cypresspoint package


cypresspoint.checkpoint module

Simple checkpoint tracking helper class with dictionary-like access. This is used for modular inputs to track their state between executions.

class cypresspoint.checkpoint.ModInputCheckpoint(checkpoint_dir, input_name)[source]

Bases: object

NotSet = <object object>

Dump to disk if interval has elapsed even if dump_after_updates hasn’t been reached. This is helpful for long-lived modular inputs.

A dump will also occur the very first time this function is called.

get(item, default=<object object>)[source]
setdefault(key, default)[source]

cypresspoint.compat module

A collection of Python 2/3 compatibility functions.

These should go away when Splunk 7.3 support is dropped.


Convert datetime to an Unix epoch value


ts (datetime) – timestamp

Return type


cypresspoint.datatype module


Convert a boolean-like configuration field into a proper boolean.


s (str) – Input string containing some form of truthy value

Return type



Convert a relative time expression into a Python timedelta object. Only a subset of Splunk’s relative time syntax is supported, but many simple expressions like 7d (7 days), 5m (5 mins), should just work.

This does not support snapping with @. Currently combining relative times addition (+) or subtraction (-) is not yet supported, but should be.


value (str) – Relative time expression


python object representation of the given relative time

Return type


cypresspoint.modinput module

class cypresspoint.modinput.ScriptWithSimpleSecret(*args, **kwargs)[source]

Bases: splunklib.modularinput.script.Script

Class that extends Splunk’s default ‘Script’ that allows for very basic storage of a secret value. Note that this techincally results in a race-condition where the unencrypted secret is exposed for some short period of time. Therefore this shouldn’t be used in high security scenarios or on servers with many snooping users, but for private use apps on a dedicated data onboarding forwarder, this approach is often “good enough”.

handle_secret(input_name, password, app=None)[source]

Get, Set, or Update secret field as needed.

This command will encrypt any clear-text password and mask it’s value in inputs.conf. If a clear-text password is not given, then it’s assumed to have been previously saved and will be loaded from passwords.conf

  • input_name (str) – Stanza in inputs.conf of the modular input

  • password (str) – The recipient of the message

  • app (str or None) – The splunk app namesspace to use for REST interactions against inputs and password endpoints


the clear-text password

Return type


secret_field = 'secret'

cypresspoint.monkeypatch module

Hot in-place fixes for splunklib (Splunk’s Python SDK)

NOTE: Simply importing this module will activate the monkeypatch.

cypresspoint.searchcommand module

Helper functions for custom Splunk Search Commands


Ensure that the first result has a placeholder key for ALL the fields

cypresspoint.spath module


Remove unwanted characters from the provided field name. The goal is to mimic the general field cleanup behavior of Splunk


Convert json object (python dictionary) into a list of fields as Splunk does by default. Think of this as the same as calling Splunk’s “spath” SPL command.

Module contents

Top-level package for Cypress Point.

cypresspoint.setup_logging(log_file, debug=False, formatter=None, when='midnight', max_size_mb=None, backup_count=10)[source]