You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
98 lines
3.0 KiB
98 lines
3.0 KiB
# tsidx_scan.py
|
|
# usage: splunk cmd python tsidx_scan.py [path]
|
|
# example: splunk cmd python tsidx_scan.py /opt/splunk/var/lib/splunk
|
|
# run tsidxprobe for each tsidx file found, beginning at the (optional) specified path
|
|
# and output the results to tsidxprobe.YYYY-MM-DD.txt
|
|
# starts at $SPLUNK_DB if path omitted
|
|
|
|
import fnmatch
|
|
import os
|
|
import sys
|
|
import datetime
|
|
import subprocess
|
|
|
|
SPLUNK_HOME= os.environ['SPLUNK_HOME']
|
|
SPLUNK_DB= os.environ['SPLUNK_DB']
|
|
|
|
######
|
|
def tsidxprobe(path):
|
|
"""
|
|
invoke tsidxprobe executable for each *.tsidx in the path and write results to a text file
|
|
"""
|
|
pattern = '*.tsidx'
|
|
if os.name == 'posix': # unix
|
|
cmd = 'tsidxprobe'
|
|
elif os.name == 'nt': # windows
|
|
cmd = 'tsidxprobe.exe'
|
|
else:
|
|
print("unrecognized os.name %s, exiting" % os.name)
|
|
return
|
|
|
|
now = datetime.datetime.now()
|
|
outputfile = "tsidxprobe."+str(now.year)+"-"+str(now.month)+"-"+str(now.day)+".txt"
|
|
binPath = os.path.join(SPLUNK_HOME, "bin")
|
|
|
|
try:
|
|
fd = open(outputfile, "w")
|
|
except IOError as e:
|
|
print("Error %s opening file %s, exiting." % (e,outputfile))
|
|
return
|
|
|
|
fd.write("tsidxprobe report for instance installed in "+SPLUNK_HOME+"\n")
|
|
fd.write("with index located in "+SPLUNK_DB+"\n")
|
|
fd.write("starting path "+path+"\n")
|
|
fd.write("run "+str(now)+"\n\n")
|
|
|
|
for dirpath, dirnames, files in os.walk(path):
|
|
for filename in fnmatch.filter(files, pattern):
|
|
|
|
sys.stdout.write(".")
|
|
sys.stdout.flush()
|
|
|
|
current_file = os.path.join(dirpath, filename)
|
|
args = [os.path.join(binPath,cmd), # path to tsidxprobe binary
|
|
current_file] # path to tsidx file
|
|
proc = subprocess.run(args,
|
|
stdin=None,
|
|
stdout=subprocess.PIPE,
|
|
stderr=None,
|
|
shell=False,
|
|
text=True)
|
|
fd.write("##################################\n")
|
|
results = proc.stdout.splitlines()
|
|
if len(proc.stdout)<1:
|
|
fd.write("### !!! Error: no tsidxprobe results for %s\n" % current_file)
|
|
else:
|
|
for line in results:
|
|
fd.write(line)
|
|
|
|
fd.close()
|
|
print("\n\ntsidx_scan output file: %s\n" % outputfile)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
if sys.version_info.major == 2:
|
|
print("This script must be run using Python 3.")
|
|
sys.exit(1)
|
|
|
|
######
|
|
# if a path is provided, start scanning from there
|
|
# if none, use $SPLUNK_DB
|
|
|
|
argpath=None
|
|
|
|
if len(sys.argv) < 2:
|
|
argpath = SPLUNK_DB
|
|
elif (sys.argv[1] == "-h") or (sys.argv[1] == "--help"):
|
|
print("usage: splunk cmd python tsidx_scan.py [path]")
|
|
print("example: splunk cmd python tsidx_scan.py /opt/splunk/var/lib/splunk")
|
|
else:
|
|
argpath = sys.argv[1]
|
|
|
|
if argpath:
|
|
tsidxprobe(argpath)
|
|
|
|
|
|
|