import requests

deployment_server = "10.218.7.194"
splunk_username = "usr-splunkadm"
splunk_password = ""
ds_auth = (splunk_username, splunk_password)


def remove_client(guid):
    print(f'removing: {guid}')
    endpoint='services/deployment/server/clients'
    response = requests.delete(f"http://{deployment_server}:8089/{endpoint}/{guid}", auth=ds_auth)
    print(response.status_code)
    


def find_old_clients():

    # 6h  = 21600
    # 12h = 43200
    # 24h = 86400
    # 48h = 172800

    search = ('| rest splunk_server=local /services/deployment/server/clients '
             '| eval last_seen = now() - lastPhoneHomeTime '
             '| where last_seen > 86400 '
             '| rename clientName as guid '
             '| fields guid')
    data = { 'search': search }
    header = {
        'Content-Type: application/json'
    }
    endpoint='servicesNS/admin/search/search/jobs/export'
    response = requests.post(f'http://{deployment_server}:8089/{endpoint}', data=data, auth=ds_auth)
    print(response)
    '''xmlroot=etree.fromstring(response.content)
    results=[]
    for result in xmlroot.findall('result/field/value/text'):
        results.append(result.text)
        # print(guid)'''
    
    return(results)


if __name__ == '__main__':

    old_clients = find_old_clients()
    '''for guid in old_clients:
        remove_client(guid)'''