], '4.12.1': [ "jackson-databind-2.10.5.1.jar", "jackson-core-2.10.5.jar", "jackson-annotations-2.10.5.jar" ], '4.13.2': [ "guava-30.0-jre.jar" ], '4.15.0': [ "splunk-sdk-1.5.0.jar" ], '4.15.2': [ "guava-30.0-jre.jar" ], '4.16.0': [ "splunk-1.9.3.jar" ], '4.17.0': [ "guava-30.0-jre.jar", "checker-qual-3.33.0.jar", "error_prone_annotations-2.3.4.jar", "j2objc-annotations-1.3.jar" ], '4.17.2': [ "akka-slf4j_2.12-2.5.19.jar", "akka-actor_2.12-2.5.19.jar", "scala-library-2.12.8.jar", "scala-java8-compat_2.12-0.8.0.jar", "log4j-api-2.17.1.jar", "log4j-core-2.17.1.jar", "log4j-slf4j-impl-2.17.1.jar", "slf4j-api-1.7.26.jar", "config-1.3.3.jar" ], '4.18.0': [ "scala-java8-compat_3-1.0.0.jar", "akka-slf4j_3-2.6.21.jar", "akka-actor_3-2.6.21.jar" ] } MAD_JARS = { '4.5.1': [ "com.splunk.sa-itsi-metricad-1.4.2.jar" ], '4.6.2': [ "com.splunk.sa-itsi-metricad-1.4.3.jar", "org.apache.logging.log4j.log4j-api-2.13.1.jar", "org.apache.logging.log4j.log4j-core-2.13.1.jar", "org.apache.logging.log4j.log4j-slf4j-impl-2.13.1.jar" ], '4.7.2': [ "com.softwaremill.sttp.client.async-http-client-backend-future_2.12-2.0.7.jar", "com.softwaremill.sttp.client.async-http-client-backend_2.12-2.0.7.jar", "com.softwaremill.sttp.client.core_2.12-2.0.7.jar", "com.softwaremill.sttp.model.core_2.12-1.0.2.jar", "com.splunk.sa-itsi-metricad-1.4.6.jar", "com.sun.activation.javax.activation-1.2.0.jar", "io.netty.netty-buffer-4.1.46.Final.jar", "io.netty.netty-codec-4.1.46.Final.jar", "io.netty.netty-codec-http-4.1.46.Final.jar", "io.netty.netty-codec-socks-4.1.46.Final.jar", "io.netty.netty-common-4.1.46.Final.jar", "io.netty.netty-handler-4.1.46.Final.jar", "io.netty.netty-handler-proxy-4.1.46.Final.jar", "io.netty.netty-resolver-4.1.46.Final.jar", "io.netty.netty-transport-4.1.46.Final.jar", "org.apache.logging.log4j.log4j-api-2.13.2.jar", "org.apache.logging.log4j.log4j-core-2.13.2.jar", "org.apache.logging.log4j.log4j-slf4j-impl-2.13.2.jar", "org.asynchttpclient.async-http-client-2.11.0.jar", "org.asynchttpclient.async-http-client-netty-utils-2.11.0.jar", "org.scala-lang.modules.scala-xml_2.12-1.2.0.jar" ], '4.7.3': [ "com.splunk.sa-itsi-metricad-1.4.13.jar", "org.apache.logging.log4j.log4j-api-2.15.0.jar", "org.apache.logging.log4j.log4j-core-2.15.0.jar", "org.apache.logging.log4j.log4j-slf4j-impl-2.15.0.jar" ], '4.8.1': [ "com.splunk.sa-itsi-metricad-1.4.14.jar", "io.netty.netty-buffer-4.1.68.Final.jar", "io.netty.netty-codec-4.1.68.Final.jar", "io.netty.netty-codec-http-4.1.68.Final.jar", "io.netty.netty-codec-socks-4.1.68.Final.jar", "io.netty.netty-common-4.1.68.Final.jar", "io.netty.netty-handler-4.1.68.Final.jar", "io.netty.netty-handler-proxy-4.1.68.Final.jar", "io.netty.netty-resolver-4.1.68.Final.jar", "io.netty.netty-transport-4.1.68.Final.jar" ], '4.9.4': [ "com.splunk.sa-itsi-metricad-1.4.7.jar", "io.netty.netty-buffer-4.1.60.Final.jar", "io.netty.netty-codec-4.1.60.Final.jar", "io.netty.netty-codec-http-4.1.60.Final.jar", "io.netty.netty-codec-socks-4.1.60.Final.jar", "io.netty.netty-common-4.1.60.Final.jar", "io.netty.netty-handler-4.1.60.Final.jar", "io.netty.netty-handler-proxy-4.1.60.Final.jar", "io.netty.netty-resolver-4.1.60.Final.jar", "io.netty.netty-transport-4.1.60.Final.jar", "org.apache.logging.log4j.log4j-api-2.13.2.jar", "org.apache.logging.log4j.log4j-core-2.13.2.jar", "org.apache.logging.log4j.log4j-slf4j-impl-2.13.2.jar" ], '4.9.5': [ "com.splunk.sa-itsi-metricad-1.4.13.jar", "org.apache.logging.log4j.log4j-api-2.15.0.jar", "org.apache.logging.log4j.log4j-core-2.15.0.jar", "org.apache.logging.log4j.log4j-slf4j-impl-2.15.0.jar" ], '4.10.1': [ "com.splunk.sa-itsi-metricad-1.4.14.jar" ], '4.10.4': [ "com.splunk.sa-itsi-metricad-1.4.8.jar" ], '4.11.2': [ "com.google.code.gson.gson-1.7.1.jar", "com.splunk.sa-itsi-metricad-1.4.11.jar", "org.apache.logging.log4j.log4j-api-2.16.0.jar", "org.apache.logging.log4j.log4j-core-2.16.0.jar", "org.apache.logging.log4j.log4j-slf4j-impl-2.16.0.jar" ], '4.11.3': [ "com.splunk.sa-itsi-metricad-1.4.16.jar", "org.apache.logging.log4j.log4j-api-2.17.0.jar", "org.apache.logging.log4j.log4j-core-2.17.0.jar", "org.apache.logging.log4j.log4j-slf4j-impl-2.17.0.jar" ], '4.12.1': [ "com.splunk.sa-itsi-metricad-1.4.17.jar" ], '4.14.1': [ "com.splunk.sa-itsi-metricad-1.4.18.jar" ], '4.15.0': [ "com.splunk.splunk-1.6.5.0.jar", "com.splunk.sa-itsi-metricad-1.4.19.jar" ], '4.16.0': [ "com.splunk.splunk-1.9.3.jar", "com.splunk.sa-itsi-metricad-1.4.21.jar" ] } EVENTMANAGEMENT_LIB = make_splunkhome_path(['etc', 'apps', 'SA-ITOA', 'lib', 'java', 'event_management', 'libs']) MAD_LIB = make_splunkhome_path(['etc', 'apps', 'SA-ITSI-MetricAD', 'lib']) EVENTMANAGEMENT_PATH = make_splunkhome_path(['etc', 'apps', 'SA-ITOA', 'lib', 'java', 'event_management']) PEKKO_VERSION = '4.19.0' AKKA_APPLICATION = ['akka_application.conf'] # Configuration Check Operators, which are defines how to compare actual value with expected value. # Check whether two sets equal to each other, data format: # {'op': 'set equals', 'value': ['item1', 'item2', 'item3']} OP_SET_EQUAL = 'set equals' # Check whether two values equal to each other, data format: # {'op': 'equals', value': 'item1'} OP_EQUAL = 'equals' # Check whether two values greater than or equal to each other, data format: # {'op': 'greater_equals', value': 'item1'} OP_GREATER_EQUAL = 'greater_equals' # Check whether two values are boolean equal to each other, data format: # {'op': 'bool_equals', value': 'item1'} OP_BOOL_EQUAL = 'bool_equals' # The configurations for pre-check for each config files CONF_COLLECTIONS = { 'itsi_notable_event_ticketing': { 'accelerated_fields.mod_time': { 'op': OP_EQUAL, 'value': '{"mod_time": 1}' }, 'accelerated_fields.event_id': { 'op': OP_EQUAL, 'value': '{"event_id": 1}' }, 'field.mod_time': { 'op': OP_EQUAL, 'value': 'time' }, 'field.create_time': { 'op': OP_EQUAL, 'value': 'time' } }, 'itsi_notable_event_ref_url': { 'accelerated_fields.mod_time': { 'op': OP_EQUAL, 'value': '{"mod_time": 1}' }, 'field.mod_time': { 'op': OP_EQUAL, 'value': 'time' } }, 'itsi_notable_group_user': { 'accelerated_fields.mod_time': { 'op': OP_EQUAL, 'value': '{"mod_time": 1}' }, 'field.mod_time': { 'op': OP_EQUAL, 'value': 'time' } }, 'itsi_notable_group_system': { 'accelerated_fields.mod_time': { 'op': OP_EQUAL, 'value': '{"mod_time": 1}' }, 'accelerated_fields.is_active': { 'op': OP_EQUAL, 'value': '{"is_active": 1}' }, 'field.mod_time': { 'op': OP_EQUAL, 'value': 'time' }, 'field.start_time': { 'op': OP_EQUAL, 'value': 'time' }, 'field.last_time': { 'op': OP_EQUAL, 'value': 'time' }, 'field.is_active': { 'op': OP_EQUAL, 'value': 'number' }, 'field.event_count': { 'op': OP_EQUAL, 'value': 'number' } } } CONF_TRANSFORMS = { 'itsi_notable_event_external_ticket': { 'fields_list': { 'op': OP_SET_EQUAL, 'value': ('_key', '_user', 'create_time', 'object_type', 'ticket_system', 'event_id', 'mod_time', 'ticket_system', 'tickets.ticket_id', 'tickets.ticket_url', 'tickets.ticket_system', 'itsi_policy_id') } }, 'itsi_notable_event_ref_url': { 'fields_list': { 'op': OP_SET_EQUAL, 'value': ('_key', '_user', 'event_id', 'object_type', 'url', 'description', 'mod_time', 'itsi_policy_id') } }, 'itsi_notable_group_user_lookup': { 'fields_list': { 'op': OP_SET_EQUAL, 'value': ('_key', '_user', 'event_identifier_hash', 'object_type', 'status', 'severity', 'owner', 'instruction', 'mod_time', 'itsi_policy_id') } }, 'itsi_notable_group_system_lookup': { 'fields_list': { 'op': OP_SET_EQUAL, 'value': ('_key', '_user', 'event_count', 'object_type', 'start_time', 'last_time', 'is_active', 'title', 'description', 'mod_time', 'policy_id', 'itsi_policy_id', 'parent_group_id', 'split_by_hash', 'first_event_id', 'group_template_id', 'action_rule_keys') } } } CONF_COMMANDS = { 'itsirulesengine': { 'command.arg.1': { 'op': OP_GREATER_EQUAL, 'value': 2048 } } } CONF_SAVEDSEARCHES = { 'itsi_event_grouping': { 'cron_schedule': { 'op': OP_EQUAL, 'value': '* * * * *' }, 'dispatch.earliest_time': { 'op': OP_EQUAL, 'value': 'rt' }, 'dispatch.latest_time': { 'op': OP_EQUAL, 'value': 'rt' }, 'enableSched': { 'op': OP_BOOL_EQUAL, 'value': "1" } } } # Collection expected to exist during precheck EXPECTED_COLLECTIONS = ( 'itsi_notable_event_aggregation_policy', 'itsi_notable_event_actions_queue', 'itsi_notable_event_ticketing', 'itsi_notable_event_ref_url', 'itsi_notable_event_tag', 'itsi_notable_group_system', 'itsi_notable_group_user' ) COLLECTION_STATS_URL = safeURLQuote('/services/server/introspection/kvstore/collectionstats') KVSTORE_COLLECTION_SIZE_LIMIT_DEFAULT = 1050000 ENTITY_TYPE_OBJECT_URL = safeURLQuote('/servicesNS/nobody/SA-ITOA/itoa_interface/entity_type') UPGRADE_TIMEOUT = 18000 PREP_TIMEOUT = 1800 TRANSFORM_TIMEOUT = 14400