Merge pull request #7 from emerald-squad/feature/savedsearches_alerts

Feature/savedsearches alerts
emerald-squad · Oct 24, 2017 · d217500 · d217500
2 parents 1cd5520 + b7e416f
commit d217500
Show file tree

Hide file tree

Showing 11 changed files with 116 additions and 60 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,6 +3,10 @@ config/private.yml
 
 /*.yml
 
+.final_builds/
+releases/
+/*.tar.gz
+
 dev_releases
 .blobs
 blobs

diff --git a/config/blobs.yml b/config/blobs.yml
@@ -10,6 +10,9 @@ golang/go-version.txt:
   size: 65
   object_id: 328d80a8-f2c9-457c-578b-534e264415a2
   sha: f369bdd973099d4b9e212384bbecb880ad7ba5e1
+jq/jq-linux64-1.5:
+  size: 3027945
+  sha: d8e36831c3c94bb58be34dd544f44a6c6cb88568
 openldap/openldap-2.4.44.tgz:
   size: 5658830
   object_id: b76229e8-7325-4b45-472b-30a6ee09235c

diff --git a/jobs/splunk-full/spec b/jobs/splunk-full/spec
@@ -31,6 +31,7 @@ packages:
 - splunk-filter
 - openldap
 - python
+- jq
 
 properties:
   cf_splunk:

diff --git a/jobs/splunk-full/templates/apps_search_local_savedsearches.conf.erb b/jobs/splunk-full/templates/apps_search_local_savedsearches.conf.erb
@@ -16,35 +16,16 @@ action.email.useNSSubject = 1
 action.script = 1
 action.script.filename = <%= alert['script'] %>
 <% end -%>
-<% if alert.has_key?('schedule') -%>
-cron_schedule = <%= alert['schedule']['cron_schedule'] %>
+<% if alert.has_key?('custom_content') -%>
+<%= alert['custom_content'] %>
 <% else -%>
 cron_schedule = * * * * *
-<% end -%>
-<% if alert.has_key?('conditions') -%>
-counttype = <%= alert['conditions']['counttype'] %>
-dispatch.earliest_time = <%= alert['conditions']['earliest_time'] %>
-dispatch.latest_time = <%= alert['conditions']['latest_time'] %>
-relation = <%= alert['conditions']['relation'] %>
-quantity = <%= alert['conditions']['quantity'] %>
-<% else -%>
 dispatch.earliest_time = rt
 dispatch.latest_time = rt
-<% end -%>
-<% if alert.has_key?('suppress') -%>
-alert.suppress = 1
-alert.suppress.period = <%= suppress %>s
-alert.track = 0
-<% else -%>
 alert.suppress = 0
-<% end -%>
-search = <%= alert['search'] %>
 request.ui_dispatch_app = search
 request.ui_dispatch_view = search
 enableSched = 1
-<% end %><% end -%>
-
-
-
-
-
+<% end -%>
+search = <%= alert['search'] %>
+<% end %><% end -%>
diff --git a/jobs/splunk-full/templates/ctl.sh.erb b/jobs/splunk-full/templates/ctl.sh.erb
@@ -5,6 +5,7 @@ LOG_DIR=/var/vcap/sys/log/splunk-full
 JOB_DIR=/var/vcap/jobs/splunk-full
 PACKAGE_DIR=/var/vcap/packages/splunk
 SPLUNK_FILTER_DIR=/var/vcap/packages/splunk-filter
+PERSISTENT_DIR=/var/vcap/store/splunk-persistent
 PIDFILE=${RUN_DIR}/pid
 SPLUNK_DB=/var/vcap/store/splunk_db
 
@@ -14,7 +15,21 @@ case $1 in
     mkdir -p ${RUN_DIR} ${LOG_DIR}
     mkdir -p ${PACKAGE_DIR}/etc/system/local
 
-    chown -R vcap:vcap ${RUN_DIR} ${LOG_DIR} ${PACKAGE_DIR}/
+    if [ -d ${PACKAGE_DIR}/etc/users -a ! -h ${PACKAGE_DIR}/etc/users ]; then  
+      # etc/users is a real folder
+      if [ -d ${PERSISTENT_DIR}/users ]; then
+        # never overwrite the persistent one
+        mkdir -p ${PERSISTENT_DIR}/users
+        mv ${PACKAGE_DIR}/etc/users ${PACKAGE_DIR}/etc/users-$(date +%s)
+      else
+        mkdir -p ${PERSISTENT_DIR}
+        mv ${PACKAGE_DIR}/etc/users ${PERSISTENT_DIR}/
+      fi
+    fi
+    mkdir -p ${PERSISTENT_DIR}/users
+    ln -fs ${PERSISTENT_DIR}/users ${PACKAGE_DIR}/etc/users
+
+    chown -R vcap:vcap ${RUN_DIR} ${LOG_DIR} ${PACKAGE_DIR}/ ${PERSISTENT_DIR}/
 
     echo $$ > ${PIDFILE}
 
@@ -31,7 +46,7 @@ case $1 in
 
     # install idpCerts
     mkdir -p ${PACKAGE_DIR}/etc/auth/idpCerts
-    ln -s ${JOB_DIR}/config/auth/idpCerts/* ${PACKAGE_DIR}/etc/auth/idpCerts/
+    ln -fs ${JOB_DIR}/config/auth/idpCerts/* ${PACKAGE_DIR}/etc/auth/idpCerts/
 
     # install http event collector config
     mkdir -p ${PACKAGE_DIR}/etc/apps/splunk_httpinput/local
@@ -44,15 +59,15 @@ case $1 in
 
     # install license file
     mkdir -p ${PACKAGE_DIR}/etc/licenses/enterprise
-    ln -s ${JOB_DIR}/config/License.xml.lic ${PACKAGE_DIR}/etc/licenses/enterprise/
+    ln -fs ${JOB_DIR}/config/License.xml.lic ${PACKAGE_DIR}/etc/licenses/enterprise/
 
     # install config cf_ops dashboard
     mkdir -p ${PACKAGE_DIR}/etc/apps/Splunk_SA_CloudFoundry/local/data/ui/views
     ln -fs ${JOB_DIR}/config/Splunk_SA_CloudFoundry/local/sample_cf_ops_dashboard.xml ${PACKAGE_DIR}/etc/apps/Splunk_SA_CloudFoundry/local/data/ui/views/
 
     # install alerts savedsearches in admin user profil
     mkdir -p  ${PACKAGE_DIR}/etc/users/admin/Splunk_SA_CloudFoundry/local
-    ln -fs ${JOB_DIR}/config/Splunk_SA_CloudFoundry/local/savedsearches.conf ${PACKAGE_DIR}/etc/users/admin/Splunk_SA_CloudFoundry/local/
+    ln -fs ${JOB_DIR}/config/Splunk_SA_CloudFoundry/local/savedsearches.conf ${PACKAGE_DIR}/etc/apps/Splunk_SA_CloudFoundry/local/
 
     # install website_monitoring
     mkdir -p  ${PACKAGE_DIR}/etc/apps/website_monitoring/local
@@ -77,4 +92,4 @@ case $1 in
   *)
     echo "Usage: ctl.sh {start|stop}" ;;
 
-esac
+esac
diff --git a/jobs/splunk-full/templates/savedsearches.conf.erb b/jobs/splunk-full/templates/savedsearches.conf.erb
@@ -1,29 +1,31 @@
-[Low Cell Capacity]
+<% if_p('cf_splunk.splunk_sa_cloudfoundry_alerts') do |alerts| %><% alerts.each do |alert| -%>
+[<%= alert['name'] %>]
+description = <%= alert['description'] %>
+<% if alert.has_key?('slack') -%>
+action.slack_webhook_alert = 1
+action.slack_webhook_alert.param.slack_webhook = <%= alert['slack']['webhook'] %>
+action.slack_webhook_alert.param.slack_message = <% if alert['slack'].has_key?('message') %><%= alert['slack']['message'] %><% else %>```$result._raw$```<% end %>
+<% end -%>
+<% if alert.has_key?('email') -%>
 action.email = 1
-action.email.to = <%= p('cf_splunk.emails_to') %>
+action.email.sendresults = 1
+action.email.to = <%= alert['email'] %>
 action.email.useNSSubject = 1
-alert.suppress = 1
-alert.suppress.period = 2h
-alert.track = 0
-counttype = number of events
+<% end -%>
+<% if alert.has_key?('script') -%>
+action.script = 1
+action.script.filename = <%= alert['script'] %>
+<% end -%>
+<% if alert.has_key?('custom_content') -%>
+<%= alert['custom_content'] %>
+<% else -%>
 cron_schedule = * * * * *
-dispatch.earliest_time = rt-60m
-dispatch.latest_time = rt-0m
-display.general.type = visualizations
-display.page.search.mode = fast
-display.page.search.tab = visualizations
-display.statistics.show = 0
-display.visualizations.singlevalue.colorMode = block
-display.visualizations.singlevalue.trendDisplayMode = percent
-display.visualizations.type = singlevalue
-enableSched = 1
-quantity = 30
-relation = less than
-request.ui_dispatch_app = Splunk_SA_CloudFoundry
+dispatch.earliest_time = rt
+dispatch.latest_time = rt
+alert.suppress = 0
+request.ui_dispatch_app = search
 request.ui_dispatch_view = search
-search = sourcetype=cf:valuemetric name=CapacityRemainingMemory \
-       | eval valueGB=round(case(unit=="MiB", value/1024, unit=="KiB", value/(1024*1024), unit=="GiB", value),2) \
-       | timechart span=5s avg(valueGB) as valueGB by job_instance \
-       | filldown \
-       | untable _time job_instance valueGB \
-       | timechart span=5s sum(valueGB)
+enableSched = 1
+<% end -%>
+search = <%= alert['search'] %>
+<% end %><% end -%>
diff --git a/jobs/splunk-full/templates/splunk_filter.conf.erb b/jobs/splunk-full/templates/splunk_filter.conf.erb
@@ -12,3 +12,4 @@ log_dir=/var/vcap/sys/log/splunk-full
 app_index_name=<%= p("cf_splunk.app_index") %>
 system_index_name=<%= p('cf_splunk.system_index') %>
 service_search_filter: <%= p('cf_splunk.service_search_filter') %>
+org_manager_role: <%= p('cf_splunk.org_manager_role') %>
diff --git a/jobs/splunk-full/templates/update_cachet.sh.erb b/jobs/splunk-full/templates/update_cachet.sh.erb
@@ -5,8 +5,46 @@ header_1="Content-type: application/json"
 header_2="X-Cachet-Token: <%= p('cf_splunk.cachet_token') %>"
 url="<%=p('cf_splunk.cachet_api')%>/incidents"
 csv_file=$8
-message=$(zgrep "Finish update deployment" $csv_file|cut -d ',' -f 7|sed "s/severity 4://g;s/[\"']//g")
-echo $message >> $SPLUNK_HOME/bin/scripts/message
-data='{"name":"Bosh deployment","message":"'$message'","status":4,"visible":1}'
-echo $data > $SPLUNK_HOME/bin/scripts/create_incident.json
-curl -X POST -H "$header_1" -H "$header_2" --url "$url" --data @$SPLUNK_HOME/bin/scripts/create_incident.json >>$SPLUNK_HOME/bin/scripts/update_cachet_output.txt 2>&1
+if [ "$csv_file" == "" ] ; then
+  exit 1
+fi
+which jq || export PATH="/var/vcap/packages/jq/bin:$PATH"
+jsonline=$(zgrep object_name $csv_file | sed 's/^.*\] \(.*}\)".*$/\1/' | sed 's/""/"/g')
+message=$(echo $jsonline | jq -r .context_json | sed 's/\\"/"/g' | jq -r .message | sed 's/.*severity ..//')
+deployname=$(echo $jsonline | jq -r .deployment)
+action=unknown
+echo $message | grep -qi "Finish.update.deploy" && action=finish
+echo $message | grep -qi "Begin.update.deploy" && action=begin
+echo $message | grep -qi "Error.during.update.deploy" && action=error
+if [ "$action" == "unknown" ]; then
+exit 1
+fi
+
+msgfile=$(mktemp)
+responsefile=$(mktemp)
+
+if [ "$action" == "begin" ]; then
+  # give a chance for previous notification to be processed if still running
+  test -e "$SPLUNK_HOME/bin/scripts/last_${deployname}" \
+    && sleep 15 \
+    && rm -f "$SPLUNK_HOME/bin/scripts/last_${deployname}" 
+  echo '{"name":"'Bosh: deployment started: $deployname'","message":"'$message'","status":4,"visible":1}' > $msgfile
+  curl -q -X POST -H "$header_1" -H "$header_2" --url "$url" --data @$msgfile >> $responsefile
+  jq -r .data.id $responsefile > $SPLUNK_HOME/bin/scripts/last_${deployname}
+else
+  sleep 30 # prevents race conditions, delays end deployment notification...
+  lastid=""
+  test -e "$SPLUNK_HOME/bin/scripts/last_${deployname}" \
+    && lastid=$(cat "$SPLUNK_HOME/bin/scripts/last_${deployname}" \
+    && rm -f "$SPLUNK_HOME/bin/scripts/last_${deployname}")
+  if [ "$action" == "finish" ]; then
+    echo '{"name":"'Bosh: deployment completed: $deployname'","message":"'$message'","status":4,"visible":1}' > $msgfile
+  elif [ "$action" == "error" ]; then
+    echo '{"name":"'Bosh: deployment failed: $deployname'","message":"'$message'","status":4,"visible":1}' > $msgfile
+  fi
+  if [ "$lastid" == "" ]; then
+    curl -q -X POST -H "$header_1" -H "$header_2" --url "$url" --data @$msgfile >> $responsefile
+  else
+    curl -q -X PUT -H "$header_1" -H "$header_2" --url "${url}/${lastid}" --data @$msgfile >> $responsefile
+  fi
+fi
diff --git a/packages/jq/packaging b/packages/jq/packaging
@@ -0,0 +1,6 @@
+set -e # exit immediately if a simple command exits with a non-zero status
+set -u # report the usage of uninitialized variables
+
+mkdir -p $BOSH_INSTALL_TARGET/bin
+cp -a jq/jq-linux64-1.5 $BOSH_INSTALL_TARGET/bin/jq
+chmod +x $BOSH_INSTALL_TARGET/bin/jq
diff --git a/packages/jq/spec b/packages/jq/spec
@@ -0,0 +1,5 @@
+---
+name: jq
+dependencies: []
+files:
+- jq/jq-linux64-1.5
diff --git a/src/splunk_filter b/src/splunk_filter