forked from alertmanager/alert_manager
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmodifyincidents.py
More file actions
94 lines (74 loc) · 4.12 KB
/
modifyincidents.py
File metadata and controls
94 lines (74 loc) · 4.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
import sys, time
from splunklib.searchcommands import \
dispatch, StreamingCommand, Configuration, Option, validators
import json
import urllib
import datetime
import splunk.rest as rest
import splunk.input as input
import hashlib
import socket
import splunk
@Configuration()
class ModifyIncidentsCommand(StreamingCommand):
""" %(synopsis)
##Syntax
%(syntax)
##Description
%(description)
"""
status = Option(require=False)
owner = Option(require=False)
urgency = Option(require=False)
comment = Option(require=False)
def stream(self, records):
#self.logger.debug('ModifyIncidentsCommand: %s', self) # logs command line
user = self._input_header.get('owner')
sessionKey = self._input_header.get('sessionKey')
splunk.setDefault('sessionKey', sessionKey)
self.logger.debug("Started")
for record in records:
if 'incident_id' in record:
attrs = {}
if self.status:
attrs.update({"status": self.status})
if self.owner:
attrs.update({"owner": self.owner})
if self.urgency:
attrs.update({"urgency": self.urgency})
self.logger.debug("Attrs: %s" % attrs)
if len(attrs) > 0 or self.comment:
# Get incident
query = {}
query['incident_id'] = record['incident_id']
uri = '/servicesNS/nobody/alert_manager/storage/collections/data/incidents?query=%s' % urllib.quote(json.dumps(query))
serverResponse, incident = rest.simpleRequest(uri, sessionKey=sessionKey)
incident = json.loads(incident)
self.logger.debug("Read incident from collection: %s" % json.dumps(incident[0]))
now = datetime.datetime.now().isoformat()
changed_keys = []
for key in incident[0].keys():
if (key in attrs) and (incident[0][key] != attrs[key]):
changed_keys.append(key)
event_id = hashlib.md5(incident[0]['incident_id'] + now).hexdigest()
event = 'time=%s severity=INFO origin="ModifyIncidentsCommand" event_id="%s" user="%s" action="change" incident_id="%s" %s="%s" previous_%s="%s"' % (now, event_id, user, incident[0]['incident_id'], key, attrs[key], key, incident[0][key])
input.submit(event, hostname = socket.gethostname(), sourcetype = 'incident_change', source = 'modifyincidents.py', index = 'alerts')
incident[0][key] = attrs[key]
if len(changed_keys) > 0:
uri = '/servicesNS/nobody/alert_manager/storage/collections/data/incidents/' + incident[0]['_key']
del incident[0]['_key']
contentsStr = json.dumps(incident[0])
serverResponse, serverContent = rest.simpleRequest(uri, sessionKey=sessionKey, jsonargs=contentsStr)
else:
self.logger.warn("No changed attributes found, aborting.")
if self.comment:
event_id = hashlib.md5(incident[0]['incident_id'] + now).hexdigest()
event = 'time=%s severity=INFO origin="incident_posture" event_id="%s" user="%s" action="comment" incident_id="%s" comment="%s"' % (now, event_id, user, incident[0]['incident_id'], self.comment)
event = event.encode('utf8')
input.submit(event, hostname = socket.gethostname(), sourcetype = 'incident_change', source = 'modifyincidents.py', index = 'alerts')
else:
self.logger.warn("No attributes to modify found, aborting.")
else:
self.logger.warn("No incident_id field found in event, aborting.")
yield record
dispatch(ModifyIncidentsCommand, sys.argv, sys.stdin, sys.stdout, __name__)