Merge pull request #6 from emerald-squad/feature/savedsearches_alerts

Feature/savedsearches alerts

config/blobs.yml

@@ -24,7 +24,6 @@ python/pip-9.0.1-py2.py3-none-any.whl:
   sha: c70393185d27ae8b49a117e6dcc18bc5f8f3a1c3
 python/pyldap-2.4.37.tar.gz:
   size: 303732
-  object_id: 49e5b6d5-c2b0-41b0-5a8b-7577205c574d
   sha: 8ea28d03dd4b229dd7e296db404e598883070394
 python/requests-v2.18.4.tar.gz:
   size: 3040025
@@ -50,6 +49,9 @@ splunk/rfc5424-syslog_11.tgz:
   size: 2321
   object_id: c357f28b-215d-4cfb-535b-599b0ecd26be
   sha: 7ff46da6351183dfd8eefe92140c99307abce76b
+splunk/slack-webhook-alert_201.tgz:
+  size: 555757
+  sha: 90158e8554e0da79caea036c5ef95dbe9e5d59f1
 splunk/splunk-add-on-for-cloud-foundry_020.tgz:
   size: 24761
   object_id: 8f3aa816-6796-4af4-762e-34c98a3fd288
@@ -60,7 +62,6 @@ splunk/splunk-linux-x86_64.tgz:
   sha: 637043d9a5f4a3a093e8b01586357647e179f78c
 splunk/splunk-version.txt:
   size: 108
-  object_id: 8a19c664-a72f-4456-62bd-505ed67a400b
   sha: ea02a4a7511b7d006fbd8bcd9bbb61ef0a05d4e3
 splunk/website-monitoring_26.tgz:
   size: 1360994

jobs/splunk-full/spec

@@ -19,6 +19,8 @@ templates:
   mycerts_cert.pem.erb:                  config/mycerts/cert.pem
   sample_cf_ops_dashboard.xml.erb:       config/Splunk_SA_CloudFoundry/local/sample_cf_ops_dashboard.xml
   savedsearches.conf.erb:                config/Splunk_SA_CloudFoundry/local/savedsearches.conf
+  apps_search_local_savedsearches.conf.erb:         config/apps_search_local/savedsearches.conf
+  apps_search_local_ui-prefs.conf.erb:         config/apps_search_local/ui-prefs.conf
   website_monitoring/app.conf:           config/website_monitoring_local/app.conf
   website_monitoring/inputs.conf.erb:    config/website_monitoring_local/inputs.conf
   website_monitoring/website_monitoring.conf:    config/website_monitoring_local/website_monitoring.conf

jobs/splunk-full/templates/apps_search_local_savedsearches.conf.erb

@@ -0,0 +1,50 @@
+<% if_p('cf_splunk.alerts') do |alerts| %><% alerts.each do |alert| -%>
+[<%= alert['name'] %>]
+description = <%= alert['description'] %>
+<% if alert.has_key?('slack') -%>
+action.slack_webhook_alert = 1
+action.slack_webhook_alert.param.slack_webhook = <%= alert['slack']['webhook'] %>
+action.slack_webhook_alert.param.slack_message = <% if alert['slack'].has_key?('message') %><%= alert['slack']['message'] %><% else %>```$result._raw$```<% end %>
+<% end -%>
+<% if alert.has_key?('email') -%>
+action.email = 1
+action.email.sendresults = 1
+action.email.to = <%= alert['email'] %>
+action.email.useNSSubject = 1
+<% end -%>
+<% if alert.has_key?('script') -%>
+action.script = 1
+action.script.filename = <%= alert['script'] %>
+<% end -%>
+<% if alert.has_key?('schedule') -%>
+cron_schedule = <%= alert['schedule']['cron_schedule'] %>
+<% else -%>
+cron_schedule = * * * * *
+<% end -%>
+<% if alert.has_key?('conditions') -%>
+counttype = <%= alert['conditions']['counttype'] %>
+dispatch.earliest_time = <%= alert['conditions']['earliest_time'] %>
+dispatch.latest_time = <%= alert['conditions']['latest_time'] %>
+relation = <%= alert['conditions']['relation'] %>
+quantity = <%= alert['conditions']['quantity'] %>
+<% else -%>
+dispatch.earliest_time = rt
+dispatch.latest_time = rt
+<% end -%>
+<% if alert.has_key?('suppress') -%>
+alert.suppress = 1
+alert.suppress.period = <%= suppress %>s
+alert.track = 0
+<% else -%>
+alert.suppress = 0
+<% end -%>
+search = <%= alert['search'] %>
+request.ui_dispatch_app = search
+request.ui_dispatch_view = search
+enableSched = 1
+<% end %><% end -%>
+
+
+
+
+

jobs/splunk-full/templates/apps_search_local_ui-prefs.conf.erb

@@ -0,0 +1,3 @@
+[search]
+dispatch.earliest_time = @d
+dispatch.latest_time = now

jobs/splunk-full/templates/ctl.sh.erb

@@ -25,6 +25,10 @@ case $1 in
     # install local config files
     ln -fs ${JOB_DIR}/config/system_local/* ${PACKAGE_DIR}/etc/system/local/
 
+    mkdir -p ${PACKAGE_DIR}/etc/apps/search/local
+    ln -fs ${JOB_DIR}/config/apps_search_local/savedsearches.conf ${PACKAGE_DIR}/etc/apps/search/local/
+    ln -fs ${JOB_DIR}/config/apps_search_local/ui-prefs.conf ${PACKAGE_DIR}/etc/apps/search/local/
+
     # install idpCerts
     mkdir -p ${PACKAGE_DIR}/etc/auth/idpCerts
     ln -s ${JOB_DIR}/config/auth/idpCerts/* ${PACKAGE_DIR}/etc/auth/idpCerts/

jobs/splunk-full/templates/system_alert_actions.conf.erb

@@ -1,6 +1,8 @@
 [email]
 mailserver = <%= p('cf_splunk.mailserver') %>
-auth_username = <%= p('cf_splunk.mailuser') %>
+<% if_p('cf_splunk.mailuser') do |mailuser| -%>
+auth_username = <%= mailuser %>
 auth_password = <%= p('cf_splunk.mailpassword') %>
+<% end -%>
 use_tls = <%= p('cf_splunk.mail_use_tls') %>
 use_ssl = <%= p('cf_splunk.mail_use_ssl') %>

manifests/splunk-dev-example.yml

@@ -49,8 +49,19 @@ instance_groups:
   - name: splunk-full
     release: cf-splunk
     properties:
-
       cf_splunk:
+        alerts:
+        - name: alert_printer
+          description: is an alert for when your printer is on fire
+          slack:
+            webhook: "https://hooks.slack.com/services/ABC12345/XYZ54321/H0H0H0"
+            message: "This is a fake test alert"
+          search: index=my_index printer fire
+        - name: alert_banana
+          description: is an alert for some banana
+          email: banana@example.com
+          search: index=bananas banana
+          script: eat_banana.sh
         ldap_server_url: ldap://example.com:389
         ldap_search_base: dc=example,dc=com
         cf_url: https://cf.example.com

packages/splunk/packaging

@@ -15,3 +15,6 @@ tar xzf splunk/splunk-add-on-for-cloud-foundry_020.tgz \
 
 tar xzf splunk/website-monitoring_26.tgz \
     -C ${BOSH_INSTALL_TARGET}/etc/apps
+
+tar xzf splunk/slack-webhook-alert_201.tgz \
+    -C ${BOSH_INSTALL_TARGET}/etc/apps

packages/splunk/spec

@@ -7,5 +7,6 @@ files:
   - splunk/splunk-linux-x86_64.tgz
   - splunk/splunk-version.txt
   - splunk/rfc5424-syslog_11.tgz
+  - splunk/slack-webhook-alert_201.tgz
   - splunk/splunk-add-on-for-cloud-foundry_020.tgz
   - splunk/website-monitoring_26.tgz