Administrator
/
Splunk_Docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c5ff932166'
${ noResults }
Splunk_Docker/files/splunk-etc/apps/alert_logevent/bin/logevent.py

56 lines
2.1 KiB
Raw Blame History

from __future__ import annotations
import sys
import json
from future.moves.urllib.parse import urlencode
from future.moves.urllib.request import urlopen, Request
from future.moves.urllib.error import HTTPError, URLError
from splunk.util import unicode
def log_event(settings, event, source, sourcetype, host, index) -> bool:
if event is None:
sys.stderr.write("ERROR No event provided\n")
return False
query = [('source', source), ('sourcetype', sourcetype), ('index', index)]
if host:
query.append(('host', host))
url = '%s/services/receivers/simple?%s' % (settings.get('server_uri'), urlencode(query))
try:
encoded_body = unicode(event).encode('utf-8')
req = Request(url, encoded_body, {'Authorization': 'Splunk %s' % settings.get('session_key')})
res = urlopen(req)
if 200 <= res.code < 300:
sys.stderr.write("DEBUG receiver endpoint responded with HTTP status=%d\n" % res.code)
return True
else:
sys.stderr.write("ERROR receiver endpoint responded with HTTP status=%d\n" % res.code)
return False
except HTTPError as e:
sys.stderr.write("ERROR Error sending receiver request: %s\n" % e)
except URLError as e:
sys.stderr.write("ERROR Error sending receiver request: %s\n" % e)
except Exception as e:
sys.stderr.write("ERROR Error %s\n" % e)
return False
if __name__ == "__main__":
if len(sys.argv) < 2 or sys.argv[1] != "--execute":
sys.stderr.write("FATAL Unsupported execution mode (expected --execute flag)\n")
sys.exit(1)
try:
settings = json.loads(sys.stdin.read())
config = settings['configuration']
success = log_event(
settings,
event=config.get('event'),
source=config.get('source'),
sourcetype=config.get('sourcetype'),
host=config.get('host'),
index=config.get('index')
)
if not success:
sys.exit(2)
except Exception as e:
sys.stderr.write("ERROR Unexpected error: %s\n" % e)
sys.exit(3)
Reference in new issue View Git Blame Copy Permalink

Powered by BW's shoe-string budget.