LukeMurphey/notable_edit_example.py

## notable_edit_example.py
import splunk
import json

def updateNotableEvents(sessionKey, comment, status=None, urgency=None, owner=None, eventIDs=None, searchID=None):
    """
    Update some notable events.

    Arguments:
    sessionKey -- The session key to use
    comment -- A description of the change or some information about the notable events
    status -- A status (only required if you are changing the status of the event)
    urgency -- An urgency (only required if you are changing the urgency of the event)
    owner -- A nowner (only required if reassigning the event)
    eventIDs -- A list of notable event IDs (must be provided if a search ID is not provided)
    searchID -- An ID of a search. All of the events associated with this search will be modified unless a list of eventIDs are provided that limit the scope to a sub-set of the results.
    """

    # Make sure that the session ID was provided
    if sessionKey is None:
        raise Exception("A session key was not provided")

    # Make sure that rule IDs and/or a search ID is provided
    if eventIDs is None and searchID is None:
        raise Exception("Either eventIDs of a searchID must be provided (or both)")
        return False

    # These the arguments to the REST handler
    args = {}
    args['comment'] = comment

    if status is not None:
        args['status'] = status

    if urgency is not None:
        args['urgency'] = urgency

    if owner is not None:
        args['newOwner'] = owner

    # Provide the list of event IDs that you want to change:
    if eventIDs is not None:
        args['ruleUIDs'] = eventIDs

    # If you want to manipulate the notable events returned by a search then include the search ID
    if searchID is not None:
        args['searchID'] = searchID

    # Perform the request
    serverResponse, serverContent = splunk.rest.simpleRequest('/services/notable_update', sessionKey=sessionKey, postargs=args)

    # Make sure the request was successful
    if serverResponse['status'] != '200':
        raise Exception("Server response indicates that the request failed")

    # Return the information about the request
    response_info = json.loads(serverContent)
    return response_info


if __name__ == "__main__":

    #
    # Get a session ID and make a function for outputting the results for the examples below
    #
    import splunk.entity as entity
    from splunk import auth

    sessionKey = auth.getSessionKey(username='admin', password='changeme')

    def printResultMessage(response_info):

        if not response_info['success']:
            print "The operation was not successful"

        if 'failure_count' in response_info and response_info['failure_count'] > 0:
            print "Some failures were noted: " + str(response_info['failure_count'])

        print response_info['message']

    #
    # Example 1: using known eventIDs
    #

    # Update some events and reassigning them, changing the status and urgency
    print "Updating some notable events..."
    printResultMessage( updateNotableEvents( sessionKey=sessionKey, comment='This is a test of the REST endpoint', status=5, urgency='high', owner='admin', eventIDs=['F93A9857-59D8-4AEB-AD97-4F182E0C959E@@notable@@1363d37ec74a79d00e22af26bfe0718b', 'F93A9857-59D8-4AEB-AD97-4F182E0C959E@@notable@@846cb0c474332b07f2cf5a18bdd12009']))

    # Update some events by just adding a comment (leaves the assignee and urgency and status alone)
    print "Updating some notable events but this time just leaving some comments..."
    printResultMessage( updateNotableEvents( sessionKey=sessionKey, comment='Just adding a comment', eventIDs=['F93A9857-59D8-4AEB-AD97-4F182E0C959E@@notable@@1363d37ec74a79d00e22af26bfe0718b', 'F93A9857-59D8-4AEB-AD97-4F182E0C959E@@notable@@846cb0c474332b07f2cf5a18bdd12009']))


    #
    # Example 2: updating all notables that match a search
    #

    import splunk.search

    print "Updating some notable events by processing the results from a search..."

    # Kick off a search
    job = splunk.search.dispatch("search `notable` | head 2", sessionKey=sessionKey, earliest='-7d')

    # Wait until the search is done
    while True:
        if job.isDone and (job.resultCount > 0 or job.eventCount > 0):
            print "Search is done, result count is", job.resultCount
            break

    # Process the search results
    print "Updating the notable events in the completed search"
    printResultMessage( updateNotableEvents( sessionKey=sessionKey, comment='Just adding a comment via a search', searchID=job.sid))
	import splunk
	import json

	def updateNotableEvents(sessionKey, comment, status=None, urgency=None, owner=None, eventIDs=None, searchID=None):
	"""
	Update some notable events.

	Arguments:
	sessionKey -- The session key to use
	comment -- A description of the change or some information about the notable events
	status -- A status (only required if you are changing the status of the event)
	urgency -- An urgency (only required if you are changing the urgency of the event)
	owner -- A nowner (only required if reassigning the event)
	eventIDs -- A list of notable event IDs (must be provided if a search ID is not provided)
	searchID -- An ID of a search. All of the events associated with this search will be modified unless a list of eventIDs are provided that limit the scope to a sub-set of the results.
	"""

	# Make sure that the session ID was provided
	if sessionKey is None:
	raise Exception("A session key was not provided")

	# Make sure that rule IDs and/or a search ID is provided
	if eventIDs is None and searchID is None:
	raise Exception("Either eventIDs of a searchID must be provided (or both)")
	return False

	# These the arguments to the REST handler
	args = {}
	args['comment'] = comment

	if status is not None:
	args['status'] = status

	if urgency is not None:
	args['urgency'] = urgency

	if owner is not None:
	args['newOwner'] = owner

	# Provide the list of event IDs that you want to change:
	if eventIDs is not None:
	args['ruleUIDs'] = eventIDs

	# If you want to manipulate the notable events returned by a search then include the search ID
	if searchID is not None:
	args['searchID'] = searchID

	# Perform the request
	serverResponse, serverContent = splunk.rest.simpleRequest('/services/notable_update', sessionKey=sessionKey, postargs=args)

	# Make sure the request was successful
	if serverResponse['status'] != '200':
	raise Exception("Server response indicates that the request failed")

	# Return the information about the request
	response_info = json.loads(serverContent)
	return response_info


	if __name__ == "__main__":

	#
	# Get a session ID and make a function for outputting the results for the examples below
	#
	import splunk.entity as entity
	from splunk import auth

	sessionKey = auth.getSessionKey(username='admin', password='changeme')

	def printResultMessage(response_info):

	if not response_info['success']:
	print "The operation was not successful"

	if 'failure_count' in response_info and response_info['failure_count'] > 0:
	print "Some failures were noted: " + str(response_info['failure_count'])

	print response_info['message']

	#
	# Example 1: using known eventIDs
	#

	# Update some events and reassigning them, changing the status and urgency
	print "Updating some notable events..."
	printResultMessage( updateNotableEvents( sessionKey=sessionKey, comment='This is a test of the REST endpoint', status=5, urgency='high', owner='admin', eventIDs=['F93A9857-59D8-4AEB-AD97-4F182E0C959E@@notable@@1363d37ec74a79d00e22af26bfe0718b', 'F93A9857-59D8-4AEB-AD97-4F182E0C959E@@notable@@846cb0c474332b07f2cf5a18bdd12009']))

	# Update some events by just adding a comment (leaves the assignee and urgency and status alone)
	print "Updating some notable events but this time just leaving some comments..."
	printResultMessage( updateNotableEvents( sessionKey=sessionKey, comment='Just adding a comment', eventIDs=['F93A9857-59D8-4AEB-AD97-4F182E0C959E@@notable@@1363d37ec74a79d00e22af26bfe0718b', 'F93A9857-59D8-4AEB-AD97-4F182E0C959E@@notable@@846cb0c474332b07f2cf5a18bdd12009']))


	#
	# Example 2: updating all notables that match a search
	#

	import splunk.search

	print "Updating some notable events by processing the results from a search..."

	# Kick off a search
	job = splunk.search.dispatch("search `notable` \| head 2", sessionKey=sessionKey, earliest='-7d')

	# Wait until the search is done
	while True:
	if job.isDone and (job.resultCount > 0 or job.eventCount > 0):
	print "Search is done, result count is", job.resultCount
	break

	# Process the search results
	print "Updating the notable events in the completed search"
	printResultMessage( updateNotableEvents( sessionKey=sessionKey, comment='Just adding a comment via a search', searchID=job.sid))