API tools faq
paste
Advertisement
phoenixdigital

Splunk KV Store REST Python Example

phoenixdigital
Jul 1st, 2015
889
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 7.58 KB | None | 0 0
raw download clone embed print report
  1. # http://docs.python-requests.org/en/latest/index.html
  2. # http://isbullsh.it/2012/06/Rest-api-in-python/
  3. # http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  4.  
  5. import requests, json
  6. import sys
  7.  
  8. # Sadly due to the Splunk certs containing a password we need to disable warnings
  9. requests.packages.urllib3.disable_warnings()
  10.  
  11. # One possible way to use certs for warnings but you cannot pass the password for the cert so it's close but not quite there
  12. # SplunkCert = '/opt/splunk/etc/auth/server.pem'
  13. # SpunkCertKey = 'password'
  14. #r = requests.delete(splunkURI, auth=(splunkUser, splunkPwd), verify=False, headers=headers, cert=(SplunkCert)
  15.  
  16. splunkApp = "cwe_test"
  17. splunkUser = "admin"
  18. splunkPwd = "changeme"
  19. splunkURI = "https://localhost:8089/servicesNS/nobody/%s/storage/collections/data" % splunkApp
  20. KV_Store = "cve_test"
  21. # KV_Store = "json_features"
  22.  
  23. # Curl Example
  24. # curl -k -u admin:changeme  https://localhost:8089/servicesNS/nobody/nvd_datafeeds/storage/collections/data/cve_database  -H "Content-Type: application/json" -d '{"cve":"test","cwe":"test","score":"here","datePublished":"test","dateModified":"test","accessVector":"test","summary":"test"}'
  25.  
  26.  
  27. # DELETE Data we just added above
  28. print "\n************** DELETE ENTIRE KV STORE EXAMPLE ****************"
  29.  
  30. if True == True:
  31.     kvURI = "%s/%s" % (splunkURI, KV_Store)
  32.     headers = {'Content-Type': 'application/json'}
  33.     r = requests.delete(kvURI, auth=(splunkUser, splunkPwd), verify=False, headers=headers)
  34.  
  35.     print 'Status Code %d' % r.status_code
  36.     # print r.json
  37.     print r.text
  38.  
  39. # sys.exit()
  40.  
  41. # INSERT Data
  42. print "\n************** INSERT EXAMPLE ****************"
  43.  
  44. kvURI = "%s/%s" % (splunkURI, KV_Store)
  45. headers = {'Content-Type': 'application/json'}
  46. data = json.dumps({"cve":"test","cwe":"test","score":3,"datePublished":"20150617","dateModified":"20150621","accessVector":"test","summary":"A test record","multivalue":["theFirst","theSecond"]})
  47. r = requests.post(kvURI, data, auth=(splunkUser, splunkPwd), verify=False, headers=headers)
  48.  
  49. # INSERT Data
  50. print "\n************** INSERT EXAMPLE ****************"
  51.  
  52. kvURI = "%s/%s" % (splunkURI, KV_Store)
  53. headers = {'Content-Type': 'application/json'}
  54. data = json.dumps({"cve":"anothertest","cwe":"test","score":5,"datePublished":"20150618","dateModified":"20150623","accessVector":"yours","summary":"The other test record","multivalue":["theFirst","theSecond"]})
  55. r = requests.post(kvURI, data, auth=(splunkUser, splunkPwd), verify=False, headers=headers)
  56.  
  57.  
  58.  
  59. # QUERY COLLECTION
  60. print "\n************** QUERY EXAMPLE ****************"
  61.  
  62. kvURI = "%s/%s" % (splunkURI, KV_Store)
  63. data = {"limit":4}
  64. r = requests.get(kvURI, data, auth=(splunkUser, splunkPwd), verify=False)
  65.  
  66. print 'Status Code %d' % r.status_code
  67. # print r.json
  68. print r.text
  69.  
  70.  
  71. # INSERT Data
  72. print "\n************** INSERT EXAMPLE ****************"
  73.  
  74. kvURI = "%s/%s" % (splunkURI, KV_Store)
  75. headers = {'Content-Type': 'application/json'}
  76. data = json.dumps({"cve":"test","cwe":"test","score":"that","datePublished":"test","dateModified":"test","accessVector":"test","summary":"test","multivalue":["theFirst","theSecond"]})
  77. r = requests.post(kvURI, data, auth=(splunkUser, splunkPwd), verify=False, headers=headers)
  78.  
  79.  
  80. print 'Status Code %d' % r.status_code
  81. if r.status_code == 201:
  82.     # print r.json
  83.     print r.text
  84.  
  85.     # load up data into json
  86.     myData = json.loads(r.text)
  87.     print 'The key is - %s' % myData['_key']
  88.  
  89.     # DELETE Data we just added above
  90.     print "\n************** DELETE SINGLE EXAMPLE ****************"
  91.  
  92.     kvURI = "%s/%s/%s" % (splunkURI, KV_Store, myData['_key'])
  93.     headers = {'Content-Type': 'application/json'}
  94.     r = requests.delete(kvURI, auth=(splunkUser, splunkPwd), verify=False, headers=headers)
  95.  
  96.     print 'Status Code %d' % r.status_code
  97.     # print r.json
  98.     print r.text
  99.  
  100.  
  101. # QUERY COLLECTION
  102. print "\n************** QUERY WITH SEARCH EXAMPLE ****************"
  103.  
  104. kvURI = "%s/%s" % (splunkURI, KV_Store)
  105. headers = {'Content-Type': 'application/json'}
  106. query = {"score":3}
  107. # query = {"score":{"$ne":"that"}}
  108. data = json.dumps({"query":query})
  109. data = {"limit":1, "query":json.dumps(query)}
  110. r = requests.get(kvURI, data, auth=(splunkUser, splunkPwd), verify=False)
  111.  
  112. print 'Status Code %d' % r.status_code
  113. print r.json
  114. print r
  115. contents = json.loads(r.text)
  116. print len(contents)
  117. print contents
  118. print contents[0]['_key']
  119.  
  120.  
  121.  
  122.  
  123. # INSERT Data
  124. print "\n************** INSERT EXAMPLE ****************"
  125.  
  126. kvURI = "%s/%s" % (splunkURI, KV_Store)
  127. headers = {'Content-Type': 'application/json'}
  128. data = json.dumps({"cve":"aSpecificTest","cwe":"query-delete","score":3,"datePublished":"20150617","dateModified":"20150621","accessVector":"test","summary":"A test record","multivalue":["theFirst","theSecond"]})
  129. r = requests.post(kvURI, data, auth=(splunkUser, splunkPwd), verify=False, headers=headers)
  130.  
  131. # INSERT Data
  132. print "\n************** INSERT EXAMPLE ****************"
  133.  
  134. kvURI = "%s/%s" % (splunkURI, KV_Store)
  135. headers = {'Content-Type': 'application/json'}
  136. data = json.dumps({"cve":"theTestMarkedForDeletion","cwe":"query-delete","score":5,"datePublished":"20150618","dateModified":"20150623","accessVector":"yours","summary":"The other test record","multivalue":["theFirst","theSecond"]})
  137. r = requests.post(kvURI, data, auth=(splunkUser, splunkPwd), verify=False, headers=headers)
  138.  
  139. # INSERT Batch Data
  140. print "\n************** BATCH INSERT EXAMPLE ****************"
  141.  
  142. kvURI = "%s/%s/batch_save" % (splunkURI, KV_Store)
  143. headers = {'Content-Type': 'application/json'}
  144. data = json.dumps([{"cve":"aBatchExample1","cwe":"query-batch-test","score":5,"datePublished":"20150618","dateModified":"20150623","accessVector":"yours","summary":"The other test record","multivalue":["theFirst","theSecond"]},{"cve":"aBatchExample2","cwe":"query-batch-test","score":5,"datePublished":"20150618","dateModified":"20150623","accessVector":"yours","summary":"The other test record","multivalue":["theFirst","theSecond"]},{"cve":"aBatchExample3","cwe":"query-batch-test","score":5,"datePublished":"20150618","dateModified":"20150623","accessVector":"yours","summary":"The other test record","multivalue":["theFirst","theSecond"]}])
  145. r = requests.post(kvURI, data, auth=(splunkUser, splunkPwd), verify=False, headers=headers)
  146.  
  147.  
  148.  
  149.  
  150. #  QUERY COLLECTION
  151. print "\n************** SEARCH BEFORE DELETE ****************"
  152.  
  153. # another way of adding a query (important for the delete method coming up)
  154. kvURI = "%s/%s?query=%s" % (splunkURI, KV_Store,json.dumps({"cwe":"query-delete"}))
  155. headers = {'Content-Type': 'application/json'}
  156. r = requests.get(kvURI, auth=(splunkUser, splunkPwd), verify=False)
  157.  
  158. print 'Status Code %d' % r.status_code
  159. print r.json
  160. print r
  161. contents = json.loads(r.text)
  162. print len(contents)
  163. print contents
  164. print contents[0]['_key']
  165.  
  166. # DELETE QUERY COLLECTION
  167. print "\n************** DELETE WITH SEARCH EXAMPLE ****************"
  168.  
  169. # As you cannot pass a query to the delete we must pass it in the URI
  170. kvURI = "%s/%s?query=%s" % (splunkURI, KV_Store,json.dumps({"cve":"theTestMarkedForDeletion"}))
  171. headers = {'Content-Type': 'application/json'}
  172. r = requests.delete(kvURI, auth=(splunkUser, splunkPwd), verify=False)
  173.  
  174. print 'Status Code %d' % r.status_code
  175. print r.json
  176. print r
  177.  
  178. #  QUERY COLLECTION
  179. print "\n************** SEARCH AFTER DELETE ****************"
  180.  
  181. kvURI = "%s/%s" % (splunkURI, KV_Store)
  182. headers = {'Content-Type': 'application/json'}
  183. data = {"query":json.dumps({"cwe":"query-delete"})}
  184. r = requests.get(kvURI, data, auth=(splunkUser, splunkPwd), verify=False)
  185.  
  186. print 'Status Code %d' % r.status_code
  187. print r.json
  188. print r
  189. contents = json.loads(r.text)
  190. print len(contents)
  191. print contents
  192. print contents[0]['_key']
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!