Merge pull request #4 from gjanders/testing2

Testing2

Author: gjanders

SplunkVersionControl.tgz

@@ -12,8 +12,8 @@ label = SplunkVersionControl
 [launcher]
 author = Gareth Anderson
 description = Version Control software for Splunk instances (backup/restore from git)
-version = 0.0.1
+version = 0.0.4
 
 [package]
 id = SplunkVersionControl
-check_for_updates = true
+check_for_updates = true

default/app.conf

@@ -0,0 +1,103 @@
+<form>
+  <label>Knowledge Objects By App</label>
+  <description>List of knowledge objects per app</description>
+  <fieldset submitButton="false">
+    <input type="dropdown" token="app">
+      <label>Application Name</label>
+      <fieldForLabel>app</fieldForLabel>
+      <fieldForValue>app</fieldForValue>
+      <search>
+        <query>| rest /services/apps/local search="disabled=0" count=0 f=title splunk_server=local
+| rename title as app
+| table app</query>
+        <earliest>-24h@h</earliest>
+        <latest>now</latest>
+      </search>
+    </input>
+    <input type="dropdown" token="type">
+      <label>Knowledge Object Type (based on app)</label>
+      <choice value="*">all</choice>
+      <choice value="datamodel">datamodel</choice>
+      <choice value="calcfields">calcfields</choice>
+      <choice value="macros">macros</choice>
+      <fieldForLabel>type</fieldForLabel>
+      <fieldForValue>type</fieldForValue>
+      <search>
+        <query>| rest "/servicesNS/-/$app$/directory" count=0 splunk_server=local
+| search eai:acl.app=$app$
+| rename eai:type AS type
+| search type!="macros" `comment("macros only appears in really new versions of Splunk via the directory endpoint, so assume it doesn't exist in this query")`
+| stats count by type
+| fields - count</query>
+        <earliest>-24h@h</earliest>
+        <latest>now</latest>
+      </search>
+      <default>all</default>
+      <initialValue>*</initialValue>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <title>Knowledge object summary</title>
+      <table>
+        <search>
+          <query>| rest "/servicesNS/-/$app$/directory" count=0 splunk_server=local
+| search eai:acl.app=$app$
+| eval updatedEpoch=strptime(updated,"%Y-%m-%dT%H:%M:%S%:z")
+| rename eai:type AS type, eai:acl.app AS app, eai:location AS location
+| append [ rest splunk_server=local /servicesNS/-/$app$/datamodel/model count=0 f=updated f=eai:appName  | rename eai:appName AS app | eval type="datamodel" ]
+| append [ | rest splunk_server=local /servicesNS/-/$app$/data/props/calcfields count=0  | eval type="calcfields" | rename eai:acl.app AS app]
+| append [ | rest splunk_server=local /servicesNS/-/$app$/configs/conf-macros count=0  | rename eai:appName AS app | eval type="macros"]
+| fillnull location value="N/A"
+| search app=$app$
+| stats count by type, app, location</query>
+          <earliest>-4h@m</earliest>
+          <latest>now</latest>
+          <sampleRatio>1</sampleRatio>
+        </search>
+        <option name="count">100</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="drilldown">none</option>
+        <option name="percentagesRow">false</option>
+        <option name="refresh.display">progressbar</option>
+        <option name="rowNumbers">false</option>
+        <option name="totalsRow">false</option>
+        <option name="wrap">false</option>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <title>Knowledge Objects by app semi-detailed</title>
+      <table>
+        <title>Click any row for the drilldown...</title>
+        <search>
+          <query>| rest "/servicesNS/-/$app$/directory" count=0 splunk_server=local
+| search eai:acl.app=$app$
+| eval updatedEpoch=strptime(updated,"%Y-%m-%dT%H:%M:%S%:z")
+| rename eai:type AS type, eai:acl.app AS app, eai:location AS location
+| append [ rest splunk_server=local /servicesNS/-/$app$/datamodel/model count=0 f=updated f=eai:appName  | rename eai:appName AS app | eval type="datamodel" ]
+| append [ | rest splunk_server=local /servicesNS/-/$app$/data/props/calcfields count=0  | eval type="calcfields" | rename eai:acl.app AS app]
+| append [ | rest splunk_server=local /servicesNS/-/$app$/configs/conf-macros count=0  | rename eai:appName AS app | eval type="macros"]
+| fillnull location value="N/A"
+| search app=$app$, type=$type$
+| stats values(title) AS names, values(updated) AS updated by eai:acl.owner, eai:acl.sharing, type
+| rename eai:acl.sharing AS sharing, eai:acl.owner AS owner</query>
+          <earliest>-4h@m</earliest>
+          <latest>now</latest>
+          <sampleRatio>1</sampleRatio>
+        </search>
+        <option name="count">100</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="drilldown">cell</option>
+        <option name="percentagesRow">false</option>
+        <option name="rowNumbers">false</option>
+        <option name="totalsRow">false</option>
+        <option name="wrap">false</option>
+        <drilldown>
+          <link target="_blank">/app/monitoring/knowledge_objects_by_app_drilldown?form.app=$app$&amp;form.type=$row.type$&amp;form.sharing=$row.sharing$&amp;form.owner=$row.owner$</link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

default/data/ui/views/knowledge_objects_by_app.xml

@@ -0,0 +1,114 @@
+<form>
+  <label>Knowledge Objects By App Drilldown</label>
+  <description>List of knowledge objects per app by user/sharing level</description>
+  <fieldset submitButton="false">
+    <input type="dropdown" token="app">
+      <label>Application Name</label>
+      <fieldForLabel>app</fieldForLabel>
+      <fieldForValue>app</fieldForValue>
+      <search>
+        <query>| rest /services/apps/local search="disabled=0" count=0 f=title splunk_server=local
+| rename title as app
+| table app</query>
+        <earliest>-24h@h</earliest>
+        <latest>now</latest>
+      </search>
+    </input>
+    <input type="dropdown" token="type">
+      <label>Knowledge Object Type (based on app)</label>
+      <choice value="*">all</choice>
+      <choice value="datamodel">datamodel</choice>
+      <choice value="calcfields">calcfields</choice>
+      <choice value="macros">macros</choice>
+      <fieldForLabel>type</fieldForLabel>
+      <fieldForValue>type</fieldForValue>
+      <search>
+        <query>| rest "/servicesNS/-/$app$/directory" count=0 splunk_server=local
+| search eai:acl.app=$app$
+| rename eai:type AS type
+| stats count by type
+| fields - count</query>
+        <earliest>-24h@h</earliest>
+        <latest>now</latest>
+      </search>
+      <default>all</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="text" token="owner">
+      <label>User/Owner</label>
+      <default>*</default>
+    </input>
+    <input type="dropdown" token="sharing">
+      <label>Sharing Level</label>
+      <choice value="*">All</choice>
+      <choice value="app">app</choice>
+      <choice value="user">user (private)</choice>
+      <choice value="global">global</choice>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="text" token="name">
+      <label>Knowledge Object Name</label>
+      <default>*</default>
+    </input>
+    <input type="radio" token="disabled">
+      <label>Exclude disabled?</label>
+      <choice value="0">Yes</choice>
+      <choice value="*">No</choice>
+      <default>*</default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <title>User Information</title>
+      <table>
+        <search>
+          <query>| ldapsearch search="(&amp;(CN=$owner$)(objectClass=organizationalPerson))" attrs="mail,givenName,sn,displayName,description,manager"
+| eval name=if(isnotnull(givenName), givenName . " " . sn, displayName . " _ " . description), username="$owner$"
+| rex field=manager "CN=(?P&lt;managerid&gt;[^,]+)"
+| ldapfilter search="(&amp;(CN=$$managerid$$)(objectClass=organizationalPerson))" attrs="givenName,sn"
+| eval managerName = givenName . " " . sn
+| table name, mail, username, managerName</query>
+          <earliest>-15m</earliest>
+          <latest>now</latest>
+        </search>
+        <option name="count">10</option>
+        <option name="drilldown">none</option>
+        <option name="refresh.display">progressbar</option>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <title>Knowledge object summary</title>
+      <table>
+        <search>
+          <query>| rest "/servicesNS/-/$app$/directory" count=0 splunk_server=local
+| search eai:acl.app=$app$
+| eval updatedEpoch=strptime(updated,"%Y-%m-%dT%H:%M:%S%:z")
+| rename eai:type AS type, eai:acl.app AS app, eai:location AS location
+| append [ rest splunk_server=local /servicesNS/-/$app$/datamodel/model count=0 f=updated f=eai:appName  | rename eai:appName AS app | eval type="datamodel" ]
+| append [ | rest splunk_server=local /servicesNS/-/$app$/data/props/calcfields count=0  | eval type="calcfields" | rename eai:acl.app AS app]
+| append [ | rest splunk_server=local /servicesNS/-/$app$/configs/conf-macros count=0  | rename eai:appName AS app | eval type="macros"]
+| fillnull disabled
+| search app=$app$ type=$type$ title=$name$ eai:acl.sharing=$sharing$ disabled=$disabled$ eai:acl.owner=$owner$
+| fillnull location value="N/A"
+| rename title AS name, eai:acl.owner AS owner, eai:acl.sharing AS sharing
+| eval disabled=case(disabled==0,"false",disabled==1,"true",1==1,"Unknown")
+| table name, description, disabled, owner, sharing, type, updated</query>
+          <earliest>-4h@m</earliest>
+          <latest>now</latest>
+          <sampleRatio>1</sampleRatio>
+        </search>
+        <option name="count">100</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="drilldown">none</option>
+        <option name="percentagesRow">false</option>
+        <option name="refresh.display">progressbar</option>
+        <option name="rowNumbers">false</option>
+        <option name="totalsRow">false</option>
+        <option name="wrap">false</option>
+      </table>
+    </panel>
+  </row>
+</form>