Giter Site home page Giter Site logo

intersight-splunk-addon's People

Contributors

jerewill-cisco avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

dsoper2

intersight-splunk-addon's Issues

The Add-on can fail to ever retrieve Audit Log or Alarm data due to checkpointing

Frankly, I'm not sure when this problem occurred. When I did the original development around checkpointing, the method call to retrieve the checkpoint would return an exception if the checkpoint didn't exist. The code would catch the exception and set the checkpoint.

At some point, Splunk started returning None for checkpoints that didn't exist. The Add-on wasn't capturing this and was passing the word "None" into Intersight causing the query to quietly retrieve 0 records.

The debug log would have indicated the failure with messages like this...

2022-08-03 19:13:30,971 DEBUG pid=13884 tid=MainThread file=base_modinput.py:log_debug:288 | EXAMPLE | Checkpoint value for audit records is None
2022-08-03 19:13:30,973 DEBUG pid=13884 tid=MainThread file=connectionpool.py:_new_conn:1005 | Starting new HTTPS connection (1): intersight.com:443
2022-08-03 19:13:31,047 DEBUG pid=13884 tid=MainThread file=connectionpool.py:_make_request:465 | https://intersight.com:443 "GET /api/v1/aaa/AuditRecords?$inlinecount=allpages&$orderby=ModTime%20asc&$filter=ModTime%20gt%20None HTTP/1.1" 200 73
2022-08-03 19:13:31,049 INFO pid=13884 tid=MainThread file=base_modinput.py:log_info:295 | EXAMPLE | Found 0 audit records to retrieve

Note that the query was... $filter=ModTime gt None

HCL Inventory can fail due to licensing

The add-on will fail if a cond/HclStatuses record exists for a server that does not have an essential or higher licenses.

Log message will be similar to the following... Note the 403 and KeyError: 'Results'

2022-06-29 16:09:42,362 DEBUG pid=30876 tid=MainThread file=connectionpool.py:_make_request:465 | https://intersight.com:443 "GET /api/v1/cond/HclStatuses?$top=10&$skip=20 HTTP/1.1" 403 272
2022-06-29 16:09:42,364 ERROR pid=30876 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-intersight-addon/bin/ta_intersight_addon/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
    self.collect_events(ew)
  File "/opt/splunk/etc/apps/TA-intersight-addon/bin/intersight.py", line 92, in collect_events
    input_module.collect_events(self, ew)
  File "/opt/splunk/etc/apps/TA-intersight-addon/bin/input_module_intersight.py", line 496, in collect_events
    for data in RESPONSE.json()['Results']:
KeyError: 'Results'

Checkpointing can cause the add-on to fail if the checkpoint lands on an even second

If the checkpoint update lands on an even second, there is no fraction of a second to fill the %f in the strptime.

Logs will appear similar to this...

2022-06-29 15:46:33,784 ERROR pid=28759 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-intersight-addon/bin/ta_intersight_addon/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
    self.collect_events(ew)
  File "/opt/splunk/etc/apps/TA-intersight-addon/bin/intersight.py", line 92, in collect_events
    input_module.collect_events(self, ew)
  File "/opt/splunk/etc/apps/TA-intersight-addon/bin/input_module_intersight.py", line 260, in collect_events
    if datetime.datetime.strptime(state, "%Y-%m-%dT%H:%M:%S.%f%z") < datetime.datetime.strptime(data['ModTime'], "%Y-%m-%dT%H:%M:%S.%f%z"):
  File "/opt/splunk/lib/python3.7/_strptime.py", line 577, in _strptime_datetime
    tt, fraction, gmtoff_fraction = _strptime(data_string, format)
  File "/opt/splunk/lib/python3.7/_strptime.py", line 359, in _strptime
    (data_string, format))
ValueError: time data '2022-06-28T09:27:40Z' does not match format '%Y-%m-%dT%H:%M:%S.%f%z'

Some advisories cannot be resolved to an affected object

Certain advisories cannot be resolved to a server because they are associated with a component of the server and that component inventory is not currently being imported as an inventory item. This is most likely to occur with Field Notices, but it is possible that it could occur with some other advisory type.

An example of this is FN72368 where the AffectedObjectType is memory.Unit. Because individual DIMMs are not currently being imported by the Add-On, the Moid of the AffectedObjectType cannot be resolved to it's parent server with the data available in Splunk.

In such cases, the tam.AdvisoryInstance is still available but a further search for the AffectedObjectMoid value will not return any other results.

Attempting to access licensed features causes the Add-on to fail if all servers are at the 'None' license

At least one server must have Essentials level license or higher or the call to cond/HclStatuses will fail.

Output from logs will be similar to this...

022-06-27 17:52:35,303 INFO pid=15412 tid=MainThread file=base_modinput.py:log_info:295 | EXAMPLE | Retrieving compute HCL status...
2022-06-27 17:52:35,441 ERROR pid=15412 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-intersight-addon/bin/ta_intersight_addon/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
    self.collect_events(ew)
  File "/opt/splunk/etc/apps/TA-intersight-addon/bin/intersight.py", line 92, in collect_events
    input_module.collect_events(self, ew)
  File "/opt/splunk/etc/apps/TA-intersight-addon/bin/input_module_intersight.py", line 381, in collect_events
    for data in RESPONSE.json()['Results']:
KeyError: 'Results'

Proxy Support

There is no support or configuration to allow the Add-on to use an HTTPS proxy to reach Intersight. This is required in many environments where servers cannot reach the Internet directly without using a proxy server.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.