vgallegoiz/DeleteClientDSSplunk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
38e208642a672080e5001ca0561b1a371eb3a83e
DeleteClientDSSplunk/removeOldClientsDS.py
victor 38e208642a Script working
2024-06-22 17:08:47 +02:00

66 lines
2.1 KiB
Python
Raw Blame History

import time
import splunklib.client as client
import splunklib.results as results
import splunklib.binding as binding
from splunklib.results import JSONResultsReader
from splunklib.binding import HTTPError
def connectSplunk():
HOST = "10.218.7.194"
PORT = 8089
USERNAME = "" # Configurar variable de entorno
PASSWORD = "" # Configurar variable de entorno
try:
service = client.connect(host=HOST, port=PORT, username=USERNAME, password=PASSWORD)
print(service.token)
return service
except Exception as e:
print(f'An error occurred while connecting to Splunk: {e}')
return None
def searchOldClient(service):
search = ('| rest splunk_server=local /services/deployment/server/clients '
'| eval last_seen = now() - lastPhoneHomeTime '
'| where last_seen > 86400 '
'| rename clientName as guid '
'| fields guid')
try:
service.parse(search, parse_only=True)
except HTTPError as e:
print(f"query '{search}' is invalid:\n\t{str(e)}")
return
job = service.jobs.create(search)
# Wait for the job to complete
while not job.is_done():
time.sleep(2)
# Retrieve and display the results
result_stream = job.results(output_mode='json')
results_reader = JSONResultsReader(result_stream)
guids = list()
for result in results_reader:
if isinstance(result, dict) and 'guid' in result: # Check if the result is a dictionary (a valid search result)
guids.append(result['guid'])
return guids
def remove_client(service, guid):
print(f'Removing: {guid}')
endpoint = f'/services/deployment/server/clients/{guid}'
try:
response = service.delete(endpoint)
print(f'Status: {response.status}')
except HTTPError as e:
print(f'Failed to remove client {guid}: {str(e)}')
if __name__ == "__main__":
service = connectSplunk()
if service:
old_clients = searchOldClient(service)
for guid in old_clients:
remove_client(service, guid)
Reference in New Issue View Git Blame Copy Permalink