You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
426 lines
14 KiB
426 lines
14 KiB
# Copyright (C) 2005-2025 Splunk Inc. All Rights Reserved.
|
|
|
|
from splunk.clilib.bundle_paths import make_splunkhome_path
|
|
from splunk.util import safeURLQuote
|
|
|
|
# NOTE TO DEV: Set this to the last version supported during development
|
|
LAST_SUPPORTED_VERSION = '4.17.0'
|
|
|
|
# NOTE TO DEV: Set this to the latest version during development
|
|
NEW_VERSION = '4.20.0'
|
|
|
|
# The Jars to backup.
|
|
# Whenever you want to backup old jars, add an key-value pair with:
|
|
# key: the last version running with the old jars.
|
|
# value: list of jar files to be backed up
|
|
EVENTMANAGEMENT_JARS = {
|
|
'4.1': [
|
|
"akka-actor_2.11-2.3.15.jar",
|
|
"akka-slf4j_2.11-2.3.15.jar",
|
|
"scala-library-2.11.5.jar",
|
|
"slf4j-api-1.7.21.jar",
|
|
"slf4j-api-1.7.25.jar",
|
|
"config-1.2.1.jar",
|
|
"log4j-api-2.3.jar",
|
|
"log4j-core-2.3.jar",
|
|
"log4j-slf4j-impl-2.3.jar",
|
|
"jackson-annotations-2.3.5.jar",
|
|
"jackson-core-2.3.5.jar",
|
|
"jackson-databind-2.3.5.jar"
|
|
],
|
|
'4.4': [
|
|
"jackson-databind-2.9.9.2.jar",
|
|
"jackson-core-2.9.9.jar",
|
|
"jackson-annotations-2.9.9.jar"
|
|
],
|
|
'4.4.3': [
|
|
"log4j-api-2.5.jar",
|
|
"log4j-core-2.5.jar",
|
|
"log4j-slf4j-impl-2.5.jar"
|
|
],
|
|
'4.5.0': [
|
|
"log4j-api-2.13.1.jar",
|
|
"log4j-core-2.13.1.jar",
|
|
"log4j-slf4j-impl-2.13.1.jar",
|
|
"commons-codec-1.11.jar"
|
|
],
|
|
'4.9.0': [
|
|
"jackson-databind-2.10.0.jar",
|
|
"jackson-core-2.10.0.jar",
|
|
"jackson-annotations-2.10.0.jar"
|
|
],
|
|
'4.9.4': [
|
|
"log4j-api-2.13.2.jar",
|
|
"log4j-core-2.13.2.jar",
|
|
"log4j-slf4j-impl-2.13.2.jar"
|
|
],
|
|
'4.9.5': [
|
|
"log4j-api-2.15.0.jar",
|
|
"log4j-core-2.15.0.jar",
|
|
"log4j-slf4j-impl-2.15.0.jar"
|
|
],
|
|
'4.11.2': [
|
|
"log4j-api-2.16.0.jar",
|
|
"log4j-core-2.16.0.jar",
|
|
"log4j-slf4j-impl-2.16.0.jar"
|
|
],
|
|
'4.11.3': [
|
|
"log4j-api-2.17.0.jar",
|
|
"log4j-core-2.17.0.jar",
|
|
"log4j-slf4j-impl-2.17.0.jar"
|
|
],
|
|
'4.12.1': [
|
|
"jackson-databind-2.10.5.1.jar",
|
|
"jackson-core-2.10.5.jar",
|
|
"jackson-annotations-2.10.5.jar"
|
|
],
|
|
'4.13.2': [
|
|
"guava-30.0-jre.jar"
|
|
],
|
|
'4.15.0': [
|
|
"splunk-sdk-1.5.0.jar"
|
|
],
|
|
'4.15.2': [
|
|
"guava-30.0-jre.jar"
|
|
],
|
|
'4.16.0': [
|
|
"splunk-1.9.3.jar"
|
|
],
|
|
'4.17.0': [
|
|
"guava-30.0-jre.jar",
|
|
"checker-qual-3.33.0.jar",
|
|
"error_prone_annotations-2.3.4.jar",
|
|
"j2objc-annotations-1.3.jar"
|
|
],
|
|
'4.17.2': [
|
|
"akka-slf4j_2.12-2.5.19.jar",
|
|
"akka-actor_2.12-2.5.19.jar",
|
|
"scala-library-2.12.8.jar",
|
|
"scala-java8-compat_2.12-0.8.0.jar",
|
|
"log4j-api-2.17.1.jar",
|
|
"log4j-core-2.17.1.jar",
|
|
"log4j-slf4j-impl-2.17.1.jar",
|
|
"slf4j-api-1.7.26.jar",
|
|
"config-1.3.3.jar"
|
|
],
|
|
'4.18.0': [
|
|
"scala-java8-compat_3-1.0.0.jar",
|
|
"akka-slf4j_3-2.6.21.jar",
|
|
"akka-actor_3-2.6.21.jar"
|
|
],
|
|
'4.19.1': [
|
|
"jackson-annotations-2.13.2.jar",
|
|
"jackson-core-2.13.2.jar",
|
|
"jackson-databind-2.13.2.1.jar"
|
|
]
|
|
}
|
|
|
|
MAD_JARS = {
|
|
'4.5.1': [
|
|
"com.splunk.sa-itsi-metricad-1.4.2.jar"
|
|
],
|
|
'4.6.2': [
|
|
"com.splunk.sa-itsi-metricad-1.4.3.jar",
|
|
"org.apache.logging.log4j.log4j-api-2.13.1.jar",
|
|
"org.apache.logging.log4j.log4j-core-2.13.1.jar",
|
|
"org.apache.logging.log4j.log4j-slf4j-impl-2.13.1.jar"
|
|
],
|
|
'4.7.2': [
|
|
"com.softwaremill.sttp.client.async-http-client-backend-future_2.12-2.0.7.jar",
|
|
"com.softwaremill.sttp.client.async-http-client-backend_2.12-2.0.7.jar",
|
|
"com.softwaremill.sttp.client.core_2.12-2.0.7.jar",
|
|
"com.softwaremill.sttp.model.core_2.12-1.0.2.jar",
|
|
"com.splunk.sa-itsi-metricad-1.4.6.jar",
|
|
"com.sun.activation.javax.activation-1.2.0.jar",
|
|
"io.netty.netty-buffer-4.1.46.Final.jar",
|
|
"io.netty.netty-codec-4.1.46.Final.jar",
|
|
"io.netty.netty-codec-http-4.1.46.Final.jar",
|
|
"io.netty.netty-codec-socks-4.1.46.Final.jar",
|
|
"io.netty.netty-common-4.1.46.Final.jar",
|
|
"io.netty.netty-handler-4.1.46.Final.jar",
|
|
"io.netty.netty-handler-proxy-4.1.46.Final.jar",
|
|
"io.netty.netty-resolver-4.1.46.Final.jar",
|
|
"io.netty.netty-transport-4.1.46.Final.jar",
|
|
"org.apache.logging.log4j.log4j-api-2.13.2.jar",
|
|
"org.apache.logging.log4j.log4j-core-2.13.2.jar",
|
|
"org.apache.logging.log4j.log4j-slf4j-impl-2.13.2.jar",
|
|
"org.asynchttpclient.async-http-client-2.11.0.jar",
|
|
"org.asynchttpclient.async-http-client-netty-utils-2.11.0.jar",
|
|
"org.scala-lang.modules.scala-xml_2.12-1.2.0.jar"
|
|
],
|
|
'4.7.3': [
|
|
"com.splunk.sa-itsi-metricad-1.4.13.jar",
|
|
"org.apache.logging.log4j.log4j-api-2.15.0.jar",
|
|
"org.apache.logging.log4j.log4j-core-2.15.0.jar",
|
|
"org.apache.logging.log4j.log4j-slf4j-impl-2.15.0.jar"
|
|
],
|
|
'4.8.1': [
|
|
"com.splunk.sa-itsi-metricad-1.4.14.jar",
|
|
"io.netty.netty-buffer-4.1.68.Final.jar",
|
|
"io.netty.netty-codec-4.1.68.Final.jar",
|
|
"io.netty.netty-codec-http-4.1.68.Final.jar",
|
|
"io.netty.netty-codec-socks-4.1.68.Final.jar",
|
|
"io.netty.netty-common-4.1.68.Final.jar",
|
|
"io.netty.netty-handler-4.1.68.Final.jar",
|
|
"io.netty.netty-handler-proxy-4.1.68.Final.jar",
|
|
"io.netty.netty-resolver-4.1.68.Final.jar",
|
|
"io.netty.netty-transport-4.1.68.Final.jar"
|
|
],
|
|
'4.9.4': [
|
|
"com.splunk.sa-itsi-metricad-1.4.7.jar",
|
|
"io.netty.netty-buffer-4.1.60.Final.jar",
|
|
"io.netty.netty-codec-4.1.60.Final.jar",
|
|
"io.netty.netty-codec-http-4.1.60.Final.jar",
|
|
"io.netty.netty-codec-socks-4.1.60.Final.jar",
|
|
"io.netty.netty-common-4.1.60.Final.jar",
|
|
"io.netty.netty-handler-4.1.60.Final.jar",
|
|
"io.netty.netty-handler-proxy-4.1.60.Final.jar",
|
|
"io.netty.netty-resolver-4.1.60.Final.jar",
|
|
"io.netty.netty-transport-4.1.60.Final.jar",
|
|
"org.apache.logging.log4j.log4j-api-2.13.2.jar",
|
|
"org.apache.logging.log4j.log4j-core-2.13.2.jar",
|
|
"org.apache.logging.log4j.log4j-slf4j-impl-2.13.2.jar"
|
|
],
|
|
'4.9.5': [
|
|
"com.splunk.sa-itsi-metricad-1.4.13.jar",
|
|
"org.apache.logging.log4j.log4j-api-2.15.0.jar",
|
|
"org.apache.logging.log4j.log4j-core-2.15.0.jar",
|
|
"org.apache.logging.log4j.log4j-slf4j-impl-2.15.0.jar"
|
|
],
|
|
'4.10.1': [
|
|
"com.splunk.sa-itsi-metricad-1.4.14.jar"
|
|
],
|
|
'4.10.4': [
|
|
"com.splunk.sa-itsi-metricad-1.4.8.jar"
|
|
],
|
|
'4.11.2': [
|
|
"com.google.code.gson.gson-1.7.1.jar",
|
|
"com.splunk.sa-itsi-metricad-1.4.11.jar",
|
|
"org.apache.logging.log4j.log4j-api-2.16.0.jar",
|
|
"org.apache.logging.log4j.log4j-core-2.16.0.jar",
|
|
"org.apache.logging.log4j.log4j-slf4j-impl-2.16.0.jar"
|
|
],
|
|
'4.11.3': [
|
|
"com.splunk.sa-itsi-metricad-1.4.16.jar",
|
|
"org.apache.logging.log4j.log4j-api-2.17.0.jar",
|
|
"org.apache.logging.log4j.log4j-core-2.17.0.jar",
|
|
"org.apache.logging.log4j.log4j-slf4j-impl-2.17.0.jar"
|
|
],
|
|
'4.12.1': [
|
|
"com.splunk.sa-itsi-metricad-1.4.17.jar"
|
|
],
|
|
'4.14.1': [
|
|
"com.splunk.sa-itsi-metricad-1.4.18.jar"
|
|
],
|
|
'4.15.0': [
|
|
"com.splunk.splunk-1.6.5.0.jar",
|
|
"com.splunk.sa-itsi-metricad-1.4.19.jar"
|
|
],
|
|
'4.16.0': [
|
|
"com.splunk.splunk-1.9.3.jar",
|
|
"com.splunk.sa-itsi-metricad-1.4.21.jar"
|
|
],
|
|
'4.19.0': [
|
|
"com.typesafe.akka.akka-actor_2.12-2.6.4.jar",
|
|
"com.typesafe.akka.akka-slf4j_2.12-2.6.4.jar",
|
|
"com.typesafe.config-1.4.0.jar",
|
|
"org.slf4j.slf4j-api-1.7.30.jar",
|
|
"io.netty.netty-handler-proxy-4.1.86.Final.jar",
|
|
"io.netty.netty-resolver-4.1.86.Final.jar",
|
|
"io.netty.netty-transport-4.1.86.Final.jar",
|
|
"io.netty.netty-transport-native-unix-common-4.1.86.Final.jar",
|
|
"io.netty.netty-buffer-4.1.86.Final.jar",
|
|
"io.netty.netty-codec-4.1.86.Final.jar",
|
|
"io.netty.netty-codec-http-4.1.86.Final.jar",
|
|
"io.netty.netty-codec-socks-4.1.86.Final.jar",
|
|
"io.netty.netty-common-4.1.86.Final.jar",
|
|
"io.netty.netty-handler-4.1.86.Final.jar"
|
|
]
|
|
}
|
|
|
|
EVENTMANAGEMENT_LIB = make_splunkhome_path(['etc', 'apps', 'SA-ITOA', 'lib', 'java', 'event_management', 'libs'])
|
|
|
|
MAD_LIB = make_splunkhome_path(['etc', 'apps', 'SA-ITSI-MetricAD', 'lib'])
|
|
|
|
EVENTMANAGEMENT_PATH = make_splunkhome_path(['etc', 'apps', 'SA-ITOA', 'lib', 'java', 'event_management'])
|
|
|
|
PEKKO_VERSION = '4.19.0'
|
|
|
|
AKKA_APPLICATION = ['akka_application.conf']
|
|
# Configuration Check Operators, which are defines how to compare actual value with expected value.
|
|
|
|
# Check whether two sets equal to each other, data format:
|
|
# {'op': 'set equals', 'value': ['item1', 'item2', 'item3']}
|
|
OP_SET_EQUAL = 'set equals'
|
|
|
|
# Check whether two values equal to each other, data format:
|
|
# {'op': 'equals', value': 'item1'}
|
|
OP_EQUAL = 'equals'
|
|
|
|
# Check whether two values greater than or equal to each other, data format:
|
|
# {'op': 'greater_equals', value': 'item1'}
|
|
OP_GREATER_EQUAL = 'greater_equals'
|
|
|
|
# Check whether two values are boolean equal to each other, data format:
|
|
# {'op': 'bool_equals', value': 'item1'}
|
|
OP_BOOL_EQUAL = 'bool_equals'
|
|
|
|
# The configurations for pre-check for each config files
|
|
CONF_COLLECTIONS = {
|
|
'itsi_notable_event_ticketing': {
|
|
'accelerated_fields.mod_time': {
|
|
'op': OP_EQUAL,
|
|
'value': '{"mod_time": 1}'
|
|
},
|
|
'accelerated_fields.event_id': {
|
|
'op': OP_EQUAL,
|
|
'value': '{"event_id": 1}'
|
|
},
|
|
'field.mod_time': {
|
|
'op': OP_EQUAL,
|
|
'value': 'time'
|
|
},
|
|
'field.create_time': {
|
|
'op': OP_EQUAL,
|
|
'value': 'time'
|
|
}
|
|
},
|
|
'itsi_notable_event_ref_url': {
|
|
'accelerated_fields.mod_time': {
|
|
'op': OP_EQUAL,
|
|
'value': '{"mod_time": 1}'
|
|
},
|
|
'field.mod_time': {
|
|
'op': OP_EQUAL,
|
|
'value': 'time'
|
|
}
|
|
},
|
|
'itsi_notable_group_user': {
|
|
'accelerated_fields.mod_time': {
|
|
'op': OP_EQUAL,
|
|
'value': '{"mod_time": 1}'
|
|
},
|
|
'field.mod_time': {
|
|
'op': OP_EQUAL,
|
|
'value': 'time'
|
|
}
|
|
},
|
|
'itsi_notable_group_system': {
|
|
'accelerated_fields.mod_time': {
|
|
'op': OP_EQUAL,
|
|
'value': '{"mod_time": 1}'
|
|
},
|
|
'accelerated_fields.is_active': {
|
|
'op': OP_EQUAL,
|
|
'value': '{"is_active": 1}'
|
|
},
|
|
'field.mod_time': {
|
|
'op': OP_EQUAL,
|
|
'value': 'time'
|
|
},
|
|
'field.start_time': {
|
|
'op': OP_EQUAL,
|
|
'value': 'time'
|
|
},
|
|
'field.last_time': {
|
|
'op': OP_EQUAL,
|
|
'value': 'time'
|
|
},
|
|
'field.is_active': {
|
|
'op': OP_EQUAL,
|
|
'value': 'number'
|
|
},
|
|
'field.event_count': {
|
|
'op': OP_EQUAL,
|
|
'value': 'number'
|
|
}
|
|
}
|
|
}
|
|
|
|
CONF_TRANSFORMS = {
|
|
'itsi_notable_event_external_ticket': {
|
|
'fields_list': {
|
|
'op': OP_SET_EQUAL,
|
|
'value': ('_key', '_user', 'create_time', 'object_type', 'ticket_system', 'event_id', 'mod_time',
|
|
'ticket_system', 'tickets.ticket_id', 'tickets.ticket_url', 'tickets.ticket_system',
|
|
'itsi_policy_id')
|
|
}
|
|
},
|
|
'itsi_notable_event_ref_url': {
|
|
'fields_list': {
|
|
'op': OP_SET_EQUAL,
|
|
'value': ('_key', '_user', 'event_id', 'object_type', 'url', 'description', 'mod_time', 'itsi_policy_id')
|
|
}
|
|
},
|
|
'itsi_notable_group_user_lookup': {
|
|
'fields_list': {
|
|
'op': OP_SET_EQUAL,
|
|
'value': ('_key', '_user', 'event_identifier_hash', 'object_type', 'status', 'severity', 'owner',
|
|
'instruction', 'mod_time', 'itsi_policy_id')
|
|
}
|
|
},
|
|
'itsi_notable_group_system_lookup': {
|
|
'fields_list': {
|
|
'op': OP_SET_EQUAL,
|
|
'value': ('_key', '_user', 'event_count', 'object_type', 'start_time', 'last_time', 'is_active', 'title',
|
|
'description', 'mod_time', 'policy_id', 'itsi_policy_id', 'parent_group_id', 'split_by_hash',
|
|
'first_event_id', 'group_template_id', 'action_rule_keys', 'last_execution_time')
|
|
}
|
|
}
|
|
}
|
|
|
|
CONF_COMMANDS = {
|
|
'itsirulesengine': {
|
|
'command.arg.1': {
|
|
'op': OP_GREATER_EQUAL,
|
|
'value': 2048
|
|
}
|
|
}
|
|
}
|
|
|
|
CONF_SAVEDSEARCHES = {
|
|
'itsi_event_grouping': {
|
|
'cron_schedule': {
|
|
'op': OP_EQUAL,
|
|
'value': '* * * * *'
|
|
},
|
|
'dispatch.earliest_time': {
|
|
'op': OP_EQUAL,
|
|
'value': 'rt'
|
|
},
|
|
'dispatch.latest_time': {
|
|
'op': OP_EQUAL,
|
|
'value': 'rt'
|
|
},
|
|
'enableSched': {
|
|
'op': OP_BOOL_EQUAL,
|
|
'value': "1"
|
|
}
|
|
}
|
|
}
|
|
|
|
# Collection expected to exist during precheck
|
|
EXPECTED_COLLECTIONS = (
|
|
'itsi_notable_event_aggregation_policy',
|
|
'itsi_notable_event_actions_queue',
|
|
'itsi_notable_event_ticketing',
|
|
'itsi_notable_event_ref_url',
|
|
'itsi_notable_event_tag',
|
|
'itsi_notable_group_system',
|
|
'itsi_notable_group_user'
|
|
)
|
|
|
|
|
|
COLLECTION_STATS_URL = safeURLQuote('/services/server/introspection/kvstore/collectionstats')
|
|
|
|
KVSTORE_COLLECTION_SIZE_LIMIT_DEFAULT = 1050000
|
|
|
|
ENTITY_TYPE_OBJECT_URL = safeURLQuote('/servicesNS/nobody/SA-ITOA/itoa_interface/entity_type')
|
|
|
|
|
|
UPGRADE_TIMEOUT = 18000
|
|
|
|
PREP_TIMEOUT = 1800
|
|
|
|
TRANSFORM_TIMEOUT = 14400
|