├── .coveragerc ├── .env ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── custom.md │ └── feature_request.md ├── PULL_REQUEST_TEMPLATE │ └── pr_template.md ├── dependabot.yaml └── workflows │ ├── release.yml │ └── test.yml ├── .gitignore ├── .pylintrc ├── CHANGELOG.md ├── CONTRIBUTING.md ├── Commands.conf.spec.xlsx ├── LICENSE ├── MANIFEST.in ├── Makefile ├── README.md ├── docker-compose.yml ├── docs ├── CSS │ ├── epub.css │ └── splunk_customizations.css ├── Makefile ├── _templates │ └── layout.html ├── binding.rst ├── client.rst ├── conf.py ├── data.rst ├── index.rst ├── make.bat ├── modularinput.rst ├── munge_links.sh ├── results.rst ├── searchcommands.rst └── searchcommandsvalidators.rst ├── pytest.ini ├── scripts ├── build-env.py ├── templates │ └── env.template └── test_specific.sh ├── setup.py ├── sitecustomize.py ├── splunklib ├── __init__.py ├── binding.py ├── client.py ├── data.py ├── modularinput │ ├── __init__.py │ ├── argument.py │ ├── event.py │ ├── event_writer.py │ ├── input_definition.py │ ├── scheme.py │ ├── script.py │ ├── utils.py │ └── validation_definition.py ├── results.py ├── searchcommands │ ├── __init__.py │ ├── decorators.py │ ├── environment.py │ ├── eventing_command.py │ ├── external_search_command.py │ ├── generating_command.py │ ├── internals.py │ ├── reporting_command.py │ ├── search_command.py │ ├── streaming_command.py │ └── validators.py ├── six.py └── utils.py ├── tests ├── README.md ├── data │ ├── custom_search │ │ ├── hashtags.baseline │ │ ├── hashtags.in │ │ ├── multibyte_input.gz │ │ ├── tophashtags.baseline │ │ ├── tophashtags.in │ │ ├── usercount.baseline │ │ ├── usercount.in │ │ └── v1_search_input.gz │ ├── results.xml │ ├── services.server.info.xml │ ├── services.xml │ └── streaming_results.xml ├── modularinput │ ├── data │ │ ├── argument_with_defaults.xml │ │ ├── argument_without_defaults.xml │ │ ├── conf_with_0_inputs.xml │ │ ├── conf_with_2_inputs.xml │ │ ├── conf_with_invalid_inputs.xml │ │ ├── event_maximal.xml │ │ ├── event_minimal.xml │ │ ├── scheme_with_defaults.xml │ │ ├── scheme_without_defaults.xml │ │ ├── scheme_without_defaults_and_argument_title.xml │ │ ├── stream_with_one_event.xml │ │ ├── stream_with_two_events.xml │ │ ├── validation.xml │ │ └── validation_error.xml │ ├── modularinput_testlib.py │ ├── test_event.py │ ├── test_input_definition.py │ ├── test_scheme.py │ ├── test_script.py │ └── test_validation_definition.py ├── searchcommands │ ├── __init__.py │ ├── apps │ │ ├── app_with_logging_configuration │ │ │ ├── bin │ │ │ │ └── empty-directory │ │ │ ├── default │ │ │ │ ├── alternative-logging.conf │ │ │ │ └── logging.conf │ │ │ └── logging.conf │ │ └── app_without_logging_configuration │ │ │ ├── bin │ │ │ └── empty-directory │ │ │ └── default │ │ │ └── empty-directory │ ├── chunked_data_stream.py │ ├── test_apps │ │ ├── eventing_app │ │ │ ├── bin │ │ │ │ └── eventingcsc.py │ │ │ ├── default │ │ │ │ ├── app.conf │ │ │ │ └── commands.conf │ │ │ └── metadata │ │ │ │ └── default.meta │ │ ├── generating_app │ │ │ ├── bin │ │ │ │ └── generatingcsc.py │ │ │ ├── default │ │ │ │ ├── app.conf │ │ │ │ └── commands.conf │ │ │ └── metadata │ │ │ │ └── default.meta │ │ ├── reporting_app │ │ │ ├── bin │ │ │ │ └── reportingcsc.py │ │ │ ├── default │ │ │ │ ├── app.conf │ │ │ │ └── commands.conf │ │ │ └── metadata │ │ │ │ └── default.meta │ │ └── streaming_app │ │ │ ├── bin │ │ │ └── streamingcsc.py │ │ │ ├── default │ │ │ ├── app.conf │ │ │ └── commands.conf │ │ │ └── metadata │ │ │ └── default.meta │ ├── test_builtin_options.py │ ├── test_configuration_settings.py │ ├── test_csc_apps.py │ ├── test_decorators.py │ ├── test_generator_command.py │ ├── test_internals_v1.py │ ├── test_internals_v2.py │ ├── test_multibyte_processing.py │ ├── test_reporting_command.py │ ├── test_search_command.py │ ├── test_streaming_command.py │ └── test_validators.py ├── test_all.py ├── test_app.py ├── test_binding.py ├── test_collection.py ├── test_conf.py ├── test_data.py ├── test_event_type.py ├── test_fired_alert.py ├── test_index.py ├── test_input.py ├── test_job.py ├── test_kvstore_batch.py ├── test_kvstore_conf.py ├── test_kvstore_data.py ├── test_logger.py ├── test_macro.py ├── test_message.py ├── test_modular_input.py ├── test_modular_input_kinds.py ├── test_results.py ├── test_role.py ├── test_saved_search.py ├── test_service.py ├── test_storage_passwords.py ├── test_user.py ├── test_utils.py └── testlib.py ├── tox.ini └── utils ├── __init__.py └── cmdopts.py /.coveragerc: -------------------------------------------------------------------------------- 1 | [run] 2 | omit = 3 | .tox/* 4 | tests/* 5 | -------------------------------------------------------------------------------- /.env: -------------------------------------------------------------------------------- 1 | # Splunk host (default: localhost) 2 | host=localhost 3 | # Splunk admin port (default: 8089) 4 | port=8089 5 | # Splunk username 6 | username=admin 7 | # Splunk password 8 | password=changed! 9 | # Access scheme (default: https) 10 | scheme=https 11 | # Your version of Splunk (default: 6.2) 12 | version=9.0 13 | # Bearer token for authentication 14 | #splunkToken="" 15 | # Session key for authentication 16 | #token="" 17 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | tests/searchcommands/recordings/** binary 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Logs or Screenshots** 24 | If applicable, add logs or screenshots to help explain your problem. 25 | 26 | **Splunk (please complete the following information):** 27 | - Version: [e.g. 8.0.5] 28 | - OS: [e.g. Ubuntu 20.04.1] 29 | - Deployment: [e.g. single-instance] 30 | 31 | **SDK (please complete the following information):** 32 | - Version: [e.g. 1.6.14] 33 | - Language Runtime Version: [e.g. Python 3.7] 34 | - OS: [e.g. MacOS 10.15.7] 35 | 36 | **Additional context** 37 | Add any other context about the problem here. 38 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/custom.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Custom issue template 3 | about: Describe this issue template's purpose here. 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | 11 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE/pr_template.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Pull Request Template 3 | about: Create a Pull Request to contribute to the SDK 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | ## Description of PR 11 | 12 | Provide the **context and motivation** for this PR. 13 | Briefly explain the **type of changes** (bug fix, feature request, doc update, etc.) made in this PR. Provide reference to issue # fixed, if applicable. 14 | 15 | Describe the approach to the solution, the changes made, and any resulting change in behavior or impact to the user. 16 | 17 | ## Testing the changes 18 | 19 | Please ensure tests are added for your changes. 20 | Include details of **types of tests** written for the changes in the PR and any **test setup and configuration** required to run the tests. 21 | Mention the **versions of the SDK, language runtime, OS and details of Splunk deployment** used in testing. 22 | 23 | ## Documentation 24 | 25 | Please ensure **comments** are added for your changes and any **relevant docs** (readme, reference docs, etc.) are updated. 26 | Include any references to documentation related to the changes. 27 | 28 | ## Dependencies and other resources 29 | 30 | Provide references to PRs or things **dependent on this change** and any relevant PRs or resources like style guides and tools used in this PR. 31 | -------------------------------------------------------------------------------- /.github/dependabot.yaml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "github-actions" 4 | directory: "/" 5 | target-branch: "master" 6 | schedule: 7 | interval: "weekly" 8 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Release 2 | on: 3 | release: 4 | types: [published] 5 | 6 | jobs: 7 | publish: 8 | name: Deploy Release to PyPI 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Checkout source 12 | uses: actions/checkout@v3 13 | - name: Set up Python 14 | uses: actions/setup-python@v4 15 | with: 16 | python-version: 3.7 17 | - name: Install dependencies 18 | run: pip install twine 19 | - name: Build package 20 | run: python setup.py sdist 21 | - name: Publish package to PyPI 22 | uses: pypa/gh-action-pypi-publish@v1.8.10 23 | with: 24 | user: __token__ 25 | password: ${{ secrets.pypi_password }} 26 | - name: Install tox 27 | run: pip install tox 28 | - name: Generate API docs 29 | run: | 30 | rm -rf ./docs/_build 31 | tox -e docs 32 | - name : Docs Upload 33 | uses: actions/upload-artifact@v3 34 | with: 35 | name: python_sdk_docs 36 | path: docs/_build/html 37 | # Test upload 38 | # - name: Publish package to TestPyPI 39 | # uses: pypa/gh-action-pypi-publish@master 40 | # with: 41 | # user: __token__ 42 | # password: ${{ secrets.test_pypi_password }} 43 | # repository_url: https://test.pypi.org/legacy/ 44 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: Python CI 2 | 3 | on: 4 | [ push, pull_request, workflow_dispatch ] 5 | 6 | jobs: 7 | build: 8 | 9 | runs-on: ${{ matrix.os }} 10 | strategy: 11 | matrix: 12 | os: 13 | - ubuntu-latest 14 | python: [ 3.7, 3.9, 3.13] 15 | splunk-version: 16 | - "8.1" 17 | - "8.2" 18 | - "latest" 19 | fail-fast: false 20 | 21 | steps: 22 | - name: Checkout code 23 | uses: actions/checkout@v3 24 | 25 | - name: Run docker compose 26 | run: SPLUNK_VERSION=${{matrix.splunk-version}} docker compose up -d 27 | 28 | - name: Setup Python 29 | uses: actions/setup-python@v4 30 | with: 31 | python-version: ${{ matrix.python }} 32 | 33 | - name: Install tox 34 | run: pip install tox 35 | 36 | - name: Test Execution 37 | run: tox -e py 38 | fossa-scan: 39 | uses: splunk/oss-scanning-public/.github/workflows/oss-scan.yml@main 40 | secrets: inherit -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *.swp 3 | *.idea 4 | *.DS_Store* 5 | *coverage_html_report* 6 | .coverage 7 | .coverage.* 8 | .python-version 9 | .vscode 10 | __stdout__ 11 | docs/_build 12 | build/ 13 | proxypid 14 | proxy.log 15 | MANIFEST 16 | coverage_report 17 | test.log 18 | tests/searchcommands_data/log/ 19 | tests/searchcommands_data/output/ 20 | Test Results*.html 21 | tests/searchcommands/data/app/app.log 22 | splunk_sdk.egg-info/ 23 | dist/ 24 | tests/searchcommands/apps/app_with_logging_configuration/*.log 25 | *.observed 26 | venv/ 27 | .tox 28 | test-reports/ 29 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | ## How to contribute 4 | 5 | If you would like to contribute to this project, see [Contributions to Splunk](https://www.splunk.com/en_us/form/contributions.html) for more information. 6 | 7 | ## Issues and bug reports 8 | 9 | If you're seeing some unexpected behavior with this project, please create an [issue](https://github.com/splunk/splunk-sdk-python/issues) on GitHub with the following information: 10 | 11 | 1. Version of this project you're using (ex: 1.5.0) 12 | 2. Platform version (ex: Windows Server 2012 R2) 13 | 3. Framework version (ex: Python 3.7) 14 | 4. Splunk Enterprise version (ex: 9.0) 15 | 5. Other relevant information (ex: local/remote environment, Splunk network configuration, standalone or distributed deployment, are load balancers used) 16 | 17 | Alternatively, if you have a Splunk question please ask on [Splunk Answers](https://community.splunk.com/t5/Splunk-Development/ct-p/developer-tools). 18 | 19 | ## Pull requests 20 | 21 | We love to see pull requests! 22 | 23 | To create a pull request: 24 | 25 | 1. Fill out the [Individual Contributor Agreement](https://www.splunk.com/en_us/form/contributions.html). 26 | 2. Fork the [repository](https://github.com/splunk/splunk-sdk-python). 27 | 3. Make changes to the **develop** branch, preferably with tests. 28 | 4. Create a [pull request](https://github.com/splunk/splunk-sdk-python/pulls) against the **develop** branch. 29 | 30 | ## Contact us 31 | 32 | If you have a paid Splunk Enterprise or Splunk Cloud license, you can contact [Support](https://www.splunk.com/en_us/support-and-services.html) with questions. 33 | 34 | You can reach the Splunk Developer Platform team at _devinfo@splunk.com_. 35 | 36 | -------------------------------------------------------------------------------- /Commands.conf.spec.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/splunk-sdk-python/ab51ffcd373edbb78419a801b38df01dce7ed49d/Commands.conf.spec.xlsx -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | include README.md -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # text reset 2 | NO_COLOR=\033[0m 3 | # green 4 | OK_COLOR=\033[32;01m 5 | # red 6 | ERROR_COLOR=\033[31;01m 7 | # cyan 8 | WARN_COLOR=\033[36;01m 9 | # yellow 10 | ATTN_COLOR=\033[33;01m 11 | 12 | ROOT_DIR := $(shell git rev-parse --show-toplevel) 13 | 14 | VERSION := `git describe --tags --dirty 2>/dev/null` 15 | COMMITHASH := `git rev-parse --short HEAD 2>/dev/null` 16 | DATE := `date "+%FT%T%z"` 17 | 18 | CONTAINER_NAME := 'splunk' 19 | 20 | .PHONY: all 21 | all: test 22 | 23 | init: 24 | @echo "$(ATTN_COLOR)==> init $(NO_COLOR)" 25 | 26 | .PHONY: docs 27 | docs: 28 | @echo "$(ATTN_COLOR)==> docs $(NO_COLOR)" 29 | @rm -rf ./docs/_build 30 | @tox -e docs 31 | @cd ./docs/_build/html && zip -r ../docs_html.zip . -x ".*" -x "__MACOSX" 32 | @echo "$(ATTN_COLOR)==> Docs pages can be found at ./docs/_build/html, docs bundle available at ./docs/_build/docs_html.zip" 33 | 34 | .PHONY: test 35 | test: 36 | @echo "$(ATTN_COLOR)==> test $(NO_COLOR)" 37 | @tox -e py37,py39 38 | 39 | .PHONY: test_specific 40 | test_specific: 41 | @echo "$(ATTN_COLOR)==> test_specific $(NO_COLOR)" 42 | @sh ./scripts/test_specific.sh 43 | 44 | .PHONY: test_smoke 45 | test_smoke: 46 | @echo "$(ATTN_COLOR)==> test_smoke $(NO_COLOR)" 47 | @tox -e py37,py39 -- -m smoke 48 | 49 | .PHONY: test_no_app 50 | test_no_app: 51 | @echo "$(ATTN_COLOR)==> test_no_app $(NO_COLOR)" 52 | @tox -e py37,py39 -- -m "not app" 53 | 54 | .PHONY: test_smoke_no_app 55 | test_smoke_no_app: 56 | @echo "$(ATTN_COLOR)==> test_smoke_no_app $(NO_COLOR)" 57 | @tox -e py37,py39 -- -m "smoke and not app" 58 | 59 | .PHONY: env 60 | env: 61 | @echo "$(ATTN_COLOR)==> env $(NO_COLOR)" 62 | @echo "To make a .env:" 63 | @echo " [SPLUNK_INSTANCE_JSON] | python scripts/build-env.py" 64 | 65 | .PHONY: env_default 66 | env_default: 67 | @echo "$(ATTN_COLOR)==> env_default $(NO_COLOR)" 68 | @python scripts/build-env.py 69 | 70 | .PHONY: up 71 | up: 72 | @echo "$(ATTN_COLOR)==> up $(NO_COLOR)" 73 | @docker-compose up -d 74 | 75 | .PHONY: remove 76 | remove: 77 | @echo "$(ATTN_COLOR)==> rm $(NO_COLOR)" 78 | @docker-compose rm -f -s 79 | 80 | .PHONY: wait_up 81 | wait_up: 82 | @echo "$(ATTN_COLOR)==> wait_up $(NO_COLOR)" 83 | @for i in `seq 0 180`; do if docker exec -it $(CONTAINER_NAME) /sbin/checkstate.sh &> /dev/null; then break; fi; printf "\rWaiting for Splunk for %s seconds..." $$i; sleep 1; done 84 | 85 | .PHONY: down 86 | down: 87 | @echo "$(ATTN_COLOR)==> down $(NO_COLOR)" 88 | @docker-compose stop 89 | 90 | .PHONY: start 91 | start: up wait_up 92 | 93 | .PHONY: restart 94 | restart: down start 95 | 96 | .PHONY: refresh 97 | refresh: remove start 98 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.6' 2 | 3 | services: 4 | splunk: 5 | image: "splunk/splunk:${SPLUNK_VERSION}" 6 | container_name: splunk 7 | environment: 8 | - SPLUNK_START_ARGS=--accept-license 9 | - SPLUNK_HEC_TOKEN=11111111-1111-1111-1111-1111111111113 10 | - SPLUNK_PASSWORD=changed! 11 | - SPLUNK_APPS_URL=https://github.com/splunk/sdk-app-collection/releases/download/v1.1.0/sdkappcollection.tgz 12 | ports: 13 | - 8000:8000 14 | - 8088:8088 15 | - 8089:8089 16 | healthcheck: 17 | test: ['CMD', 'curl', '-f', 'http://localhost:8000'] 18 | interval: 5s 19 | timeout: 5s 20 | retries: 20 21 | volumes: 22 | - "./tests/searchcommands/test_apps/eventing_app:/opt/splunk/etc/apps/eventing_app" 23 | - "./tests/searchcommands/test_apps/generating_app:/opt/splunk/etc/apps/generating_app" 24 | - "./tests/searchcommands/test_apps/reporting_app:/opt/splunk/etc/apps/reporting_app" 25 | - "./tests/searchcommands/test_apps/streaming_app:/opt/splunk/etc/apps/streaming_app" 26 | - "./splunklib:/opt/splunk/etc/apps/eventing_app/lib/splunklib" 27 | - "./splunklib:/opt/splunk/etc/apps/generating_app/lib/splunklib" 28 | - "./splunklib:/opt/splunk/etc/apps/reporting_app/lib/splunklib" 29 | - "./splunklib:/opt/splunk/etc/apps/streaming_app/lib/splunklib" 30 | -------------------------------------------------------------------------------- /docs/CSS/epub.css: -------------------------------------------------------------------------------- 1 | /* Page background color */ 2 | body { background: transparent } 3 | 4 | /* Headings */ 5 | h1 { font-size: 145% } 6 | 7 | body { 8 | font-family: Arial, sans-serif; 9 | color: #555; 10 | font-size: 13px; 11 | line-height: 18px; 12 | margin:0 auto; 13 | padding-left:5px; 14 | padding-right:5px; 15 | } 16 | 17 | pre {font-weight: bold} 18 | 19 | table { 20 | border-width: 0px; 21 | border-spacing: 0px; 22 | border-style: outset; 23 | border-color: gray; 24 | border-collapse: collapse; 25 | background-color: white; 26 | /*margin-top:15px; */ 27 | margin-bottom: 15px; 28 | } 29 | 30 | th { 31 | border-width: 0px; 32 | padding: 2px 6px 1px 6px; 33 | border-style: inset; 34 | border-color: #e2e2e2; 35 | background-color: #eeeeee; 36 | text-align: left; 37 | } 38 | 39 | td { 40 | border-width: 0px; 41 | padding: 2px 6px 1px 6px; 42 | border-style: inset; 43 | border-color: #e2e2e2; 44 | background-color: white; 45 | } 46 | 47 | a { 48 | color: rgb(8, 89, 130); 49 | text-decoration: none; 50 | } 51 | 52 | /* Font used in left-hand frame lists */ 53 | .FrameTitleFont { font-size: 100%; font-family: Arial, sans-serif; color:#000000 } 54 | .FrameHeadingFont { font-size: 100%; font-family: Arial, sans-serif; color:#000000 } 55 | .FrameItemFont { font-size: 100%; font-family: Arial, sans-serif; color:#000000 } 56 | 57 | 58 | /* Navigation bar fonts and colors */ 59 | .NavBarCell1 { background-color:#EEEEFF; color:#000000} /* Light mauve */ 60 | .NavBarCell1Rev { background-color:#00008B; color:#FFFFFF} /* Dark Blue */ 61 | .NavBarFont1 { font-family: Arial, Helvetica, sans-serif; color:#000000;color:#000000;} 62 | .NavBarFont1Rev { font-family: Arial, Helvetica, sans-serif; color:#FFFFFF;color:#FFFFFF;} 63 | 64 | .NavBarCell2 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF; color:#000000} 65 | .NavBarCell3 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF; color:#000000} 66 | -------------------------------------------------------------------------------- /docs/CSS/splunk_customizations.css: -------------------------------------------------------------------------------- 1 | a.headerlink { display: none; } 2 | 3 | -------------------------------------------------------------------------------- /docs/_templates/layout.html: -------------------------------------------------------------------------------- 1 | {% extends '!layout.html' %} 2 | 3 | {% set css_files = css_files + ["_static/splunk_customizations.css"] %} 4 | 5 | {% set reldelim2 = "" %} 6 | -------------------------------------------------------------------------------- /docs/binding.rst: -------------------------------------------------------------------------------- 1 | splunklib.binding 2 | ----------------- 3 | 4 | .. automodule:: splunklib.binding 5 | 6 | .. autofunction:: connect 7 | 8 | .. autofunction:: handler 9 | 10 | .. autofunction:: namespace 11 | 12 | .. autoclass:: AuthenticationError 13 | :members: 14 | 15 | .. autoclass:: Context 16 | :members: connect, delete, get, get_cookies, has_cookies, login, logout, post, request 17 | 18 | .. autoclass:: HTTPError 19 | :members: 20 | 21 | .. autoclass:: HttpLib 22 | :members: delete, get, post, request 23 | 24 | .. autoclass:: ResponseReader 25 | :members: close, empty, peek, read 26 | -------------------------------------------------------------------------------- /docs/client.rst: -------------------------------------------------------------------------------- 1 | splunklib.client 2 | ---------------- 3 | 4 | .. automodule:: splunklib.client 5 | 6 | .. autofunction:: connect 7 | 8 | .. autoclass:: AmbiguousReferenceException 9 | :members: 10 | 11 | .. autoclass:: Application 12 | :members: setupInfo, package, updateInfo 13 | :inherited-members: 14 | 15 | .. autoclass:: AlertGroup 16 | :members: alerts, count 17 | :inherited-members: 18 | 19 | .. autoclass:: Collection 20 | :members: create, delete 21 | :inherited-members: 22 | 23 | .. autoclass:: ConfigurationFile 24 | :inherited-members: 25 | 26 | .. autoclass:: Configurations 27 | :members: create, delete 28 | :inherited-members: 29 | 30 | .. autoclass:: Endpoint 31 | :members: get, post 32 | :inherited-members: 33 | 34 | .. autoclass:: Entity 35 | :members: access, delete, disable, enable, fields, get, links, name, namespace, post, refresh, reload, update 36 | :inherited-members: 37 | 38 | .. autoclass:: IllegalOperationException 39 | :members: 40 | 41 | .. autoclass:: IncomparableException 42 | :members: 43 | 44 | .. autoclass:: Index 45 | :members: attach, attached_socket, clean, disable, enable, roll_hot_buckets, submit, upload 46 | :inherited-members: 47 | 48 | .. autoclass:: Indexes 49 | :members: default, delete 50 | :inherited-members: 51 | 52 | .. autoclass:: Input 53 | :members: update 54 | :inherited-members: 55 | 56 | .. autoclass:: Inputs 57 | :members: create, delete, itemmeta, kinds, kindpath, list, iter, oneshot 58 | :inherited-members: 59 | 60 | .. autoclass:: InvalidNameException 61 | :members: 62 | 63 | .. autoclass:: Job 64 | :members: cancel, disable_preview, enable_preview, events, finalize, is_done, is_ready, name, pause, refresh, results, preview, searchlog, set_priority, summary, timeline, touch, set_ttl, unpause 65 | :inherited-members: 66 | 67 | .. autoclass:: Jobs 68 | :members: create, export, itemmeta, oneshot 69 | :inherited-members: 70 | 71 | .. autoclass:: KVStoreCollection 72 | :members: data, update_index, update_field 73 | :inherited-members: 74 | 75 | .. autoclass:: KVStoreCollectionData 76 | :members: query, query_by_id, insert, delete, delete_by_id, update, batch_save 77 | :inherited-members: 78 | 79 | .. autoclass:: KVStoreCollections 80 | :members: create 81 | :inherited-members: 82 | 83 | .. autoclass:: Loggers 84 | :members: itemmeta 85 | :inherited-members: 86 | 87 | .. autoclass:: Message 88 | :members: value 89 | :inherited-members: 90 | 91 | .. autoclass:: ModularInputKind 92 | :members: arguments, update 93 | :inherited-members: 94 | 95 | .. autoclass:: NoSuchCapability 96 | :members: 97 | 98 | .. autoclass:: NotSupportedError 99 | :members: 100 | 101 | .. autoclass:: OperationError 102 | :members: 103 | 104 | .. autoclass:: ReadOnlyCollection 105 | :members: itemmeta, iter, list, names 106 | :inherited-members: 107 | 108 | .. autoclass:: Role 109 | :members: grant, revoke 110 | :inherited-members: 111 | 112 | .. autoclass:: Roles 113 | :members: create, delete 114 | :inherited-members: 115 | 116 | .. autoclass:: SavedSearch 117 | :members: acknowledge, alert_count, dispatch, fired_alerts, history, scheduled_times, suppress, suppressed, unsuppress, update 118 | :inherited-members: 119 | 120 | .. autoclass:: SavedSearches 121 | :members: create 122 | :inherited-members: 123 | 124 | .. autoclass:: Service 125 | :members: apps, confs, capabilities, event_types, fired_alerts, indexes, info, inputs, job, jobs, kvstore, loggers, messages, modular_input_kinds, parse, restart, restart_required, roles, search, saved_searches, settings, splunk_version, storage_passwords, users 126 | :inherited-members: 127 | 128 | .. autoclass:: Settings 129 | :members: update 130 | :inherited-members: 131 | 132 | .. autoclass:: Stanza 133 | :members: submit 134 | :inherited-members: 135 | 136 | .. autoclass:: StoragePassword 137 | :members: clear_password, encrypted_password, realm, username 138 | :inherited-members: 139 | 140 | .. autoclass:: StoragePasswords 141 | :members: create, delete 142 | :inherited-members: 143 | 144 | .. autoclass:: User 145 | :members: role_entities 146 | :inherited-members: 147 | 148 | .. autoclass:: Users 149 | :members: create, delete 150 | :inherited-members: 151 | -------------------------------------------------------------------------------- /docs/data.rst: -------------------------------------------------------------------------------- 1 | splunklib.data 2 | -------------- 3 | 4 | .. automodule:: splunklib.data 5 | 6 | .. autofunction:: load 7 | 8 | .. autofunction:: record 9 | 10 | .. autoclass:: Record 11 | :members: 12 | 13 | -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- 1 | Welcome to the API reference for the Splunk SDK for Python, which describes the modules that are included in the SDK. 2 | For more information, see the `Splunk Developer Portal `_. 3 | 4 | .. toctree:: 5 | :maxdepth: 2 6 | :name: SDK for Python API Reference 7 | 8 | binding 9 | client 10 | data 11 | results 12 | modularinput 13 | searchcommands 14 | searchcommandsvalidators 15 | 16 | 17 | :doc:`binding` 18 | -------------- 19 | 20 | :func:`~splunklib.binding.connect` function 21 | 22 | :func:`~splunklib.binding.namespace` function 23 | 24 | :class:`~splunklib.binding.Context` class 25 | 26 | :class:`~splunklib.binding.ResponseReader` class 27 | 28 | 29 | **Exceptions** 30 | 31 | :func:`~splunklib.binding.handler` function 32 | 33 | :class:`~splunklib.binding.AuthenticationError` class 34 | 35 | **Custom HTTP handler** 36 | 37 | :class:`~splunklib.binding.HTTPError` class 38 | 39 | :class:`~splunklib.binding.HttpLib` class 40 | 41 | 42 | :doc:`client` 43 | ------------- 44 | 45 | :func:`~splunklib.client.connect` function 46 | 47 | :class:`~splunklib.client.Service` class 48 | 49 | :class:`~splunklib.client.Endpoint` base class 50 | 51 | 52 | **Entities and collections** 53 | 54 | :class:`~splunklib.client.Entity` class 55 | 56 | :class:`~splunklib.client.Collection` class 57 | 58 | :class:`~splunklib.client.ReadOnlyCollection` class 59 | 60 | :class:`~splunklib.client.Application` class 61 | 62 | :class:`~splunklib.client.AlertGroup` class 63 | 64 | :class:`~splunklib.client.ConfigurationFile` class 65 | 66 | :class:`~splunklib.client.Stanza` class 67 | 68 | :class:`~splunklib.client.Configurations` class 69 | 70 | :class:`~splunklib.client.Index` class 71 | 72 | :class:`~splunklib.client.Indexes` class 73 | 74 | :class:`~splunklib.client.Input` class 75 | 76 | :class:`~splunklib.client.Inputs` class 77 | 78 | :class:`~splunklib.client.Job` class 79 | 80 | :class:`~splunklib.client.Jobs` class 81 | 82 | :class:`~splunklib.client.KVStoreCollection` class 83 | 84 | :class:`~splunklib.client.KVStoreCollectionData` class 85 | 86 | :class:`~splunklib.client.KVStoreCollections` class 87 | 88 | :class:`~splunklib.client.Loggers` class 89 | 90 | :class:`~splunklib.client.Message` class 91 | 92 | :class:`~splunklib.client.ModularInputKind` class 93 | 94 | :class:`~splunklib.client.Role` class 95 | 96 | :class:`~splunklib.client.Roles` class 97 | 98 | :class:`~splunklib.client.SavedSearch` class 99 | 100 | :class:`~splunklib.client.SavedSearches` class 101 | 102 | :class:`~splunklib.client.Settings` class 103 | 104 | :class:`~splunklib.client.StoragePassword` class 105 | 106 | :class:`~splunklib.client.StoragePasswords` class 107 | 108 | :class:`~splunklib.client.User` class 109 | 110 | :class:`~splunklib.client.Users` class 111 | 112 | 113 | **Exceptions** 114 | 115 | :class:`~splunklib.client.AmbiguousReferenceException` class 116 | 117 | :class:`~splunklib.client.IllegalOperationException` class 118 | 119 | :class:`~splunklib.client.IncomparableException` class 120 | 121 | :class:`~splunklib.client.InvalidNameException` class 122 | 123 | :class:`~splunklib.client.NoSuchCapability` class 124 | 125 | :class:`~splunklib.client.NotSupportedError` class 126 | 127 | :class:`~splunklib.client.OperationError` class 128 | 129 | 130 | :doc:`data` 131 | ----------- 132 | 133 | :func:`~splunklib.data.load` function 134 | 135 | :func:`~splunklib.data.record` function 136 | 137 | :class:`~splunklib.data.Record` class 138 | 139 | :doc:`results` 140 | -------------- 141 | 142 | :class:`~splunklib.results.ResultsReader` class 143 | 144 | :class:`~splunklib.results.Message` class 145 | 146 | :doc:`modularinput` 147 | ------------------- 148 | 149 | :class:`~splunklib.modularinput.Argument` class 150 | 151 | :class:`~splunklib.modularinput.Event` class 152 | 153 | :class:`~splunklib.modularinput.EventWriter` class 154 | 155 | :class:`~splunklib.modularinput.InputDefinition` class 156 | 157 | :class:`~splunklib.modularinput.Scheme` class 158 | 159 | :class:`~splunklib.modularinput.Script` class 160 | 161 | :class:`~splunklib.modularinput.ValidationDefinition` class 162 | 163 | :doc:`searchcommands` 164 | --------------------- 165 | 166 | :class:`~splunklib.searchcommands.EventingCommand` class 167 | 168 | :class:`~splunklib.searchcommands.GeneratingCommand` class 169 | 170 | :class:`~splunklib.searchcommands.ReportingCommand` class 171 | 172 | :class:`~splunklib.searchcommands.StreamingCommand` class 173 | 174 | :class:`~splunklib.searchcommands.Option` class 175 | -------------------------------------------------------------------------------- /docs/make.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | REM Command file for Sphinx documentation 4 | 5 | if "%SPHINXBUILD%" == "" ( 6 | set SPHINXBUILD=sphinx-build 7 | ) 8 | set BUILDDIR=_build 9 | set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% . 10 | set I18NSPHINXOPTS=%SPHINXOPTS% . 11 | if NOT "%PAPER%" == "" ( 12 | set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS% 13 | set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS% 14 | ) 15 | 16 | if "%1" == "" goto help 17 | 18 | if "%1" == "help" ( 19 | :help 20 | echo.Please use `make ^` where ^ is one of 21 | echo. html to make standalone HTML files 22 | echo. dirhtml to make HTML files named index.html in directories 23 | echo. singlehtml to make a single large HTML file 24 | echo. pickle to make pickle files 25 | echo. json to make JSON files 26 | echo. htmlhelp to make HTML files and a HTML help project 27 | echo. qthelp to make HTML files and a qthelp project 28 | echo. devhelp to make HTML files and a Devhelp project 29 | echo. epub to make an epub 30 | echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter 31 | echo. text to make text files 32 | echo. man to make manual pages 33 | echo. texinfo to make Texinfo files 34 | echo. gettext to make PO message catalogs 35 | echo. changes to make an overview over all changed/added/deprecated items 36 | echo. linkcheck to check all external links for integrity 37 | echo. doctest to run all doctests embedded in the documentation if enabled 38 | goto end 39 | ) 40 | 41 | if "%1" == "clean" ( 42 | for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i 43 | del /q /s %BUILDDIR%\* 44 | goto end 45 | ) 46 | 47 | if "%1" == "html" ( 48 | %SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html 49 | if errorlevel 1 exit /b 1 50 | echo. 51 | echo.Build finished. The HTML pages are in %BUILDDIR%/html. 52 | goto end 53 | ) 54 | 55 | if "%1" == "dirhtml" ( 56 | %SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml 57 | if errorlevel 1 exit /b 1 58 | echo. 59 | echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml. 60 | goto end 61 | ) 62 | 63 | if "%1" == "singlehtml" ( 64 | %SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml 65 | if errorlevel 1 exit /b 1 66 | echo. 67 | echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml. 68 | goto end 69 | ) 70 | 71 | if "%1" == "pickle" ( 72 | %SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle 73 | if errorlevel 1 exit /b 1 74 | echo. 75 | echo.Build finished; now you can process the pickle files. 76 | goto end 77 | ) 78 | 79 | if "%1" == "json" ( 80 | %SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json 81 | if errorlevel 1 exit /b 1 82 | echo. 83 | echo.Build finished; now you can process the JSON files. 84 | goto end 85 | ) 86 | 87 | if "%1" == "htmlhelp" ( 88 | %SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp 89 | if errorlevel 1 exit /b 1 90 | echo. 91 | echo.Build finished; now you can run HTML Help Workshop with the ^ 92 | .hhp project file in %BUILDDIR%/htmlhelp. 93 | goto end 94 | ) 95 | 96 | if "%1" == "qthelp" ( 97 | %SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp 98 | if errorlevel 1 exit /b 1 99 | echo. 100 | echo.Build finished; now you can run "qcollectiongenerator" with the ^ 101 | .qhcp project file in %BUILDDIR%/qthelp, like this: 102 | echo.^> qcollectiongenerator %BUILDDIR%\qthelp\SplunkPythonSDK.qhcp 103 | echo.To view the help file: 104 | echo.^> assistant -collectionFile %BUILDDIR%\qthelp\SplunkPythonSDK.ghc 105 | goto end 106 | ) 107 | 108 | if "%1" == "devhelp" ( 109 | %SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp 110 | if errorlevel 1 exit /b 1 111 | echo. 112 | echo.Build finished. 113 | goto end 114 | ) 115 | 116 | if "%1" == "epub" ( 117 | %SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub 118 | if errorlevel 1 exit /b 1 119 | echo. 120 | echo.Build finished. The epub file is in %BUILDDIR%/epub. 121 | goto end 122 | ) 123 | 124 | if "%1" == "latex" ( 125 | %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex 126 | if errorlevel 1 exit /b 1 127 | echo. 128 | echo.Build finished; the LaTeX files are in %BUILDDIR%/latex. 129 | goto end 130 | ) 131 | 132 | if "%1" == "text" ( 133 | %SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text 134 | if errorlevel 1 exit /b 1 135 | echo. 136 | echo.Build finished. The text files are in %BUILDDIR%/text. 137 | goto end 138 | ) 139 | 140 | if "%1" == "man" ( 141 | %SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man 142 | if errorlevel 1 exit /b 1 143 | echo. 144 | echo.Build finished. The manual pages are in %BUILDDIR%/man. 145 | goto end 146 | ) 147 | 148 | if "%1" == "texinfo" ( 149 | %SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo 150 | if errorlevel 1 exit /b 1 151 | echo. 152 | echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo. 153 | goto end 154 | ) 155 | 156 | if "%1" == "gettext" ( 157 | %SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale 158 | if errorlevel 1 exit /b 1 159 | echo. 160 | echo.Build finished. The message catalogs are in %BUILDDIR%/locale. 161 | goto end 162 | ) 163 | 164 | if "%1" == "changes" ( 165 | %SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes 166 | if errorlevel 1 exit /b 1 167 | echo. 168 | echo.The overview file is in %BUILDDIR%/changes. 169 | goto end 170 | ) 171 | 172 | if "%1" == "linkcheck" ( 173 | %SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck 174 | if errorlevel 1 exit /b 1 175 | echo. 176 | echo.Link check complete; look for any errors in the above output ^ 177 | or in %BUILDDIR%/linkcheck/output.txt. 178 | goto end 179 | ) 180 | 181 | if "%1" == "doctest" ( 182 | %SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest 183 | if errorlevel 1 exit /b 1 184 | echo. 185 | echo.Testing of doctests in the sources finished, look at the ^ 186 | results in %BUILDDIR%/doctest/output.txt. 187 | goto end 188 | ) 189 | 190 | :end 191 | -------------------------------------------------------------------------------- /docs/modularinput.rst: -------------------------------------------------------------------------------- 1 | splunklib.modularinput 2 | ---------------------- 3 | 4 | .. automodule:: splunklib.modularinput 5 | 6 | .. autoclass:: Argument 7 | :members: 8 | 9 | .. autoclass:: Event 10 | :members: 11 | 12 | .. autoclass:: EventWriter 13 | :members: 14 | 15 | .. autoclass:: InputDefinition 16 | :members: 17 | 18 | .. autoclass:: Scheme 19 | :members: 20 | 21 | .. autoclass:: Script 22 | :members: 23 | 24 | .. autoclass:: ValidationDefinition 25 | :members: 26 | -------------------------------------------------------------------------------- /docs/munge_links.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | TARGET=$1 4 | 5 | for file in $TARGET/*.html; do 6 | echo ${file} 7 | sed -i -e 's/class="reference external"/class="reference external" target="_blank"/g' "${file}" 8 | done 9 | -------------------------------------------------------------------------------- /docs/results.rst: -------------------------------------------------------------------------------- 1 | splunklib.results 2 | ----------------- 3 | 4 | .. automodule:: splunklib.results 5 | 6 | .. autoclass:: Message 7 | 8 | .. autoclass:: JSONResultsReader 9 | -------------------------------------------------------------------------------- /docs/searchcommands.rst: -------------------------------------------------------------------------------- 1 | splunklib.searchcommands 2 | ------------------------ 3 | 4 | .. automodule:: splunklib.searchcommands 5 | 6 | .. autofunction:: dispatch(command_class[, argv=sys.argv, input_file=sys.stdin, output_file=sys.stdout, module_name=None, allow_empty_input=True]) 7 | 8 | .. autoclass:: EventingCommand 9 | :members: 10 | :inherited-members: 11 | :exclude-members: ConfigurationSettings, process, transform 12 | 13 | .. autoclass:: splunklib.searchcommands::EventingCommand.ConfigurationSettings 14 | :members: 15 | :inherited-members: 16 | :exclude-members: configuration_settings, fix_up, items, keys 17 | 18 | .. automethod:: splunklib.searchcommands::EventingCommand.transform 19 | 20 | .. automethod:: splunklib.searchcommands::EventingCommand.process(args=sys.argv[, input_file=sys.stdin, output_file=sys.stdout]) 21 | 22 | .. autoclass:: GeneratingCommand 23 | :members: 24 | :inherited-members: 25 | :exclude-members: ConfigurationSettings, generate, process 26 | 27 | .. autoclass:: splunklib.searchcommands::GeneratingCommand.ConfigurationSettings 28 | :members: 29 | :inherited-members: 30 | :exclude-members: configuration_settings, fix_up, items, keys 31 | 32 | .. automethod:: splunklib.searchcommands::GeneratingCommand.generate 33 | 34 | .. automethod:: splunklib.searchcommands::GeneratingCommand.process(args=sys.argv[, input_file=sys.stdin, output_file=sys.stdout, allow_empty_input=True]) 35 | 36 | .. autoclass:: ReportingCommand 37 | :members: 38 | :inherited-members: 39 | :exclude-members: ConfigurationSettings, map, process, reduce 40 | 41 | .. autoclass:: splunklib.searchcommands::ReportingCommand.ConfigurationSettings 42 | :members: 43 | :inherited-members: 44 | :exclude-members: configuration_settings, fix_up, items, keys 45 | 46 | .. automethod:: splunklib.searchcommands::ReportingCommand.map 47 | 48 | .. automethod:: splunklib.searchcommands::ReportingCommand.process(args=sys.argv[, input_file=sys.stdin, output_file=sys.stdout]) 49 | 50 | .. automethod:: splunklib.searchcommands::ReportingCommand.reduce 51 | 52 | .. autoclass:: StreamingCommand 53 | :members: 54 | :inherited-members: 55 | :exclude-members: ConfigurationSettings, process, stream 56 | 57 | .. autoclass:: splunklib.searchcommands::StreamingCommand.ConfigurationSettings 58 | :members: 59 | :inherited-members: 60 | :exclude-members: configuration_settings, fix_up, items, keys 61 | 62 | .. automethod:: splunklib.searchcommands::StreamingCommand.process(args=sys.argv[, input_file=sys.stdin, output_file=sys.stdout, allow_empty_input=True]) 63 | 64 | .. automethod:: splunklib.searchcommands::StreamingCommand.stream 65 | 66 | .. autoclass:: Configuration 67 | :members: 68 | :inherited-members: 69 | 70 | .. autoclass:: Option 71 | :members: 72 | :inherited-members: 73 | :exclude-members: Item, View, fix_up 74 | 75 | .. autoclass:: Boolean 76 | :members: 77 | :inherited-members: 78 | 79 | .. autoclass:: Duration 80 | :members: 81 | :inherited-members: 82 | 83 | .. autoclass:: File 84 | :members: 85 | :inherited-members: 86 | 87 | .. autoclass:: Integer 88 | :members: 89 | :inherited-members: 90 | 91 | .. autoclass:: Float 92 | :members: 93 | :inherited-members: 94 | 95 | .. autoclass:: RegularExpression 96 | :members: 97 | :inherited-members: 98 | 99 | .. autoclass:: Set 100 | :members: 101 | :inherited-members: 102 | 103 | -------------------------------------------------------------------------------- /docs/searchcommandsvalidators.rst: -------------------------------------------------------------------------------- 1 | splunklib.searchcommands.validators 2 | ----------------------------------- 3 | 4 | .. automodule:: splunklib.searchcommands.validators 5 | 6 | .. autoclass:: Fieldname 7 | :members: 8 | :inherited-members: 9 | 10 | .. autoclass:: Validator 11 | :members: 12 | :inherited-members: 13 | -------------------------------------------------------------------------------- /pytest.ini: -------------------------------------------------------------------------------- 1 | [pytest] 2 | markers = 3 | app: requires sdk-app-collection 4 | smoke: essential smoke tests 5 | 6 | junit_family = 7 | xunit2 8 | -------------------------------------------------------------------------------- /scripts/build-env.py: -------------------------------------------------------------------------------- 1 | # Copyright 2011-2024 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | #!/usr/bin/env python 16 | 17 | import sys 18 | import json 19 | import urllib.parse 20 | import os 21 | from pathlib import Path 22 | from string import Template 23 | 24 | DEFAULT_CONFIG = { 25 | 'host': 'localhost', 26 | 'port': '8089', 27 | 'username': 'admin', 28 | 'password': 'changed!', 29 | 'scheme': 'https', 30 | 'version': '8.0' 31 | } 32 | 33 | DEFAULT_ENV_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', '.env') 34 | 35 | ENV_TEMPLATE_PATH = os.path.join( 36 | os.path.dirname(os.path.realpath(__file__)), 'templates/env.template') 37 | 38 | # { 39 | # "server_roles": { 40 | # "standalone": [ 41 | # { 42 | # "host": "10.224.106.158", 43 | # "ports": { 44 | # "8089/tcp": "10.224.106.158:55759", 45 | # }, 46 | # "splunk": { 47 | # "user_roles": { 48 | # "admin": { 49 | # "password": "Chang3d!", 50 | # "username": "admin" 51 | # } 52 | # }, 53 | # "version": "8.1.0", 54 | # "web_url": "http://10.224.106.158:55761" 55 | # } 56 | # } 57 | # ] 58 | # } 59 | # } 60 | def build_config(json_string): 61 | try: 62 | spec_config = json.loads(json_string) 63 | 64 | server_config = spec_config['server_roles']['standalone'][0] 65 | splunk_config = server_config['splunk'] 66 | 67 | host, port = parse_hostport(server_config['ports']['8089/tcp']) 68 | 69 | return { 70 | 'host': host, 71 | 'port': port, 72 | 'username': splunk_config['user_roles']['admin']['username'], 73 | 'password': splunk_config['user_roles']['admin']['password'], 74 | 'version': splunk_config['version'], 75 | } 76 | except Exception as e: 77 | raise ValueError('Invalid configuration JSON string') from e 78 | 79 | # Source: https://stackoverflow.com/a/53172593 80 | def parse_hostport(host_port): 81 | # urlparse() and urlsplit() insists on absolute URLs starting with "//" 82 | result = urllib.parse.urlsplit('//' + host_port) 83 | return result.hostname, result.port 84 | 85 | def run(variable, env_path=None): 86 | # read JSON from input 87 | # parse the JSON 88 | input_config = build_config(variable) if variable else DEFAULT_CONFIG 89 | 90 | config = {**DEFAULT_CONFIG, **input_config} 91 | 92 | # build a env file 93 | with open(ENV_TEMPLATE_PATH, 'r') as f: 94 | template = Template(f.read()) 95 | 96 | env_string = template.substitute(config) 97 | env_path = DEFAULT_ENV_PATH if env_path is None else env_path 98 | # if no env, dry-run 99 | if not env_path: 100 | print(env_string) 101 | return 102 | 103 | # write the .env file 104 | with open(env_path, 'w') as f: 105 | f.write(env_string) 106 | 107 | if sys.stdin.isatty(): 108 | DATA = None 109 | else: 110 | DATA = sys.stdin.read() 111 | 112 | run(DATA, sys.argv[1] if len(sys.argv) > 1 else None) -------------------------------------------------------------------------------- /scripts/templates/env.template: -------------------------------------------------------------------------------- 1 | # Splunk host (default: localhost) 2 | host=$host 3 | # Splunk admin port (default: 8089) 4 | port=$port 5 | # Splunk username 6 | username=$username 7 | # Splunk password 8 | password=$password 9 | # Access scheme (default: https) 10 | scheme=$scheme 11 | # Your version of Splunk (default: 6.2) 12 | version=$version 13 | # Bearer token for authentication 14 | #splunkToken= 15 | # Session key for authentication 16 | #token= -------------------------------------------------------------------------------- /scripts/test_specific.sh: -------------------------------------------------------------------------------- 1 | echo "To run a specific test:" 2 | echo " tox -e py37,py39 [test_file_path]::[TestClassName]::[test_method]" 3 | echo "For Example, To run 'test_autologin' testcase from 'test_service.py' file run" 4 | echo " tox -e py37 -- tests/test_service.py::ServiceTestCase::test_autologin" 5 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # Copyright © 2011-2024 Splunk, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"): you may 6 | # not use this file except in compliance with the License. You may obtain 7 | # a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | 17 | from setuptools import setup 18 | 19 | import splunklib 20 | 21 | setup( 22 | author="Splunk, Inc.", 23 | 24 | author_email="devinfo@splunk.com", 25 | 26 | description="The Splunk Software Development Kit for Python.", 27 | 28 | license="http://www.apache.org/licenses/LICENSE-2.0", 29 | 30 | name="splunk-sdk", 31 | 32 | packages = ["splunklib", 33 | "splunklib.modularinput", 34 | "splunklib.searchcommands"], 35 | 36 | install_requires=[ 37 | "deprecation", 38 | ], 39 | 40 | url="http://github.com/splunk/splunk-sdk-python", 41 | 42 | version=splunklib.__version__, 43 | 44 | classifiers = [ 45 | "Programming Language :: Python", 46 | "Development Status :: 6 - Mature", 47 | "Environment :: Other Environment", 48 | "Intended Audience :: Developers", 49 | "License :: OSI Approved :: Apache Software License", 50 | "Operating System :: OS Independent", 51 | "Topic :: Software Development :: Libraries :: Python Modules", 52 | "Topic :: Software Development :: Libraries :: Application Frameworks", 53 | ], 54 | ) 55 | -------------------------------------------------------------------------------- /sitecustomize.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # Copyright © 2011-2024 Splunk, Inc. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"): you may 6 | # not use this file except in compliance with the License. You may obtain 7 | # a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 13 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 14 | # License for the specific language governing permissions and limitations 15 | # under the License. 16 | 17 | # This file is required for running coverage.py 18 | 19 | try: 20 | import coverage 21 | coverage.process_startup() 22 | except: 23 | pass 24 | -------------------------------------------------------------------------------- /splunklib/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright © 2011-2024 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | """Python library for Splunk.""" 16 | 17 | import logging 18 | 19 | DEFAULT_LOG_FORMAT = '%(asctime)s, Level=%(levelname)s, Pid=%(process)s, Logger=%(name)s, File=%(filename)s, ' \ 20 | 'Line=%(lineno)s, %(message)s' 21 | DEFAULT_DATE_FORMAT = '%Y-%m-%d %H:%M:%S %Z' 22 | 23 | 24 | # To set the logging level of splunklib 25 | # ex. To enable debug logs, call this method with parameter 'logging.DEBUG' 26 | # default logging level is set to 'WARNING' 27 | def setup_logging(level, log_format=DEFAULT_LOG_FORMAT, date_format=DEFAULT_DATE_FORMAT): 28 | logging.basicConfig(level=level, 29 | format=log_format, 30 | datefmt=date_format) 31 | 32 | 33 | __version_info__ = (2, 1, 0) 34 | __version__ = ".".join(map(str, __version_info__)) 35 | -------------------------------------------------------------------------------- /splunklib/modularinput/__init__.py: -------------------------------------------------------------------------------- 1 | """The following imports allow these classes to be imported via 2 | the splunklib.modularinput package like so: 3 | 4 | from splunklib.modularinput import * 5 | """ 6 | from .argument import Argument 7 | from .event import Event 8 | from .event_writer import EventWriter 9 | from .input_definition import InputDefinition 10 | from .scheme import Scheme 11 | from .script import Script 12 | from .validation_definition import ValidationDefinition 13 | -------------------------------------------------------------------------------- /splunklib/modularinput/argument.py: -------------------------------------------------------------------------------- 1 | # Copyright © 2011-2024 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | import xml.etree.ElementTree as ET 16 | 17 | class Argument: 18 | 19 | """Class representing an argument to a modular input kind. 20 | 21 | ``Argument`` is meant to be used with ``Scheme`` to generate an XML 22 | definition of the modular input kind that Splunk understands. 23 | 24 | ``name`` is the only required parameter for the constructor. 25 | 26 | **Example with least parameters**:: 27 | 28 | arg1 = Argument(name="arg1") 29 | 30 | **Example with all parameters**:: 31 | 32 | arg2 = Argument( 33 | name="arg2", 34 | description="This is an argument with lots of parameters", 35 | validation="is_pos_int('some_name')", 36 | data_type=Argument.data_type_number, 37 | required_on_edit=True, 38 | required_on_create=True 39 | ) 40 | """ 41 | 42 | # Constant values, do not change. 43 | # These should be used for setting the value of an Argument object's data_type field. 44 | data_type_boolean = "BOOLEAN" 45 | data_type_number = "NUMBER" 46 | data_type_string = "STRING" 47 | 48 | def __init__(self, name, description=None, validation=None, 49 | data_type=data_type_string, required_on_edit=False, required_on_create=False, title=None): 50 | """ 51 | :param name: ``string``, identifier for this argument in Splunk. 52 | :param description: ``string``, human-readable description of the argument. 53 | :param validation: ``string`` specifying how the argument should be validated, if using internal validation. 54 | If using external validation, this will be ignored. 55 | :param data_type: ``string``, data type of this field; use the class constants. 56 | "data_type_boolean", "data_type_number", or "data_type_string". 57 | :param required_on_edit: ``Boolean``, whether this arg is required when editing an existing modular input of this kind. 58 | :param required_on_create: ``Boolean``, whether this arg is required when creating a modular input of this kind. 59 | :param title: ``String``, a human-readable title for the argument. 60 | """ 61 | self.name = name 62 | self.description = description 63 | self.validation = validation 64 | self.data_type = data_type 65 | self.required_on_edit = required_on_edit 66 | self.required_on_create = required_on_create 67 | self.title = title 68 | 69 | def add_to_document(self, parent): 70 | """Adds an ``Argument`` object to this ElementTree document. 71 | 72 | Adds an subelement to the parent element, typically 73 | and sets up its subelements with their respective text. 74 | 75 | :param parent: An ``ET.Element`` to be the parent of a new subelement 76 | :returns: An ``ET.Element`` object representing this argument. 77 | """ 78 | arg = ET.SubElement(parent, "arg") 79 | arg.set("name", self.name) 80 | 81 | if self.title is not None: 82 | ET.SubElement(arg, "title").text = self.title 83 | 84 | if self.description is not None: 85 | ET.SubElement(arg, "description").text = self.description 86 | 87 | if self.validation is not None: 88 | ET.SubElement(arg, "validation").text = self.validation 89 | 90 | # add all other subelements to this Argument, represented by (tag, text) 91 | subelements = [ 92 | ("data_type", self.data_type), 93 | ("required_on_edit", self.required_on_edit), 94 | ("required_on_create", self.required_on_create) 95 | ] 96 | 97 | for name, value in subelements: 98 | ET.SubElement(arg, name).text = str(value).lower() 99 | 100 | return arg 101 | -------------------------------------------------------------------------------- /splunklib/modularinput/event.py: -------------------------------------------------------------------------------- 1 | # Copyright © 2011-2024 Splunk, Inc. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"): you may 4 | # not use this file except in compliance with the License. You may obtain 5 | # a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 12 | # License for the specific language governing permissions and limitations 13 | # under the License. 14 | 15 | from io import TextIOBase 16 | import xml.etree.ElementTree as ET 17 | 18 | from splunklib.utils import ensure_str 19 | 20 | 21 | class Event: 22 | """Represents an event or fragment of an event to be written by this modular input to Splunk. 23 | 24 | To write an input to a stream, call the ``write_to`` function, passing in a stream. 25 | """ 26 | def __init__(self, data=None, stanza=None, time=None, host=None, index=None, source=None, 27 | sourcetype=None, done=True, unbroken=True): 28 | """There are no required parameters for constructing an Event 29 | 30 | **Example with minimal configuration**:: 31 | 32 | my_event = Event( 33 | data="This is a test of my new event.", 34 | stanza="myStanzaName", 35 | time="%.3f" % 1372187084.000 36 | ) 37 | 38 | **Example with full configuration**:: 39 | 40 | excellent_event = Event( 41 | data="This is a test of my excellent event.", 42 | stanza="excellenceOnly", 43 | time="%.3f" % 1372274622.493, 44 | host="localhost", 45 | index="main", 46 | source="Splunk", 47 | sourcetype="misc", 48 | done=True, 49 | unbroken=True 50 | ) 51 | 52 | :param data: ``string``, the event's text. 53 | :param stanza: ``string``, name of the input this event should be sent to. 54 | :param time: ``float``, time in seconds, including up to 3 decimal places to represent milliseconds. 55 | :param host: ``string``, the event's host, ex: localhost. 56 | :param index: ``string``, the index this event is specified to write to, or None if default index. 57 | :param source: ``string``, the source of this event, or None to have Splunk guess. 58 | :param sourcetype: ``string``, source type currently set on this event, or None to have Splunk guess. 59 | :param done: ``boolean``, is this a complete ``Event``? False if an ``Event`` fragment. 60 | :param unbroken: ``boolean``, Is this event completely encapsulated in this ``Event`` object? 61 | """ 62 | self.data = data 63 | self.done = done 64 | self.host = host 65 | self.index = index 66 | self.source = source 67 | self.sourceType = sourcetype 68 | self.stanza = stanza 69 | self.time = time 70 | self.unbroken = unbroken 71 | 72 | def write_to(self, stream): 73 | """Write an XML representation of self, an ``Event`` object, to the given stream. 74 | 75 | The ``Event`` object will only be written if its data field is defined, 76 | otherwise a ``ValueError`` is raised. 77 | 78 | :param stream: stream to write XML to. 79 | """ 80 | if self.data is None: 81 | raise ValueError("Events must have at least the data field set to be written to XML.") 82 | 83 | event = ET.Element("event") 84 | if self.stanza is not None: 85 | event.set("stanza", self.stanza) 86 | event.set("unbroken", str(int(self.unbroken))) 87 | 88 | # if a time isn't set, let Splunk guess by not creating a