class Splunk::Pickaxe::Reports

Public Instance Methods

entity_dir() click to toggle source
# File lib/splunk/pickaxe/objects/reports.rb, line 15
def entity_dir
  DIR
end
entity_file_path(splunk_entity) click to toggle source
# File lib/splunk/pickaxe/objects/reports.rb, line 19
def entity_file_path(splunk_entity)
  File.join(
    pickaxe_config.execution_path, entity_dir,
    entity_file_name(splunk_entity)
  )
end
name(entity) click to toggle source
# File lib/splunk/pickaxe/objects/reports.rb, line 26
def name(entity)
  # The report name contains the environment name
  if splunk_config(entity)['pickaxe.environment.in.name']
    return "#{entity['name']} [#{environment.capitalize}]"
  end

  entity['name']
end
report_defaults() click to toggle source
# File lib/splunk/pickaxe/objects/reports.rb, line 45
def report_defaults
  {
    # Default to include the environment name in the report name
    'pickaxe.environment.in.name' => true,

    # Who to email
    'action.email.to' => pickaxe_config.emails.join(','),

    # How often to run alert (every hour)
    'cron_schedule' => '0 * * * *',
    'is_scheduled' => '1',

    # Email subject
    'action.email.subject' => 'Splunk Report: $name$',
    'action.email.subject.alert' => 'Splunk Report: $name$',

    # Email result formatting (inline results, table format, include alert link)
    'action.email.format' => 'table',
    'action.email.inline' => '1',
    'action.email.include.view_link' => '1',

    # Send an email
    'actions' => 'email',
    'action.email.sendresults' => '1',

    # This is a report so always send it
    'alert_type' => 'always',

    # The time bounds for alert search (1 hour)
    'dispatch.earliest_time' => '-1h',
    'dispatch.latest_time' => 'now'
  }
end
splunk_config(entity_yaml) click to toggle source
# File lib/splunk/pickaxe/objects/reports.rb, line 35
def splunk_config(entity_yaml)
  # Include default values
  config = report_defaults

  # Override defaults with any config provided in yaml
  config.merge! entity_yaml['config']

  config
end
splunk_entity_keys() click to toggle source
# File lib/splunk/pickaxe/objects/reports.rb, line 79
def splunk_entity_keys
  Splunk::Pickaxe::REPORT_KEYS
end
splunk_resource() click to toggle source
# File lib/splunk/pickaxe/objects/reports.rb, line 11
def splunk_resource
  %w[saved searches]
end