admingit
/
Splunk_Deploiement
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test3101

Browse Source 
Pushed by: admin
License: 1CFBBDCA-31F (Starter)
Timestamp: 2026-01-31T21:14:41.472689
masterdev
Splunk Git Pusher 3 months ago
parent dd0f2f0e5f
commit 29f638f8f6
9 changed files with 212 additions and 0 deletions
Show Stats Download Patch File Download Diff File

16
apps/alert_logevent/README/alert_actions.conf.spec
Unescape View File

@ -0,0 +1,16 @@
[logevent]
param.event = <string>
* Default value for event content sent to the receiver endpoint, which is eventually indexed
param.host = <string>
* Default field value of the host field of the newly indexed event
param.source = <string>
* Default field value of the source field of the newly indexed event
param.sourcetype = <string>
* Default field value of the sourcetype field of the newly indexed event
param.index = <string>
* Default field value for the destination index of the newly indexed event

19
apps/alert_logevent/README/savedsearches.conf.spec
Unescape View File

@ -0,0 +1,19 @@
# Log event action settings
action.log_event = [0|1]
* Enable log event action
action.logevent.param.event = <string>
* Event content sent to the receiver endpoint, which is eventually indexed
action.logevent.param.host = <string>
* Field value of the host field of the newly indexed event
action.logevent.param.source = <string>
* Field value of the source field of the newly indexed event
action.logevent.param.sourcetype = <string>
* Field value of the sourcetype field of the newly indexed event
action.logevent.param.index = <string>
* Destination index of the newly indexed event

BIN
apps/alert_logevent/appserver/static/logevent.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

55
apps/alert_logevent/bin/logevent.py
Unescape View File

@ -0,0 +1,55 @@
from __future__ import annotations
import sys
import json
from future.moves.urllib.parse import urlencode
from future.moves.urllib.request import urlopen, Request
from future.moves.urllib.error import HTTPError, URLError
from splunk.util import unicode
def log_event(settings, event, source, sourcetype, host, index) -> bool:
if event is None:
sys.stderr.write("ERROR No event provided\n")
return False
query = [('source', source), ('sourcetype', sourcetype), ('index', index)]
if host:
query.append(('host', host))
url = '%s/services/receivers/simple?%s' % (settings.get('server_uri'), urlencode(query))
try:
encoded_body = unicode(event).encode('utf-8')
req = Request(url, encoded_body, {'Authorization': 'Splunk %s' % settings.get('session_key')})
res = urlopen(req)
if 200 <= res.code < 300:
sys.stderr.write("DEBUG receiver endpoint responded with HTTP status=%d\n" % res.code)
return True
else:
sys.stderr.write("ERROR receiver endpoint responded with HTTP status=%d\n" % res.code)
return False
except HTTPError as e:
sys.stderr.write("ERROR Error sending receiver request: %s\n" % e)
except URLError as e:
sys.stderr.write("ERROR Error sending receiver request: %s\n" % e)
except Exception as e:
sys.stderr.write("ERROR Error %s\n" % e)
return False
if __name__ == "__main__":
if len(sys.argv) < 2 or sys.argv[1] != "--execute":
sys.stderr.write("FATAL Unsupported execution mode (expected --execute flag)\n")
sys.exit(1)
try:
settings = json.loads(sys.stdin.read())
config = settings['configuration']
success = log_event(
settings,
event=config.get('event'),
source=config.get('source'),
sourcetype=config.get('sourcetype'),
host=config.get('host'),
index=config.get('index')
)
if not success:
sys.exit(2)
except Exception as e:
sys.stderr.write("ERROR Unexpected error: %s\n" % e)
sys.exit(3)

12
apps/alert_logevent/default/alert_actions.conf
Unescape View File

@ -0,0 +1,12 @@
[logevent]
python.version = latest
is_custom = 1
label = Log Event
description = Send log event to Splunk receiver endpoint
icon_path = logevent.png
payload_format = json
param.source = alert:$name$
param.sourcetype = generic_single_line
param.host =
param.index = main

18
apps/alert_logevent/default/app.conf
Unescape View File

@ -0,0 +1,18 @@
# Version 10.0.2
#
# Splunk app configuration file
#
[ui]
is_visible = 0
label = Log Event Alert Action
[launcher]
author = Splunk
description = Log Event Alert Action
version=10.0.2
[install]
state = enabled
is_configured = 1
allows_disable = false

76
apps/alert_logevent/default/data/ui/alerts/logevent.html
Unescape View File

@ -0,0 +1,76 @@
<form class="form-horizontal form-complex">
<div class="control-group">
<label class="control-label" for="logevent_event">Event</label>
<div class="controls">
<textarea name="action.logevent.param.event" id="logevent_event" style="width: 270px; max-width: 270px; height: 60px;"></textarea>
</div>
</div>
<div class="control-group">
<div class="controls">
<span class="help-block" style="display: block; position: static; width: auto; margin-left: 0;">
Specify event text for the logged event.
<br />
<a href="{{SPLUNKWEB_URL_PREFIX}}/help?location=learnmore.alert.action.logevent" target="_blank"
title="Splunk help">Learn More <i class="icon-external"></i></a>
</span>
</div>
</div>
<div class="control-group">
<label class="control-label" for="logevent_source">Source</label>
<div class="controls">
<input type="text" class="input-xlarge" name="action.logevent.param.source" id="logevent_source" placeholder="alert:$name$"/>
</div>
</div>
<div class="control-group">
<div class="controls">
<span class="help-block" style="display: block; position: static; width: auto; margin-left: 0;">
Value of the <span class="mono-space">source</span> field.
</span>
</div>
</div>
<div class="control-group">
<label class="control-label" for="logevent_sourcetype">Sourcetype</label>
<div class="controls">
<input type="text" class="input-xlarge" name="action.logevent.param.sourcetype" id="logevent_sourcetype" placeholder="generic_single_line"/>
</div>
</div>
<div class="control-group">
<div class="controls">
<span class="help-block" style="display: block; position: static; width: auto; margin-left: 0;">
Value of the <span class="mono-space">sourcetype</span> field.
</span>
</div>
</div>
<div class="control-group">
<label class="control-label" for="logevent_host">Host</label>
<div class="controls">
<input type="text" class="input-xlarge" name="action.logevent.param.host" id="logevent_host" />
</div>
</div>
<div class="control-group">
<div class="controls">
<span class="help-block" style="display: block; position: static; width: auto; margin-left: 0;">
Value of the <span class="mono-space">host</span> field.
</span>
</div>
</div>
<div class="control-group">
<label class="control-label" for="logevent_index">Index</label>
<div class="controls">
<input type="text" class="input-xlarge" name="action.logevent.param.index" id="logevent_index" placeholder="main"/>
</div>
</div>
<div class="control-group">
<div class="controls">
<span class="help-block" style="display: block; position: static; width: auto; margin-left: 0;">
Indicate a destination <span class="mono-space">index</span> for the logged event. Ensure that destination matches an existing index.
</span>
</div>
</div>
</form>

3
apps/alert_logevent/default/restmap.conf
Unescape View File

@ -0,0 +1,3 @@
[validation:savedsearch]
# Require event to be set if logevent action is enabled
action.logevent = case('action.logevent' != "1", null(), 'action.logevent.param.event' == "action.logevent.param.event" OR 'action.logevent.param.event' == "", "No event text specified for log event action", 1==1, null())

13
apps/alert_logevent/metadata/default.meta
Unescape View File

@ -0,0 +1,13 @@
# Application-level permissions
[]
access = read : [ * ], write : [ admin, power ]
[alert_actions]
export = system
[alerts]
export = system
[restmap]
export = system
Write Preview
Loading…
Cancel
Save