62 lines
1.9 KiB
Python
62 lines
1.9 KiB
Python
import time
|
|
import splunklib.client as client
|
|
from splunklib.results import JSONResultsReader
|
|
from splunklib.binding import HTTPError
|
|
|
|
def connectSplunk():
|
|
HOST = "10.218.7.194"
|
|
PORT = 8089
|
|
USERNAME = "" # Configurar como variable de entorno
|
|
PASSWORD = "" # Configurar como variable de entorno
|
|
|
|
try:
|
|
service = client.connect(host=HOST, port=PORT, username=USERNAME, password=PASSWORD)
|
|
print(service.token)
|
|
return service
|
|
except Exception as e:
|
|
print(f'An error occurred while connecting to Splunk: {e}')
|
|
return None
|
|
|
|
def searchOldClient(service):
|
|
search = ('| rest splunk_server=local /services/deployment/server/clients '
|
|
'| eval last_seen = now() - lastPhoneHomeTime '
|
|
'| where last_seen > 86400 '
|
|
'| rename clientName as guid '
|
|
'| fields guid')
|
|
try:
|
|
service.parse(search, parse_only=True)
|
|
except HTTPError as e:
|
|
print(f"query '{search}' is invalid:\n\t{str(e)}")
|
|
return
|
|
|
|
job = service.jobs.create(search)
|
|
while not job.is_done():
|
|
time.sleep(2)
|
|
|
|
result_stream = job.results(output_mode='json')
|
|
results_reader = JSONResultsReader(result_stream)
|
|
|
|
guids = list()
|
|
for result in results_reader:
|
|
if isinstance(result, dict) and 'guid' in result:
|
|
guids.append(result['guid'])
|
|
|
|
return guids
|
|
|
|
def remove_client(service, guid):
|
|
print(f'Removing: {guid}')
|
|
endpoint = f'/services/deployment/server/clients/{guid}'
|
|
|
|
try:
|
|
response = service.delete(endpoint)
|
|
print(f'Status: {response.status}')
|
|
except HTTPError as e:
|
|
print(f'Failed to remove client {guid}: {str(e)}')
|
|
|
|
if __name__ == "__main__":
|
|
service = connectSplunk()
|
|
if service:
|
|
old_clients = searchOldClient(service)
|
|
for guid in old_clients:
|
|
remove_client(service, guid)
|