admingit
/
SH-Deployer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
SH-Deployer/apps/SA-ITOA/lib/ITOA/event_management/ace_interface.py

86 lines
3.7 KiB
Raw Permalink Blame History

# Copyright (C) 2005-2025 Splunk Inc. All Rights Reserved.
import json
import sys
from splunk.clilib.bundle_paths import make_splunkhome_path
sys.path.append(make_splunkhome_path(['etc', 'apps', 'SA-ITOA', 'lib']))
sys.path.append(make_splunkhome_path(['etc', 'apps', 'SA-ITOA', 'lib', 'SA_ITOA_app_common']))
from SA_ITOA_app_common.splunklib import results
from itsi.itsi_utils import ITOAInterfaceUtils
from ITOA.rest_interface_provider_base import ItoaInterfaceProviderBase
from ITOA.controller_utils import ITOAError
from ITOA.setup_logging import logger
from ITOA.event_management.notable_event_seed_group import NotableEventSeedGroup
class AceInterfaceProvider(ItoaInterfaceProviderBase):
def __init__(self, session_key, current_user, rest_method):
self.session_key = session_key
self.current_user = current_user
self.rest_method = rest_method.upper()
def handle_save_seed_groups_from_search_id(self, sid):
"""
Will save seed groups to the kvstore based on a search id of a search that has already been executed
@type: basestring
@param sid: the search id of the search which has the seed group information
"""
offset = 0
group_ids = []
# ACE returns a maximum of 200 events, so this loop will break when no more results are found
while True:
params = {
"output_mode": "json",
"count": 50,
"offset": offset
}
try:
service = ITOAInterfaceUtils.service_connection(self.session_key, app_name="SA-ITOA")
search_job = service.jobs[sid]
reader = results.JSONResultsReader(search_job.results(**params))
content = [result for result in reader if isinstance(result, dict)]
except Exception as e:
logger.exception(e)
logger.info('Could not find search with sid: {}, seed group save failed'.format(sid))
raise ITOAError(status='400', message='Could not find search with sid: {}, seed group save failed.'.format(sid))
try:
data_list = content
# if there are no results returned, then we are done reading results
if len(data_list) == 0:
break
data_list = [json.loads(data['_raw']) for data in data_list]
seed_group = NotableEventSeedGroup(self.session_key)
for data in data_list:
seed_group.convert_search_data_to_group_data(data)
# if this is the first iteration, begin by deleting existing seed groups in KV store
if offset == 0:
if data_list:
data = data_list[0]
policy_id = data.get("policy_id")
if policy_id:
filter_data = {"policy_id": policy_id}
logger.info("Deleting seed groups from KV store of policy %s", policy_id)
seed_group.delete_bulk(None, filter_data=filter_data)
else:
seed_group.delete_bulk(None)
group_ids += seed_group.create_bulk(data_list)
logger.info("Saving seed groups to KV store, current offset: %s", offset)
except Exception as e:
message = str(e)
logger.error('saving seed groups failed with: %s', message)
logger.exception(e)
raise ITOAError(status='500', message=message)
# increment results reader offset by our count
offset += params.get("count")
# response will be an array of group ids
return group_ids
Reference in new issue View Git Blame Copy Permalink