Merge pull request #574 from CrossRealms/Add-possible-hostname-matche…

…s-entries-in-device-inventory added possible hostname matches entries to device inventory dashboard
CrossRealms · Jun 7, 2024 · 89e7dd7 · 89e7dd7
2 parents 68f38c2 + 11f936d
commit 89e7dd7
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 4 deletions.
diff --git a/cyences_app_for_splunk/bin/remove_postfixes.py b/cyences_app_for_splunk/bin/remove_postfixes.py
@@ -0,0 +1,38 @@
+#!/usr/bin/env python
+
+import sys
+
+from splunklib.searchcommands import dispatch, EventingCommand, Configuration, Option
+
+import cs_utils
+import logging
+import logger_manager
+
+logger = logger_manager.setup_logging("remove_postfixes", logging.INFO)
+
+
+
+@Configuration()
+class RemovePostfixesCommand(EventingCommand):
+
+    postfix_macro_name = Option(name="postfix_macro_name", require=True, default=None)
+    field_to_check = Option(name="field_to_check", require=True, default=None)
+
+    def transform(self, records):
+
+        session_key = cs_utils.GetSessionKey(logger).from_custom_command(self)
+        conf_manger = cs_utils.ConfigHandler(logger, session_key)
+        postfixes_list = conf_manger.get_macro(self.postfix_macro_name)
+
+        postfixes_list = [element.strip() for element in postfixes_list.strip('"').split(",") if element.strip()]
+
+        for record in records:
+            field_value = record[self.field_to_check].lower()
+            for postfix in postfixes_list:
+                if field_value.endswith(postfix.lower()):
+                    record[self.field_to_check] = field_value[: -len(postfix)]
+                    break
+            yield record
+
+
+dispatch(RemovePostfixesCommand, sys.argv, sys.stdin, sys.stdout, __name__)
diff --git a/cyences_app_for_splunk/default/commands.conf b/cyences_app_for_splunk/default/commands.conf
@@ -85,3 +85,8 @@ python.version = python3
 filename = cyences_product_manager.py
 chunked = true
 python.version = python3
+
+[removepostfixes]
+filename = remove_postfixes.py
+chunked = true
+python.version = python3
diff --git a/cyences_app_for_splunk/default/data/ui/views/cs_device_inventory_table.xml b/cyences_app_for_splunk/default/data/ui/views/cs_device_inventory_table.xml
@@ -316,7 +316,7 @@
           <!-- When second_bit_in_mac_binary (from first part of mac_address) is 1 that is locally administratored mac_address, we'll filter those mac_address from showing. -->
           <query>| cyencesdevicemanager operation="getdevices" 
 | table * 
-| eval ip_all=mvjoin(ips, ","), mac_address_all=mvjoin(mac_addresses, ",") 
+| eval ip_all=mvjoin(ips, ","), mac_address_all=mvjoin(mac_addresses, ",") , hostnames_all=mvjoin(hostnames, ",") 
 | multireport 
     [| stats values(*) as * by mac_addresses 
     | where isnotnull(mac_addresses) AND mac_addresses!="" AND mac_addresses!=" " 
@@ -332,14 +332,22 @@
     | eval second_bit_in_mac_binary=mvindex(binary,1) 
     | where second_bit_in_mac_binary=0 
     | eval Type="Mac Address Matches", ips="" 
-    | table Type, mac_addresses, uuid, no_uuids, hostnames, ip_all, mac_address_all, product_uuids] 
+    | table Type, mac_addresses, uuid, no_uuids, hostnames_all, ip_all, mac_address_all, product_uuids] 
     [| stats values(*) as * by ips 
     | where isnotnull(ips) AND ips!="" AND ips!=" " 
     | eval no_uuids=mvcount(uuid) 
     | where no_uuids&gt;1 
     | eval Type="IP Matches", mac_addresses="" 
-    | table Type, ips, uuid, no_uuids, hostnames, ip_all, mac_address_all, product_uuids] 
-| table Type, ips, mac_addresses, uuid, no_uuids, hostnames, ip_all, mac_address_all, product_uuids
+    | table Type, ips, uuid, no_uuids, hostnames_all, ip_all, mac_address_all, product_uuids] 
+    [| stats values(*) as * by hostnames 
+    | where isnotnull(hostnames) AND hostnames!="" AND hostnames!=" " 
+    | removepostfixes postfix_macro_name="cs_device_inventory_hostname_postfixes" field_to_check="hostnames" 
+    | stats values(*) as * by hostnames 
+    | eval no_uuids=mvcount(uuid) 
+    | where no_uuids&gt;1 
+    | eval Type="Hostname Matches" 
+    | table Type, hostnames, uuid, no_uuids,hostnames_all, ip_all, mac_address_all, product_uuids] 
+| table Type, hostnames, ips, mac_addresses, uuid, no_uuids, hostnames_all, ip_all, mac_address_all, product_uuids 
 | sort - no_uuids</query>
           <earliest>0</earliest>
           <latest></latest>