################################################################## # Splunk On Rails v1.0 Sean Dick # # I've tried my hardest to include all of the arguments to supply # to each of the functions I've mirrored, but you'd still be best # advised to refer to the documentation supplied with your splunk # install http://(host):8000/v3 # # Don't forget to change the SERVER variable if you have splunk # installed on another server or running on a different port. # # You are free to use or reference this code in whole or in part # in any application. Let me know if you do: sean@seandick.net # I'd like to hear any suggestions for functional additions. # # This code is provided with no warranty, though it shouldn't # break anything. ################################################################## require 'rexml/document' require 'net/http' SERVER = 'http://localhost:8000/v3/' module Request def splunkQuery (prefix, args, apikey) args['apikey'] = apikey unless apikey.nil? #don't wanna break free licenses url = URI.parse(SERVER) http = Net::HTTP.new(url.host,url.port) res = http.start do |http| req = Net::HTTP::Post.new(url.path + prefix) req.set_form_data(args, '&') http.request(req) end @response = REXML::Document.new(res.body).root return @response end module_function :splunkQuery end ### begin splunk stuff ### module Auth ##### fake key generation method -- apparently splunk hates this##### def generatekey # chars = ("a".."z").to_a + ("0".."9").to_a # generatedKey = "" # 1.upto(30) { |i| generatedKey << chars[rand(chars.size-1)] } # return generatedKey end def getToken (usr, pwd) #lame, but effective Net::HTTP.start('localhost',8000) do |http| response = Hash.from_xml(http.get('/v3/auth/getToken?usr=' + usr + '&pwd=' + pwd, "Accept" => "text/xml").body) @apiKey = response["envelope"]["authToken"] ##### fake apikey method removed, Splunk pukes ##### #@apikey = Auth.generatekey unless @apikey end end def syncAuth (apikey) #no args Request.splunkQuery('auth/syncAuth', {}, apikey) end module_function :generatekey, :getToken, :syncAuth end module Bundle def get (apikey) #placeholder, questions on usage Request.splunkQuery('bundle/get?', {}, apikey) end def set () #id, type, action, raw Request.splunkQuery('bundle/set?', args, apikey) end module_function :get, :set end module Config def get(apikey) #no args Request.splunkQuery('config/get?', {}, apikey) end module_function :get end module Prefs #I have been told all of the user methods are somewhat broken ATM. def get (args,apikey) #key Request.splunkQuery('prefs/get?', args, apikey) end def getDashboardMask (apikey) #no args Request.splunkQuery('prefs/getDashboardMask', {}, apikey) end def getDashboards (apikey) #no args Request.splunkQuery('prefs/getDashboards', {}, apikey) end def set(args, apikey) #placeholder, have questions -- no arguments supplied in documentation Request.splunkQuery('prefs/set?', args, apikey) end module_function :get, :getDashboardMask, :getDashboards end module Saved def all (apikey) #no args Request.splunkQuery('saved/all', {}, apikey) end def delete (args, apikey) #name, isEventType Request.splunkQuery('saved/delete?', args, apikey) end def get (args, apikey) #name, uimeta, isEventType Request.splunkQuery('saved/get?', args, apikey) end def rename (args, apikey) #name, newName, isEventType, notifyIfExist, Request.splunkQuery('saved/rename?', args, apikey) end def set (args , apikey) #query, name, isGlobal, userId, isEventType, tags, priority, enableSched, schedule, relation, quantity, counttype, action_email, sendresults, action_rss, action_script, notifyIfExist Request.splunkQuery('saved/set?', args, apikey) end module_function :set, :get, :rename, :all, :delete end module Splunk def bringthehammer (args, apikey)#id, global, Request.splunkQuery('splunk/bringthehammer?', args, apikey) end def delete #reserved end def ps (apikey) #no args Request.splunkQuery('splunk/ps?', {}, apikey) end def search (args, apikey) #q, clientformat Request.splunkQuery('splunk/search?',args, apikey) end module_function :bringthehammer, :delete, :ps, :search end module Tags def clear (args, apikey) #meta Request.splunkQuery('tags/clear?', args, apikey) end def set (args, apikey) #meta, tags Request.splunkQuery('tags/set?', args, apikey) end module_function :clear, :set end module Typehead def get (args, apikey) #endTime, maxCount, prefix, q, serverList, startTime Request.splunkQuery('typehead/get?', args, apikey) end module_function :get end module Custom def custom (args, apikey) #whatever you want, honestly, skips argument assignment Request.splunkQuery('custom/' + args, {}, apikey) end module_function :custom end ### end splunk stuff ### class SplunkBase #splunk controllers include Request include Auth include Bundle include Config include Prefs include Saved include Splunk include Tags include Typehead include Custom #initialize session, get U & P - irb test function # def initialize # @apikey = nil # puts "enter your username:" # @@usr = gets.strip # puts "enter your password:" # @@pwd = gets.strip # @apikey = Auth.getToken(@@usr,@@pwd) # end #generic query, can be called to make custom queries or extend as needed def splunkQuery(prefix, args) Request.splunkQuery(prefix, args, @apikey) end ################################################################### # splunk actions # ################################################################### ###Auth### def authGetToken(usr, pwd) @apikey = Auth.getToken(usr, pwd) end def authSyncAuth Auth.syncAuth(@apikey) end ###Bundle### def bundleGet #not entirely sure what this is supposed to do Bundle.get(@apikey) end def bundleSet(args) #id, type, action, query Bundle.set(args, @apikey) end ###Config### def configGet Config.get(@apikey) end ###Prefs### def prefsGet(args) #key Prefs.get(args, @apikey) end def prefsGetDashboardMask Prefs.getDashboardMask(@apikey) end def prefsGetDashboards Prefs.getDashboards(@apikey) end def prefsSet(args) #excluded: no arguments supplied in documentation Prefs.set(args, @apikey) end ###Saved### def savedGet(args) #name,meta,isEventType Saved.get(args, @apikey) end def savedSet(args) #query,name,isGlobal,userId,isEventType,tags,priority,enableSched,schedule,relation,quantity,counttype,action_email,sendresults,action_rss,action_script,notifyIfExist Saved.set(args, @apikey) end def savedRename(args) #name,newName,isEventType,notifyIfExist Saved.rename(args, @apikey) end def savedAll Saved.all(@apikey) end def savedDelete(args) #name, isEventType Saved.delete(args, @apikey) end ###Splunk### def splunkBringthehammer(args) #id, global Splunk.bringthehammer(args, @apikey) end def splunkPs Splunk.ps(@apikey) end def splunkSearch(args) #q, clientformat Splunk.search(args, @apikey) end ###Tags### def tagsClear(args) #meta Tags.clear(args,@apikey) end def tagsSet(args) #meta, tags Tags.set(args, @apikey) end ###Typehead### def typeheadGet(args) #endTime, maxCount, prefix, q, serverList, startTime Typehead.get(args, @apikey) end ###Custom### def custom(args) #really generic Custom.custom(args, @apikey) end end