Merge pull request #346 from guilhemmarchand/testing

Version 1.2.49

docs/releasenotes.rst

@@ -1,6 +1,23 @@
 Release notes
 #############
 
+Version 1.2.49
+==============
+
+**CAUTION:**
+
+This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:
+
+- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
+- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
+- Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
+- Splunk SA CIM - Splunk Common Information Model, Splunk Base: https://splunkbase.splunk.com/app/1621
+
+TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
+https://trackme.readthedocs.io/en/latest/configuration.html
+
+- Enhancement - Fix Issue #343 - REST CALL - use nobody context to optimize rest calls performance in large scale environments
+
 Version 1.2.48
 ==============
 

trackme/app.manifest

@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "trackme",
-      "version": "1.2.48"
+      "version": "1.2.49"
     },
     "author": [
       {

trackme/bin/trackme/modalert_trackme_free_style_rest_call_helper.py

@@ -88,7 +88,7 @@ def process_event(helper, *args, **kwargs):
 
     # retrieve index target from trackme_idx macro
     record_url = 'https://localhost:' + str(splunkd_port) \
-                 + '/servicesNS/-/-/admin/macros/trackme_idx'
+                 + '/servicesNS/nobody/trackme/admin/macros/trackme_idx'
 
     response = requests.get(record_url, headers=header, verify=False)
     helper.log_info("response status_code:={}".format(response.status_code))

trackme/bin/trackme/modalert_trackme_smart_status_helper.py

@@ -132,7 +132,7 @@ def process_event(helper, *args, **kwargs):
 
     # retrieve index target from trackme_idx macro
     record_url = 'https://localhost:' + str(splunkd_port) \
-                 + '/servicesNS/-/-/admin/macros/trackme_idx'
+                 + '/servicesNS/nobody/trackme/admin/macros/trackme_idx'
 
     response = requests.get(record_url, headers=header, verify=False)
     helper.log_info("response status_code:={}".format(response.status_code))

trackme/bin/trackme_rest_handler_smart_status.py

@@ -101,7 +101,7 @@ def get_ds_smart_status(self, request_info, **kwargs):
 
                 # Get the definition for the tolerance of data in the future
                 record_url = 'https://localhost:' + str(splunkd_port) \
-                            + '/servicesNS/-/-/admin/macros/trackme_future_indexing_tolerance'
+                            + '/servicesNS/nobody/trackme/admin/macros/trackme_future_indexing_tolerance'
 
                 response = requests.get(record_url, headers=header, verify=False)
                 if response.status_code == 200:
@@ -1895,7 +1895,7 @@ def get_dh_smart_status(self, request_info, **kwargs):
 
                 # Get the definition for the tolerance of data in the future
                 record_url = 'https://localhost:' + str(splunkd_port) \
-                            + '/servicesNS/-/-/admin/macros/trackme_future_indexing_tolerance'
+                            + '/servicesNS/nobody/trackme/admin/macros/trackme_future_indexing_tolerance'
 
                 response = requests.get(record_url, headers=header, verify=False)
                 if response.status_code == 200:
@@ -2415,7 +2415,7 @@ def get_mh_smart_status(self, request_info, **kwargs):
 
                 # Get the definition for the tolerance of data in the future
                 record_url = 'https://localhost:' + str(splunkd_port) \
-                            + '/servicesNS/-/-/admin/macros/trackme_future_indexing_tolerance'
+                            + '/servicesNS/nobody/trackme/admin/macros/trackme_future_indexing_tolerance'
 
                 response = requests.get(record_url, headers=header, verify=False)
                 if response.status_code == 200:

trackme/default/app.conf

@@ -16,4 +16,4 @@ label = TrackMe
 [launcher]
 author = Guilhem Marchand
 description = Data tracking system for Splunk
-version = 1.2.48
+version = 1.2.49

trackme/default/data/ui/html/TrackMe.html

@@ -10360,7 +10360,7 @@ <h2 class="panel-title">Click on a table row to access object contextual actions
             "sample_ratio": 1,
             "earliest_time": "-15m",
             "cancelOnUnload": true,
-            "search": "| rest splunk_server=local /servicesNS/-/trackme/saved/searches | search eai:acl.app=\"trackme\" alert.track=1 title!=\"TrackMe - Audit change notification tracker\" | fields title, cron_schedule, schedule_window, alert.suppress.fields, alert.suppress.period, disabled, next_scheduled_time, id, actions | rex field=id \"saved/searches/(?<id>.*)\" | sort limit=0 title | eval \" \" = \"icon|\" + if(disabled==\"0\",\"ico_good ico_small|icon-check|Up\", \"ico_error ico_small|icon-close|Down\")",
+            "search": "| rest splunk_server=local /servicesNS/nobody/trackme/saved/searches | search eai:acl.app=\"trackme\" alert.track=1 title!=\"TrackMe - Audit change notification tracker\" | fields title, cron_schedule, schedule_window, alert.suppress.fields, alert.suppress.period, disabled, next_scheduled_time, id, actions | rex field=id \"saved/searches/(?<id>.*)\" | sort limit=0 title | eval \" \" = \"icon|\" + if(disabled==\"0\",\"ico_good ico_small|icon-check|Up\", \"ico_error ico_small|icon-close|Down\")",
             "latest_time": "now",
             "status_buckets": 0,
             "app": utils.getCurrentApp(),
@@ -37699,7 +37699,7 @@ <h2 class="panel-title">Click on a table row to access object contextual actions
                 // Verify the current data sampling obfuscation mode, if enabled we change the search target
 
                 // Define the query
-                var searchQuery = "| rest /servicesNS/-/-/admin/macros splunk_server=local | search title=\"trackme_data_sampling_obfuscation_mode\" | fields definition | rex field=definition mode=sed \"s/\`//g\" | rename definition as current_mode";
+                var searchQuery = "| rest /servicesNS/nobody/trackme/admin/macros/trackme_data_sampling_obfuscation_mode splunk_server=local | fields definition | rex field=definition mode=sed \"s/\`//g\" | rename definition as current_mode";
 
                 // Set the search parameters--specify a time range
                 var searchParams = {

trackme/default/data/ui/html/TrackMe_manage.html

@@ -2021,7 +2021,7 @@ <h2 style="padding: 12px 55px 7px 12px;">trackme_auto_disablement_period</h2><h2
             "sample_ratio": null,
             "refreshType": "delay",
             "latest_time": "now",
-            "search": "| rest /servicesNS/-/-/admin/macros count=0 splunk_server=local | rename eai:appName as app | where app=\"trackme\" | table title definition",
+            "search": "| rest /servicesNS/nobody/trackme/admin/macros count=0 splunk_server=local | rename eai:appName as app | where app=\"trackme\" | table title definition",
             "status_buckets": 0,
             "app": utils.getCurrentApp(),
             "auto_cancel": 90,
@@ -3220,7 +3220,7 @@ <h2 style="padding: 12px 55px 7px 12px;">trackme_auto_disablement_period</h2><h2
             //
 
             // Define the query
-            var searchQuery = "| rest /servicesNS/-/-/admin/macros splunk_server=local | search title=\"trackme_data_sampling_obfuscation_mode\" | fields definition | rex field=definition mode=sed \"s/\`//g\" | rename definition as current_mode";
+            var searchQuery = "| rest /servicesNS/nobody/trackme/admin/macros/trackme_data_sampling_obfuscation_mode splunk_server=local | fields definition | rex field=definition mode=sed \"s/\`//g\" | rename definition as current_mode";
 
             // Set the search parameters--specify a time range
             var searchParams = {
@@ -3375,7 +3375,7 @@ <h2 style="padding: 12px 55px 7px 12px;">trackme_auto_disablement_period</h2><h2
             //
 
             // Define the query
-            var searchQuery = "| rest /servicesNS/-/-/admin/macros splunk_server=local | search title=\"trackme_tstats_main_filter_for_host\" | fields definition | rex field=definition mode=sed \"s/\`//g\" | rename definition as current_mode";
+            var searchQuery = "| rest /servicesNS/nobody/trackme/admin/macros/trackme_tstats_main_filter_for_host splunk_server=local | fields definition | rex field=definition mode=sed \"s/\`//g\" | rename definition as current_mode";
 
             // Set the search parameters--specify a time range
             var searchParams = {
@@ -3530,7 +3530,7 @@ <h2 style="padding: 12px 55px 7px 12px;">trackme_auto_disablement_period</h2><h2
             //
 
             // Define the query
-            var searchQuery = "| rest /servicesNS/-/-/admin/macros splunk_server=local | search title=\"trackme_default_data_source_mode\" | fields definition | rex field=definition mode=sed \"s/\`//g\" | rename definition as current_data_source_mode";
+            var searchQuery = "| rest /servicesNS/nobody/trackme/admin/macros/trackme_default_data_source_mode splunk_server=local | fields definition | rex field=definition mode=sed \"s/\`//g\" | rename definition as current_data_source_mode";
 
             // Set the search parameters--specify a time range
             var searchParams = {

trackme/default/macros.conf

@@ -1761,7 +1761,7 @@ iseval = 0
 
 # Show builtin rules
 [trackme_show_builtin_model_rules]
-definition = rest /servicesNS/-/-/admin/macros count=0 splunk_server=local | rename eai:appName as app | where app="trackme" | table title definition | where title="trackme_data_sampling_detect_event_format(1)" | eval alternative_definition="tstats include_reduced_buckets=t" | table definition, alternative_definition\
+definition = rest /servicesNS/nobody/trackme/admin/macros/trackme_data_sampling_detect_event_format(1) count=0 splunk_server=local | rename eai:appName as app | where app="trackme" | table title definition | table definition\
 | fields definition\
 | rex field=definition mode=sed "s/eval \$dest_field\$=case\(//g"\
 | rex field=definition mode=sed "s/\| eval \$dest_field\$_id=md5\(\$dest_field\$\)//g"\