cypresspoint package

Submodules

cypresspoint.checkpoint module

Simple checkpoint tracking helper class with dictionary-like access. This is used for modular inputs to track their state between executions.

class cypresspoint.checkpoint.ModInputCheckpoint(checkpoint_dir, input_name)

Bases: object

NotSet = <object object>

dump(_now=None)

dump_on_interval(delta: timedelta) → bool

Dump to disk if interval has elapsed even if dump_after_updates hasn’t been reached. This is helpful for long-lived modular inputs.

A dump will also occur the very first time this function is called.

get(item, default=<object object>)

load(default=None)

setdefault(key, default)

cypresspoint.checkpoint.json_dt_converter(o)

cypresspoint.compat module

A collection of Python 2/3 compatibility functions.

This is kept for backwards compatibility, but this should eventually be depreciated and removed.

cypresspoint.compat.dt_to_epoch(ts: datetime) → int

Convert datetime to an Unix epoch value

Parameters:

ts (datetime) – timestamp

Return type:

int

cypresspoint.datatype module

cypresspoint.datatype.as_bool(s)

Convert a boolean-like configuration field into a proper boolean.

Parameters:

s (str) – Input string containing some form of truthy value

Return type:

bool

cypresspoint.datatype.reltime_to_timedelta(value: str) → timedelta

Convert a relative time expression into a Python timedelta object. Only a subset of Splunk’s relative time syntax is supported, but many simple expressions like 7d (7 days), 5m (5 mins), 6mon (6 months), and 2y (2 years) should just work.

This does not support snapping with @. At this time relative times addition (+) or subtraction (-) is not yet supported, but should be.

Parameters:

value (str) – Relative time expression

Returns:

python object representation of the given relative time

Return type:

timedelta

cypresspoint.modinput module

class cypresspoint.modinput.ScriptWithSimpleSecret(*args, **kwargs)

Bases: Script

Class that extends Splunk’s default ‘Script’ that allows for very basic storage of a secret value. Note that this technically results in a race-condition where the unencrypted secret is exposed for some short period of time. Therefore this shouldn’t be used in high security scenarios or on servers with many snooping users, but for private use apps on a dedicated data onboarding forwarder, this approach is often “good enough”.

handle_secret(input_name: str, password: str, app: Optional[str] = None) → str

Get, Set, or Update secret field as needed.

This command will encrypt any clear-text password and mask it’s value in inputs.conf. If a clear-text password is not given, then it’s assumed to have been previously saved and will be loaded from passwords.conf

Parameters:

• input_name (str) – Stanza in inputs.conf of the modular input

• password (str) – The recipient of the message

• app (str or None) – The splunk app namespace to use for REST interactions against inputs and password endpoints

Returns:

the clear-text password

Return type:

str

secret_field = 'secret'

cypresspoint.monkeypatch module

Hot in-place fixes for splunklib (Splunk’s Python SDK)

NOTE: Simply importing this module will activate the monkeypatch.

cypresspoint.searchcommand module

Helper functions for custom Splunk Search Commands

cypresspoint.searchcommand.ensure_fields(results: List[dict]) → List[dict]

Ensure that the first result has a placeholder key for ALL the fields

cypresspoint.spath module

cypresspoint.spath.sanitize_fieldname(field: str) → str

Remove unwanted characters from the provided field name. The goal is to mimic the general field cleanup behavior of Splunk

cypresspoint.spath.splunk_dot_notation(obj: dict) → dict

Convert json object (python dictionary) into a list of fields as Splunk does by default. Think of this as the same as calling Splunk’s “spath” SPL command.

Module contents

Top-level package for Cypress Point.

cypresspoint.setup_logging(log_file, debug=False, formatter=None, when='midnight', max_size_mb=None, backup_count=10)