New Components - splunk

components/splunk/actions/create-event/create-event.mjs

@@ -0,0 +1,58 @@
+import splunk from "../../splunk.app.mjs";
+
+export default {
+  key: "splunk-create-event",
+  name: "Create Event",
+  description: "Sends a new event to a specified Splunk index. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTinput#receivers.2Fsimple)",
+  version: "0.0.1",
+  type: "action",
+  props: {
+    splunk,
+    selfSigned: {
+      propDefinition: [
+        splunk,
+        "selfSigned",
+      ],
+    },
+    indexName: {
+      propDefinition: [
+        splunk,
+        "indexName",
+        (c) => ({
+          selfSigned: c.selfSigned,
+        }),
+      ],
+    },
+    eventData: {
+      type: "string",
+      label: "Event Data",
+      description: "The data of the event to send to the Splunk index. Raw event text. This is the entirety of the HTTP request body",
+    },
+    source: {
+      type: "string",
+      label: "Source",
+      description: "The source value to fill in the metadata for this input's events",
+      optional: true,
+    },
+    sourcetype: {
+      type: "string",
+      label: "Sourcetype",
+      description: "The sourcetype to apply to events from this input",
+      optional: true,
+    },
+  },
+  async run({ $ }) {
+    const response = await this.splunk.sendEvent({
+      $,
+      selfSigned: this.selfSigned,
+      params: {
+        index: this.indexName,
+        source: this.source,
+        sourcetype: this.sourcetype,
+      },
+      data: this.eventData,
+    });
+    $.export("$summary", `Event sent to index ${this.indexName} successfully`);
+    return response;
+  },
+};

components/splunk/actions/get-search-job-status/get-search-job-status.mjs

@@ -0,0 +1,36 @@
+import splunk from "../../splunk.app.mjs";
+
+export default {
+  key: "splunk-get-search-job-status",
+  name: "Get Search Job Status",
+  description: "Retrieve the status of a previously executed Splunk search job. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#search.2Fjobs)",
+  version: "0.0.1",
+  type: "action",
+  props: {
+    splunk,
+    selfSigned: {
+      propDefinition: [
+        splunk,
+        "selfSigned",
+      ],
+    },
+    jobId: {
+      propDefinition: [
+        splunk,
+        "jobId",
+        (c) => ({
+          selfSigned: c.selfSigned,
+        }),
+      ],
+    },
+  },
+  async run({ $ }) {
+    const response = await this.splunk.getSearchJobStatus({
+      $,
+      selfSigned: this.selfSigned,
+      jobId: this.jobId,
+    });
+    $.export("$summary", `Successfully retrieved status for job ID ${this.jobId}`);
+    return response;
+  },
+};

components/splunk/actions/run-search/run-search.mjs

@@ -0,0 +1,49 @@
+import splunk from "../../splunk.app.mjs";
+
+export default {
+  key: "splunk-run-search",
+  name: "Run Search",
+  description: "Executes a Splunk search query and returns the results. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#search.2Fjobs)",
+  version: "0.0.1",
+  type: "action",
+  props: {
+    splunk,
+    selfSigned: {
+      propDefinition: [
+        splunk,
+        "selfSigned",
+      ],
+    },
+    query: {
+      propDefinition: [
+        splunk,
+        "query",
+      ],
+    },
+    earliestTime: {
+      type: "string",
+      label: "Earliest Time",
+      description: "Specify a time string. Sets the earliest (inclusive), respectively, time bounds for the search. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to [Time modifiers](https://docs.splunk.com/Documentation/Splunk/9.4.1/SearchReference/SearchTimeModifiers) for search for information and examples of specifying a time string.",
+      optional: true,
+    },
+    latestTime: {
+      type: "string",
+      label: "Latest Time",
+      description: "  Specify a time string. Sets the latest (exclusive), respectively, time bounds for the search. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to [Time modifiers](https://docs.splunk.com/Documentation/Splunk/9.4.1/SearchReference/SearchTimeModifiers) for search for information and examples of specifying a time string.",
+      optional: true,
+    },
+  },
+  async run({ $ }) {
+    const response = await this.splunk.executeSearchQuery({
+      $,
+      selfSigned: this.selfSigned,
+      data: {
+        search: this.query,
+        earliest_time: this.earliestTime,
+        latest_time: this.latestTime,
+      },
+    });
+    $.export("$summary", `Executed Splunk search query: ${this.query}`);
+    return response;
+  },
+};

components/splunk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pipedream/splunk",
-  "version": "0.0.1",
+  "version": "0.1.0",
   "description": "Pipedream Splunk Components",
   "main": "splunk.app.mjs",
   "keywords": [
@@ -11,5 +11,10 @@
   "author": "Pipedream <support@pipedream.com> (https://pipedream.com/)",
   "publishConfig": {
     "access": "public"
+  },
+  "dependencies": {
+    "@pipedream/platform": "^3.0.3",
+    "https": "^1.0.0",
+    "md5": "^2.3.0"
   }
-}
+}

components/splunk/sources/common/base.mjs

@@ -0,0 +1,36 @@
+import splunk from "../../splunk.app.mjs";
+import { DEFAULT_POLLING_SOURCE_TIMER_INTERVAL } from "@pipedream/platform";
+
+export default {
+  props: {
+    splunk,
+    timer: {
+      type: "$.interface.timer",
+      default: {
+        intervalSeconds: DEFAULT_POLLING_SOURCE_TIMER_INTERVAL,
+      },
+    },
+    db: "$.service.db",
+    selfSigned: {
+      propDefinition: [
+        splunk,
+        "selfSigned",
+      ],
+    },
+  },
+  methods: {
+    async getRecentJobIds() {
+      const results = this.splunk.paginate({
+        resourceFn: this.splunk.listJobs,
+        args: {
+          selfSigned: this.selfSigned,
+        },
+      });
+      const jobIds = [];
+      for await (const job of results) {
+        jobIds.push(job.content.sid);
+      }
+      return jobIds;
+    },
+  },
+};

components/splunk/sources/new-alert-fired/new-alert-fired.mjs

@@ -0,0 +1,39 @@
+import common from "../common/base.mjs";
+
+export default {
+  ...common,
+  key: "splunk-new-alert-fired",
+  name: "New Alert Fired",
+  description: "Emit new event when a new alert is triggered in Splunk. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#alerts.2Ffired_alerts)",
+  version: "0.0.1",
+  type: "source",
+  dedupe: "unique",
+  methods: {
+    ...common.methods,
+    generateMeta(alert) {
+      return {
+        id: alert.id,
+        summary: `New Alert Fired: ${alert.name}`,
+        ts: Date.now(),
+      };
+    },
+  },
+  async run() {
+    const results = this.splunk.paginate({
+      resourceFn: this.splunk.listFiredAlerts,
+      args: {
+        selfSigned: this.selfSigned,
+      },
+    });
+
+    const alerts = [];
+    for await (const item of results) {
+      alerts.push(item);
+    }
+
+    alerts.forEach((alert) => {
+      const meta = this.generateMeta(alert);
+      this.$emit(alert, meta);
+    });
+  },
+};

components/splunk/sources/new-search-event/new-search-event.mjs

@@ -0,0 +1,43 @@
+import common from "../common/base.mjs";
+import md5 from "md5";
+
+export default {
+  ...common,
+  key: "splunk-new-search-event",
+  name: "New Search Event",
+  description: "Emit new event when a new search event is created. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#search.2Fv2.2Fjobs.2F.7Bsearch_id.7D.2Fevents)",
+  version: "0.0.1",
+  type: "source",
+  dedupe: "unique",
+  methods: {
+    ...common.methods,
+    generateMeta(event) {
+      return {
+        id: md5(JSON.stringify(event)),
+        summary: "New Search Event",
+        ts: Date.now(),
+      };
+    },
+  },
+  async run() {
+    const jobIds = await this.getRecentJobIds();
+    const events = [];
+    for (const jobId of jobIds) {
+      try {
+        const response = await this.splunk.getSearchEvents({
+          selfSigned: this.selfSigned,
+          jobId,
+        });
+        if (response?.results?.length) {
+          events.push(...response.results);
+        }
+      } catch {
+        console.log(`No events found for sid: ${jobId}`);
+      }
+    }
+    events.forEach((event) => {
+      const meta = this.generateMeta(event);
+      this.$emit(event, meta);
+    });
+  },
+};

components/splunk/sources/new-search-result/new-search-result.mjs

@@ -0,0 +1,42 @@
+import common from "../common/base.mjs";
+
+export default {
+  ...common,
+  key: "splunk-new-search-result",
+  name: "New Search Result",
+  description: "Emit new events when a search returns results in Splunk. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/RESTREF/RESTsearch#saved.2Fsearches)",
+  version: "0.0.1",
+  type: "source",
+  dedupe: "unique",
+  methods: {
+    ...common.methods,
+    generateMeta(result) {
+      return {
+        id: result.sid,
+        summary: `New Search Results with SID: ${result.sid}`,
+        ts: Date.now(),
+      };
+    },
+  },
+  async run() {
+    const jobIds = await this.getRecentJobIds();
+    const searchResults = [];
+    for (const jobId of jobIds) {
+      try {
+        const response = await this.splunk.getSearchResults({
+          selfSigned: this.selfSigned,
+          jobId,
+        });
+        if (response?.results?.length) {
+          searchResults.push(...response.results);
+        }
+      } catch {
+        console.log(`No results found for sid: ${jobId}`);
+      }
+    }
+    searchResults.forEach((result) => {
+      const meta = this.generateMeta(result);
+      this.$emit(result, meta);
+    });
+  },
+};