cypresspoint package

Submodules

cypresspoint.checkpoint module

Simple checkpoint tracking helper class with dictionary-like access. This is used for modular inputs to track their state between executions.

class cypresspoint.checkpoint.ModInputCheckpoint(checkpoint_dir, input_name)[source]

Bases: object

NotSet = <object object>
dump(_now=None)[source]
dump_on_interval(delta)[source]

Dump to disk if interval has elapsed even if dump_after_updates hasn’t been reached. This is helpful for long-lived modular inputs.

A dump will also occur the very first time this function is called.

get(item, default=<object object>)[source]
load(default=None)[source]
setdefault(key, default)[source]
cypresspoint.checkpoint.json_dt_converter(o)[source]

cypresspoint.compat module

A collection of Python 2/3 compatibility functions.

These should go away when Splunk 7.3 support is dropped.

cypresspoint.compat.dt_to_epoch(ts)[source]

Convert datetime to an Unix epoch value

Parameters

ts (datetime) – timestamp

Return type

int

cypresspoint.datatype module

cypresspoint.datatype.as_bool(s)[source]

Convert a boolean-like configuration field into a proper boolean.

Parameters

s (str) – Input string containing some form of truthy value

Return type

bool

cypresspoint.datatype.reltime_to_timedelta(value)[source]

Convert a relative time expression into a Python timedelta object. Only a subset of Splunk’s relative time syntax is supported, but many simple expressions like 7d (7 days), 5m (5 mins), should just work.

This does not support snapping with @. Currently combining relative times addition (+) or subtraction (-) is not yet supported, but should be.

Parameters

value (str) – Relative time expression

Returns

python object representation of the given relative time

Return type

timedelta

cypresspoint.modinput module

class cypresspoint.modinput.ScriptWithSimpleSecret(*args, **kwargs)[source]

Bases: splunklib.modularinput.script.Script

Class that extends Splunk’s default ‘Script’ that allows for very basic storage of a secret value. Note that this techincally results in a race-condition where the unencrypted secret is exposed for some short period of time. Therefore this shouldn’t be used in high security scenarios or on servers with many snooping users, but for private use apps on a dedicated data onboarding forwarder, this approach is often “good enough”.

handle_secret(input_name, password, app=None)[source]

Get, Set, or Update secret field as needed.

This command will encrypt any clear-text password and mask it’s value in inputs.conf. If a clear-text password is not given, then it’s assumed to have been previously saved and will be loaded from passwords.conf

Parameters
  • input_name (str) – Stanza in inputs.conf of the modular input

  • password (str) – The recipient of the message

  • app (str or None) – The splunk app namesspace to use for REST interactions against inputs and password endpoints

Returns

the clear-text password

Return type

str

secret_field = 'secret'

cypresspoint.monkeypatch module

Hot in-place fixes for splunklib (Splunk’s Python SDK)

NOTE: Simply importing this module will activate the monkeypatch.

cypresspoint.searchcommand module

Helper functions for custom Splunk Search Commands

cypresspoint.searchcommand.ensure_fields(results)[source]

Ensure that the first result has a placeholder key for ALL the fields

cypresspoint.spath module

cypresspoint.spath.sanitize_fieldname(field)[source]

Remove unwanted characters from the provided field name. The goal is to mimic the general field cleanup behavior of Splunk

cypresspoint.spath.splunk_dot_notation(obj)[source]

Convert json object (python dictionary) into a list of fields as Splunk does by default. Think of this as the same as calling Splunk’s “spath” SPL command.

Module contents

Top-level package for Cypress Point.

cypresspoint.setup_logging(log_file, debug=False, formatter=None, when='midnight', max_size_mb=None, backup_count=10)[source]