New Components - splunk (#15966)

* new actions

* new components

* package.json

* pnpm-lock.yaml

* use self_signed from $auth

* updates

* wip

* wip

* updates

Author: michelle0927

components/splunk/actions/create-event/create-event.mjs

@@ -0,0 +1,48 @@
+import splunk from "../../splunk.app.mjs";
+
+export default {
+  key: "splunk-create-event",
+  name: "Create Event",
+  description: "Sends a new event to a specified Splunk index. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTinput#receivers.2Fsimple)",
+  version: "0.0.1",
+  type: "action",
+  props: {
+    splunk,
+    indexName: {
+      propDefinition: [
+        splunk,
+        "indexName",
+      ],
+    },
+    eventData: {
+      type: "string",
+      label: "Event Data",
+      description: "The data of the event to send to the Splunk index. Raw event text. This is the entirety of the HTTP request body",
+    },
+    source: {
+      type: "string",
+      label: "Source",
+      description: "The source value to fill in the metadata for this input's events",
+      optional: true,
+    },
+    sourcetype: {
+      type: "string",
+      label: "Sourcetype",
+      description: "The sourcetype to apply to events from this input",
+      optional: true,
+    },
+  },
+  async run({ $ }) {
+    const response = await this.splunk.sendEvent({
+      $,
+      params: {
+        index: this.indexName,
+        source: this.source,
+        sourcetype: this.sourcetype,
+      },
+      data: this.eventData,
+    });
+    $.export("$summary", `Event sent to index ${this.indexName} successfully`);
+    return response;
+  },
+};

components/splunk/actions/get-search-job-status/get-search-job-status.mjs

@@ -0,0 +1,26 @@
+import splunk from "../../splunk.app.mjs";
+
+export default {
+  key: "splunk-get-search-job-status",
+  name: "Get Search Job Status",
+  description: "Retrieve the status of a previously executed Splunk search job. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#search.2Fjobs)",
+  version: "0.0.1",
+  type: "action",
+  props: {
+    splunk,
+    jobId: {
+      propDefinition: [
+        splunk,
+        "jobId",
+      ],
+    },
+  },
+  async run({ $ }) {
+    const response = await this.splunk.getSearchJobStatus({
+      $,
+      jobId: this.jobId,
+    });
+    $.export("$summary", `Successfully retrieved status for job ID ${this.jobId}`);
+    return response;
+  },
+};

components/splunk/actions/run-search/run-search.mjs

@@ -0,0 +1,26 @@
+import splunk from "../../splunk.app.mjs";
+
+export default {
+  key: "splunk-run-search",
+  name: "Run Search",
+  description: "Executes a Splunk search query and returns the results. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#search.2Fjobs)",
+  version: "0.0.1",
+  type: "action",
+  props: {
+    splunk,
+    name: {
+      propDefinition: [
+        splunk,
+        "savedSearchName",
+      ],
+    },
+  },
+  async run({ $ }) {
+    const response = await this.splunk.executeSearchQuery({
+      $,
+      name: this.name,
+    });
+    $.export("$summary", `Executed Splunk search: ${this.name}`);
+    return response;
+  },
+};

components/splunk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pipedream/splunk",
-  "version": "0.0.1",
+  "version": "0.1.0",
   "description": "Pipedream Splunk Components",
   "main": "splunk.app.mjs",
   "keywords": [
@@ -11,5 +11,10 @@
   "author": "Pipedream <[email protected]> (https://pipedream.com/)",
   "publishConfig": {
     "access": "public"
+  },
+  "dependencies": {
+    "@pipedream/platform": "^3.0.3",
+    "https": "^1.0.0",
+    "md5": "^2.3.0"
   }
-}
+}

components/splunk/sources/common/base.mjs

@@ -0,0 +1,27 @@
+import splunk from "../../splunk.app.mjs";
+import { DEFAULT_POLLING_SOURCE_TIMER_INTERVAL } from "@pipedream/platform";
+
+export default {
+  props: {
+    splunk,
+    timer: {
+      type: "$.interface.timer",
+      default: {
+        intervalSeconds: DEFAULT_POLLING_SOURCE_TIMER_INTERVAL,
+      },
+    },
+    db: "$.service.db",
+  },
+  methods: {
+    async getRecentJobIds() {
+      const results = this.splunk.paginate({
+        resourceFn: this.splunk.listJobs,
+      });
+      const jobIds = [];
+      for await (const job of results) {
+        jobIds.push(job.content.sid);
+      }
+      return jobIds;
+    },
+  },
+};

components/splunk/sources/new-alert-fired/new-alert-fired.mjs

@@ -0,0 +1,68 @@
+import splunk from "../../splunk.app.mjs";
+import { exec } from "child_process";
+import util from "util";
+import sampleEmit from "./test-event.mjs";
+
+export default {
+  key: "splunk-new-alert-fired",
+  name: "New Alert Fired (Instant)",
+  description: "Emit new event when a new alert is triggered in Splunk. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#alerts.2Ffired_alerts)",
+  version: "0.0.1",
+  type: "source",
+  dedupe: "unique",
+  props: {
+    splunk,
+    http: "$.interface.http",
+    db: "$.service.db",
+    savedSearchName: {
+      propDefinition: [
+        splunk,
+        "savedSearchName",
+      ],
+    },
+  },
+  hooks: {
+    async activate() {
+      const response = await this.updateSavedSearch(`-d action.webhook=1 -d action.webhook.param.url="${this.http.endpoint}"`);
+      if (!response) {
+        throw new Error("Error creating webhook");
+      }
+    },
+    async deactivate() {
+      const response = await this.updateSavedSearch("-d action.webhook=0");
+      if (!response) {
+        throw new Error("Error disabling webhook");
+      }
+    },
+  },
+  methods: {
+    async updateSavedSearch(data) {
+      const cmd = `curl -X POST ${this.splunk._baseUrl()}/saved/searches/${encodeURIComponent(this.savedSearchName)}?output_mode=json -k -H "Authorization: Bearer ${this.splunk.$auth.api_token}" ${data}`;
+      const execPromise = util.promisify(exec);
+      try {
+        const { stdout } = await execPromise(cmd);
+        return stdout;
+      } catch (error) {
+        console.error("Error:", error.message);
+      }
+    },
+    generateMeta(alert) {
+      const ts = +alert.result._time;
+      return {
+        id: ts,
+        summary: `New Alert Fired for Source: ${alert.result.source}`,
+        ts,
+      };
+    },
+  },
+  async run(event) {
+    const { body } = event;
+    if (!body) {
+      return;
+    }
+
+    const meta = this.generateMeta(body);
+    this.$emit(body, meta);
+  },
+  sampleEmit,
+};

components/splunk/sources/new-alert-fired/test-event.mjs

@@ -0,0 +1,30 @@
+export default {
+  "sid": "",
+  "search_name": "",
+  "app": "search",
+  "owner": "",
+  "results_link": "https://splunk:8000/app/search/search?q=",
+  "result": {
+    "_confstr": "source::Source|host::44.210.81.125|webhook",
+    "_eventtype_color": "",
+    "_indextime": "1742843623",
+    "_raw": "{ \"name\": \"test\", \"value\": \"test\" }",
+    "_serial": "3",
+    "_si": [
+      "main"
+    ],
+    "_sourcetype": "webhook",
+    "_time": "1742843623",
+    "eventtype": "",
+    "host": "44.210.81.125",
+    "index": "main",
+    "linecount": "",
+    "name": "test",
+    "punct": "{_\"\":_\"_\",_\"\":_\"\"_}",
+    "source": "Source",
+    "sourcetype": "webhook",
+    "splunk_server": "",
+    "timestamp": "none",
+    "value": "test"
+  }
+}

components/splunk/sources/new-search-event/new-search-event.mjs

@@ -0,0 +1,42 @@
+import common from "../common/base.mjs";
+import md5 from "md5";
+
+export default {
+  ...common,
+  key: "splunk-new-search-event",
+  name: "New Search Event",
+  description: "Emit new event when a new search event is created. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#search.2Fv2.2Fjobs.2F.7Bsearch_id.7D.2Fevents)",
+  version: "0.0.1",
+  type: "source",
+  dedupe: "unique",
+  methods: {
+    ...common.methods,
+    generateMeta(event) {
+      return {
+        id: md5(JSON.stringify(event)),
+        summary: "New Search Event",
+        ts: Date.now(),
+      };
+    },
+  },
+  async run() {
+    const jobIds = await this.getRecentJobIds();
+    const events = [];
+    for (const jobId of jobIds) {
+      try {
+        const response = await this.splunk.getSearchEvents({
+          jobId,
+        });
+        if (response?.results?.length) {
+          events.push(...response.results);
+        }
+      } catch {
+        console.log(`No events found for sid: ${jobId}`);
+      }
+    }
+    events.forEach((event) => {
+      const meta = this.generateMeta(event);
+      this.$emit(event, meta);
+    });
+  },
+};

components/splunk/sources/new-search-result/new-search-result.mjs

@@ -0,0 +1,48 @@
+import common from "../common/base.mjs";
+
+export default {
+  ...common,
+  key: "splunk-new-search-result",
+  name: "New Search Result",
+  description: "Emit new events when a search returns results in Splunk. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#saved.2Fsearches)",
+  version: "0.0.1",
+  type: "source",
+  dedupe: "unique",
+  methods: {
+    ...common.methods,
+    async getRecentJobs() {
+      const jobs = [];
+      const results = this.splunk.paginate({
+        resourceFn: this.splunk.listJobs,
+      });
+      for await (const job of results) {
+        jobs.push(job);
+      }
+      return jobs;
+    },
+    generateMeta(result) {
+      return {
+        id: result.id,
+        summary: `New Search with ID: ${result.id}`,
+        ts: Date.now(),
+      };
+    },
+  },
+  async run() {
+    const jobs = await this.getRecentJobs();
+    for (const job of jobs) {
+      if (job.content?.resultCount > 0) {
+        const { results } = await this.splunk.getSearchResults({
+          jobId: job.content.sid,
+        });
+        if (results) {
+          job.results = results;
+        }
+      }
+    }
+    jobs.forEach((result) => {
+      const meta = this.generateMeta(result);
+      this.$emit(result, meta);
+    });
+  },
+};