From 42b7ceb1806ed7e9879fcf49d340d7797d11b9b8 Mon Sep 17 00:00:00 2001 From: "Harsh Shah (C)" Date: Sun, 9 Aug 2020 21:42:07 +0530 Subject: [PATCH 1/3] Updated host value generation, added query for line_breaking tests and resolved index out of range of _time tests. --- .../standard_lib/index_tests/test_templates.py | 5 +++-- .../standard_lib/sample_generation/sample_event.py | 13 +++++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/pytest_splunk_addon/standard_lib/index_tests/test_templates.py b/pytest_splunk_addon/standard_lib/index_tests/test_templates.py index 7294b887f..4c2d38f69 100644 --- a/pytest_splunk_addon/standard_lib/index_tests/test_templates.py +++ b/pytest_splunk_addon/standard_lib/index_tests/test_templates.py @@ -208,7 +208,8 @@ def test_indextime_time( retries=splunk_search_util.search_retry, ) results = list(results) - + if not results: + assert False, "No Events found for query: " + search result_fields = { key: [ceil(float(item[key])) for item in results] for key in results[0].keys() @@ -276,4 +277,4 @@ def test_indextime_line_breaker( assert ( count_from_results == expected_events_count - ), f"Expected count: {expected_events_count} Actual Count: {count_from_results}" + ), f"Query: {query} \nExpected count: {expected_events_count} Actual Count: {count_from_results}" diff --git a/pytest_splunk_addon/standard_lib/sample_generation/sample_event.py b/pytest_splunk_addon/standard_lib/sample_generation/sample_event.py index 29368f760..b33ec83b5 100644 --- a/pytest_splunk_addon/standard_lib/sample_generation/sample_event.py +++ b/pytest_splunk_addon/standard_lib/sample_generation/sample_event.py @@ -12,6 +12,7 @@ src_ipv6, dest_ipv6 = 0, 0 host_count, fqdn_count = 0,0 url_ip_count = 0 +count1, count2 = 0, 0 ip_rules = { "src":{ @@ -107,13 +108,17 @@ def get_ipv4(self, rule): addr = [int(src_ipv4 / 256) % 256, src_ipv4 % 256] return "".join([ip_rules.get(rule)["ipv4"], str(addr[0]), ".", str(addr[1])]) elif rule == "host": - global host_ipv4 + global host_ipv4, count1 host_ipv4 += 1 - return "".join([ip_rules.get(rule)["ipv4"], str(host_ipv4 % 101), ".0"]) + if host_ipv4 == 101: + host_ipv4 = 51 + count1 += 1 + return "".join([ip_rules.get(rule)["ipv4"], str(host_ipv4 % 101), ".", str(count1 % 256)]) elif rule == "dvc": - global dvc_ipv4 + global dvc_ipv4, count2 dvc_ipv4 += 1 - return "".join([ip_rules.get(rule)["ipv4"], str(dvc_ipv4 % 51), ".0"]) + count2 += 1 + return "".join([ip_rules.get(rule)["ipv4"], str(dvc_ipv4 % 51), ".", str(count2 % 256)]) elif rule == "dest": global dest_ipv4 dest_ipv4 += 1 From 210ccbf001dd60af2869cbfc0e62b6790b5e3513 Mon Sep 17 00:00:00 2001 From: "Harsh Shah (C)" Date: Mon, 10 Aug 2020 11:07:32 +0530 Subject: [PATCH 2/3] Updated _time query generation from host OR to host IN. --- .../standard_lib/index_tests/test_templates.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/pytest_splunk_addon/standard_lib/index_tests/test_templates.py b/pytest_splunk_addon/standard_lib/index_tests/test_templates.py index 4c2d38f69..ccc9f1701 100644 --- a/pytest_splunk_addon/standard_lib/index_tests/test_templates.py +++ b/pytest_splunk_addon/standard_lib/index_tests/test_templates.py @@ -185,11 +185,7 @@ def test_indextime_time( if splunk_indextime_time.get("identifier"): extra_filter = splunk_indextime_time.get("identifier") else: - extra_filter = ( - "(host=" - + " OR host=".join(splunk_indextime_time.get("hosts")) - + ")" - ) + extra_filter = "host IN (\""+"\",\"".join(set(splunk_indextime_time.get("hosts")))+"\")" if splunk_indextime_time["tokenized_event"].time_values: extra_filter += " | eval e_time=_time" From 92b5a4560d8c6f8c2948ad50c275ce3e8f9da141 Mon Sep 17 00:00:00 2001 From: "Harsh Shah (C)" Date: Tue, 11 Aug 2020 12:09:41 +0530 Subject: [PATCH 3/3] Updated variable names for the count. --- .../standard_lib/sample_generation/sample_event.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pytest_splunk_addon/standard_lib/sample_generation/sample_event.py b/pytest_splunk_addon/standard_lib/sample_generation/sample_event.py index b33ec83b5..5c99100b5 100644 --- a/pytest_splunk_addon/standard_lib/sample_generation/sample_event.py +++ b/pytest_splunk_addon/standard_lib/sample_generation/sample_event.py @@ -12,7 +12,7 @@ src_ipv6, dest_ipv6 = 0, 0 host_count, fqdn_count = 0,0 url_ip_count = 0 -count1, count2 = 0, 0 +host_ipv4_octet_count, dvc_ipv4_octet_count = 0, 0 ip_rules = { "src":{ @@ -108,17 +108,17 @@ def get_ipv4(self, rule): addr = [int(src_ipv4 / 256) % 256, src_ipv4 % 256] return "".join([ip_rules.get(rule)["ipv4"], str(addr[0]), ".", str(addr[1])]) elif rule == "host": - global host_ipv4, count1 + global host_ipv4, host_ipv4_octet_count host_ipv4 += 1 if host_ipv4 == 101: host_ipv4 = 51 - count1 += 1 - return "".join([ip_rules.get(rule)["ipv4"], str(host_ipv4 % 101), ".", str(count1 % 256)]) + host_ipv4_octet_count += 1 + return "".join([ip_rules.get(rule)["ipv4"], str(host_ipv4 % 101), ".", str(host_ipv4_octet_count % 256)]) elif rule == "dvc": - global dvc_ipv4, count2 + global dvc_ipv4, dvc_ipv4_octet_count dvc_ipv4 += 1 - count2 += 1 - return "".join([ip_rules.get(rule)["ipv4"], str(dvc_ipv4 % 51), ".", str(count2 % 256)]) + dvc_ipv4_octet_count += 1 + return "".join([ip_rules.get(rule)["ipv4"], str(dvc_ipv4 % 51), ".", str(dvc_ipv4_octet_count % 256)]) elif rule == "dest": global dest_ipv4 dest_ipv4 += 1