client

package
v3.8.30 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2024 License: BSD-2-Clause Imports: 27 Imported by: 4

Documentation

Overview

Package client wraps the Gravwell REST API.

Index

Constants

View Source 
const (
	// Websocket subprotocols
	PROTO_PING   string = "ping"
	PROTO_IDX    string = "idxStats"
	PROTO_SYS    string = "sysStats"
	PROTO_DESC   string = "sysDesc"
	PROTO_IGST   string = "igstStats"
	PROTO_PONG   string = `PONG`
	PROTO_PARSE  string = `parse`
	PROTO_SEARCH string = `search`
	PROTO_ATTACH string = `attach`

	STAT_R_SIZE = 1024
	STAT_W_SIZE = 1024
)
View Source 
const (
	// Client states
	STATE_NEW        clientState = iota
	STATE_AUTHED     clientState = iota
	STATE_CLOSED     clientState = iota
	STATE_LOGGED_OFF clientState = iota
)
View Source 
const (
	// login field names
	USER_FIELD string = "User"
	PASS_FIELD string = "Pass"

	// API paths
	LOGIN_URL                        = `/api/login`
	LOGOUT_URL                       = `/api/logout`
	TEMP_TOKEN_URL                   = `/api/login/tmptoken`
	REFRESH_TOKEN_URL                = `/api/login/refreshtoken`
	USER_INFO_URL                    = `/api/info/whoami`
	DESC_URL                         = `/api/stats/sysDesc`
	STATE_URL                        = `/api/stats/ping`
	STATS_URL                        = `/api/stats/sysStats`
	IDX_URL                          = `/api/stats/idxStats`
	INGESTER_URL                     = `/api/stats/igstStats`
	WELLS_URL                        = `/api/stats/wellStats`
	STORAGE_URL                      = `/api/stats/storage/indexers`
	STORAGE_INDEXER_URL              = `/api/stats/storage/indexer/%s/wells`
	CALENDAR_URL                     = `/api/stats/storage/calendar`
	CALENDAR_INDEXER_URL             = `/api/stats/storage/indexer/%s/calendar`
	ADD_USER_URL                     = `/api/users`
	USERS_LIST_URL                   = `/api/users`
	USERS_INFO_URL                   = `/api/users/%d`
	USERS_LOCK_URL                   = `/api/users/%d/lock`
	USERS_LOCKED_URL                 = `/api/users/%d/locked`
	USERS_DASHBOARD_URL              = `/api/users/%d/dashboards`
	USERS_MACROS_URL                 = `/api/users/%d/macros`
	USERS_PREFS_URL                  = `/api/users/%d/preferences`
	USERS_ALL_PREFS_URL              = `/api/users/preferences`
	USERS_ADMIN_URL                  = `/api/users/%d/admin`
	USERS_ADMIN_SU_PATH              = `/api/users/su/%d`
	USER_SESSIONS_URL                = `/api/users/%d/sessions`
	CHANGE_PASS_URL                  = `/api/users/%d/pwd`
	USERS_GROUP_URL                  = `/api/users/%d/group`
	USERS_GROUP_ID_URL               = `/api/users/%d/group/%d`
	USERS_SEARCH_GROUP_URL           = `/api/users/%d/searchgroup`
	WS_STAT_URL                      = `/api/ws/stats`
	WS_SEARCH_URL                    = `/api/ws/search`
	WS_ATTACH_URL                    = `/api/ws/attach/%s`
	PARSE_URL                        = `/api/parse`
	API_VERSION_URL                  = `/api/version`
	GROUP_ID_URL                     = `/api/groups/%d`
	GROUP_MEMBERS_URL                = `/api/groups/%d/members`
	GROUP_DASHBOARD_URL              = `/api/groups/%d/dashboards`
	GROUP_MACROS_URL                 = `/api/groups/%d/macros`
	GROUP_URL                        = `/api/groups`
	SEARCH_CTRL_LIST_URL             = `/api/searchctrl`
	SEARCH_CTRL_LIST_DETAILS_URL     = `/api/searchctrl/details`
	SEARCH_CTRL_LIST_ALL_URL         = `/api/searchctrl/all`
	SEARCH_CTRL_URL                  = `/api/searchctrl/%s`
	SEARCH_CTRL_ATTACH_URL           = `/api/searchctrl/%s/attach`
	SEARCH_CTRL_DETAILS              = `/api/searchctrl/%s/details`
	SEARCH_CTRL_BACKGROUND_URL       = `/api/searchctrl/%s/background`
	SEARCH_CTRL_GROUP_URL            = `/api/searchctrl/%s/group`
	SEARCH_CTRL_SAVE_URL             = `/api/searchctrl/%s/save`
	SEARCH_CTRL_STOP_URL             = `/api/searchctrl/%s/stop`
	SEARCH_CTRL_DOWNLOAD_URL         = `/api/searchctrl/%s/download/%s`
	SEARCH_CTRL_PING_URL             = `/api/searchctrl/%s/ping`
	SEARCH_CTRL_DETACH_URL           = `/api/searchctrl/%s/detach`
	SEARCH_CTRL_STATS_URL            = `/api/searchctrl/%s/stats`
	SEARCH_CTRL_STATS_OVERVIEW_URL   = `/api/searchctrl/%s/stats/overview`
	SEARCH_CTRL_EXPLORE_URL          = `/api/searchctrl/%s/renderer/%s/explore`
	SEARCH_CTRL_IMPORT_URL           = `/api/searchctrl/import`
	SEARCH_CTRL_LAUNCH_URL           = `/api/searchctrl/launch`
	SEARCH_HISTORY_URL               = `/api/searchhistory/%s/%d`
	NOTIFICATIONS_URL                = `/api/notifications`
	NOTIFICATIONS_ID_URL             = `/api/notifications/%d`
	NOTIFICATIONS_SELF_TARGETED_URL  = `/api/notifications/targeted/self`
	LOGGING_PATH_URL                 = `/api/logging`
	TEST_URL                         = `/api/test`
	TEST_AUTH_URL                    = `/api/testauth`
	DASHBOARD_URL                    = `/api/dashboards/%v`
	DASHBOARD_MY_URL                 = `/api/dashboards`
	DASHBOARD_ALL_URL                = `/api/dashboards/all`
	DASHBOARD_CLONE_URL              = `/api/dashboards/%d/clone`
	MACROS_URL                       = `/api/macros`
	MACROS_ALL_URL                   = `/api/macros/all`
	MACROS_ID_URL                    = `/api/macros/%d`
	LICENSE_INFO_URL                 = `/api/license`
	LICENSE_SKU_URL                  = `/api/license/sku`
	LICENSE_SERIAL_URL               = `/api/license/serial`
	LICENSE_UPDATE_URL               = `/api/license/update`
	RESOURCES_LIST_URL               = "/api/resources"
	RESOURCES_GUID_URL               = "/api/resources/%s"
	RESOURCES_GUID_RAW_URL           = "/api/resources/%s/raw"
	RESOURCES_GUID_CLONE_URL         = "/api/resources/%s/clone"
	RESOURCES_LOOKUP_URL             = "/api/resources/lookup/%s"
	SCHEDULED_SEARCH_URL             = "/api/scheduledsearches"
	SCHEDULED_SEARCH_ALL_URL         = "/api/scheduledsearches/all"
	SCHEDULED_SEARCH_ID_URL          = "/api/scheduledsearches/%v"
	SCHEDULED_SEARCH_RESULTS_ID_URL  = "/api/scheduledsearches/%d/results"
	SCHEDULED_SEARCH_ERROR_ID_URL    = "/api/scheduledsearches/%d/error"
	SCHEDULED_SEARCH_STATE_ID_URL    = "/api/scheduledsearches/%d/state"
	SCHEDULED_SEARCH_CANCEL_ID_URL   = "/api/scheduledsearches/%d/cancel"
	SCHEDULED_SEARCH_USER_URL        = "/api/scheduledsearches/user/%d"
	SCHEDULED_SEARCH_CHECKIN_URL     = "/api/scheduledsearches/checkin"
	SCHEDULED_SEARCH_PARSE           = "/api/scheduledsearches/parse"
	FLOW_URL                         = "/api/flows"
	FLOW_ID_URL                      = "/api/flows/%v"
	FLOW_RESULTS_ID_URL              = "/api/flows/%d/results"
	FLOW_ERROR_ID_URL                = "/api/flows/%d/error"
	FLOW_STATE_ID_URL                = "/api/flows/%d/state"
	FLOW_CANCEL_ID_URL               = "/api/flows/%d/cancel"
	FLOW_USER_URL                    = "/api/flows/user/%d"
	FLOW_PARSE_URL                   = "/api/flows/parse"
	MAIL_URL                         = "/api/mail"
	MAIL_CONFIGURE_URL               = `/api/mail/configure`
	JSON_INGEST_URL                  = "/api/ingest/json"
	LINES_INGEST_URL                 = "/api/ingest/lines"
	INTERNAL_INGEST_URL              = "/api/ingest/internal"
	TEST_INGEST_URL                  = "/api/ingest/test"
	TAGS_URL                         = "/api/tags"
	INDEXER_MANAGE_ADD_URL           = "/api/indexer/manage/add"
	KIT_URL                          = `/api/kits`
	KIT_ID_URL                       = `/api/kits/%s`
	KIT_BUILD_URL                    = `/api/kits/build`
	KIT_BUILD_ID_URL                 = `/api/kits/build/%s`
	KIT_STATUS_URL                   = `/api/kits/status`
	KIT_STATUS_ID_URL                = `/api/kits/status/%s`
	KIT_REMOTE_LIST_URL              = `/api/kits/remote/list`
	KIT_REMOTE_LIST_ALL_URL          = `/api/kits/remote/list/all`
	KIT_BUILD_HISTORY_URL            = `/api/kits/build/history`
	KIT_BUILD_HISTORY_ID_URL         = `/api/kits/build/history/%s`
	EXTRACTORS_URL                   = `/api/autoextractors`
	EXTRACTORS_UPLOAD_URL            = `/api/autoextractors/upload`
	EXTRACTORS_TEST_URL              = `/api/autoextractors/test`
	EXTRACTORS_ID_URL                = `/api/autoextractors/%s`
	EXTRACTORS_SYNC_URL              = `/api/autoextractors/sync`
	EXTRACTORS_ENGINES_URL           = `/api/autoextractors/engines`
	EXPLORE_GENERATE_URL             = `/api/explore/generate`
	TEMPLATES_URL                    = "/api/templates"
	TEMPLATES_ID_URL                 = "/api/templates/%s"
	TEMPLATES_ID_DETAILS_URL         = "/api/templates/%s/details"
	PIVOTS_URL                       = "/api/pivots"
	PIVOTS_ID_URL                    = "/api/pivots/%s"
	PIVOTS_ID_DETAILS_URL            = "/api/pivots/%s/details"
	USER_FILES_URL                   = "/api/files"
	USER_FILES_ID_URL                = "/api/files/%s"
	USER_FILES_ID_DETAILS_URL        = "/api/files/%s/details"
	LIBRARY_URL                      = "/api/library"
	LIBRARY_ID_URL                   = "/api/library/%s"
	LIBS_URL                         = `/api/libs`
	CAPABILITY_LIST_URL              = `/api/info/capabilities`
	CAPABILITY_TEMPLATE_LIST_URL     = `/api/info/capabilities/templates`
	CAPABILITY_CURRENT_USER_LIST_URL = `/api/info/capabilities/my`
	CAPABILITY_CURRENT_USER_WHY_URL  = `/api/info/capabilities/why`
	CAPABILITY_USER_URL              = `/api/users/%d/capabilities`
	CAPABILITY_USER_WHY_URL          = `/api/users/%d/capabilities/why`
	CAPABILITY_GROUP_URL             = `/api/groups/%d/capabilities`
	GROUP_TAG_ACCESS_URL             = `/api/groups/%d/tags`
	USER_TAG_ACCESS_URL              = `/api/users/%d/tags`
	PLAYBOOKS_URL                    = `/api/playbooks`
	PLAYBOOKS_ID_URL                 = `/api/playbooks/%s`
	BACKUP_URL                       = `/api/backup`
	DEPLOYMENT_URL                   = `/api/deployment`
	TOKENS_URL                       = `/api/tokens`
	TOKENS_ID_URL                    = `/api/tokens/%s`
	TOKENS_CAPABILITIES_URL          = `/api/tokens/capabilities`
	SECRETS_URL                      = `/api/secrets`
	SECRETS_ID_URL                   = `/api/secrets/%s`
	SECRETS_ID_DETAILS_URL           = `/api/secrets/%s/details`
	SECRETS_ID_FULL_URL              = `/api/secrets/%s/full`
	SETTINGS_URL                     = `/api/settings`
	INGESTERS_TRACKING_URL           = `/api/ingesters/%s/tracking`
	CBAC_DEFAULT_URL                 = `/api/cbac/default`
	CBAC_DEFAULT_CAPABILITIES_URL    = `/api/cbac/default/capabilities`
	CBAC_DEFAULT_TAGS_URL            = `/api/cbac/default/tags`
	ALERTS_URL                       = `/api/alerts`
	ALERTS_ID_URL                    = `/api/alerts/%s`
	ALERTS_ID_SAMPLE_URL             = `/api/alerts/%s/sample`
	ALERTS_VALIDATE_DISPATCHER_URL   = `/api/alerts/validate/dispatcher`
	ALERTS_VALIDATE_CONSUMER_URL     = `/api/alerts/validate/consumer`
	// Special APIs for installing licenses
	LICENSE_INIT_UPLOAD = `/license`
	LICENSE_INIT_STATUS = `/license/status`
)
View Source 
const (
	SEARCH_HISTORY_USER = `user`
)

Variables

View Source 
var (
	ErrInvalidTestStatus error = errors.New("Invalid status on webserver test")
	ErrAccountLocked     error = errors.New(`Account is Locked`)
	ErrLoginFail         error = errors.New(`Username and Password are incorrect`)
	ErrNotSynced         error = errors.New(`Client has not been synced`)
	ErrNoLogin           error = errors.New("Not logged in")
	ErrEmptyUserAgent    error = errors.New("UserAgent cannot be empty")
)
View Source 
var (
	ErrInvalidLogLevel = errors.New("Invalid logging level")
	Version            = VersionStruct{
		Major:    0,
		Minor:    1,
		Revision: 1,
	}
)
View Source 
var (
	ErrNotAuthed = errors.New("Not Authed")
	ErrNotFound  = errors.New("Not Found")
)
View Source 
var (
	ErrInvalidKitSize = errors.New("Kit is too small to upload")
)
View Source 
var (
	ErrInvalidUserFileSize = errors.New("UserFile is too large to upload")
)
View Source 
var (
	ErrMaxBodyDrained = errors.New("too many response bytes in body, closing")
)
View Source 
var (
	ErrNotAdmin = errors.New("You are not an admin")
)
View Source 
var (
	ErrSearchNotAttached = errors.New("search not attached")
)

Functions

This section is empty.

Types

type ActiveSession 

type ActiveSession struct {
	JWT                  string
	LastNotificationTime time.Time
}

The ActiveSession structure represents a login session on the server. The JWT field contains a negotiated authentication token (with expiration).

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client handles interaction with the server's REST APIs and websockets.

func New added in v3.8.19 

func New(server string, enforceCertificate, useHttps bool) (*Client, error)

New connects to the specified server and returns a new Client object. The useHttps parameter enables or disables SSL. Setting enforceCertificate to false will disable SSL certificate validation, allowing self-signed certs.

func NewClient deprecated 

func NewClient(server string, enforceCertificate, useHttps bool, objLogger objlog.ObjLog) (*Client, error)

NewClient connects to the specified server and returns a new Client object. The useHttps parameter enables or disables SSL. Setting enforceCertificate to false will disable SSL certificate validation, allowing self-signed certs.

Deprecated: Use New() or NewOpts() instead

func NewOpts added in v3.8.19 

func NewOpts(opts Opts) (*Client, error)

func (*Client) AccessLogF 

func (c *Client) AccessLogF(format string, a ...interface{}) error

AccessLogF submits a log message to the webserver at the Access log level.

func (*Client) AddDashboard 

func (c *Client) AddDashboard(name, desc string, obj interface{}) (uint64, error)

AddDashboard creates a new dashboard and returns the ID. The obj parameter will be stored as the Data field of the dashboard.

func (*Client) AddExtraction 

func (c *Client) AddExtraction(d types.AXDefinition) (id uuid.UUID, wrs []types.WarnResp, err error)

AddExtraction installs an autoextractor definition, returning the UUID of the new extraction or an error if it is invalid.

func (*Client) AddGroup 

func (c *Client) AddGroup(name, desc string) error

AddGroup (admin-only) creates a new group with the given name and description.

func (*Client) AddIndexer 

func (c *Client) AddIndexer(dialstring string) (map[string]string, error)

AddIndexer (admin-only) tells the webserver to connect to a new indexer. The indexer will be added to the list of indexers in the webserver's config file and persist in the future.

func (*Client) AddMacro 

func (c *Client) AddMacro(m types.SearchMacro) (id uint64, err error)

AddMacro creates a new macro with the specified name and expansion, returning the ID of the newly-created macro.

func (*Client) AddPlaybook 

func (c *Client) AddPlaybook(name, desc string, body []byte) (uuid.UUID, error)

AddPlaybook creates a new playbook with the specified name, description, and body, returning the UUID of the new playbook. Note that the UUID and GUID fields will be automatically chosen, but the GUID field may be updated later.

func (*Client) AddSelfTargetedNotification 

func (c *Client) AddSelfTargetedNotification(notifType uint32, msg, link string, expiration time.Time) error

AddSelfTargetedNotification creates a new notification with the given type, message, link, and expiration. If expiration time is invalid, the webserver will instead set a default expiration.

func (*Client) AddUser 

func (c *Client) AddUser(user, pass, name, email string, admin bool) error

AddUser (admin-only) creates a new user. The user and pass parameters specify login information. The name parameter is the user's real name and the email parameter is the user's email address. If 'admin' is set to true, the user will be flagged as an administrator.

func (*Client) AddUserFile 

func (c *Client) AddUserFile(name, desc, pth string) (guid uuid.UUID, err error)

AddUserFile creates a new user file with the specified name and description. pth should point to a valid file on the local system.

func (*Client) AddUserFileDetails 

func (c *Client) AddUserFileDetails(meta types.UserFileDetails, pth string) (guid uuid.UUID, err error)

AddUserFileDetails creates a new user file (uploaded from pth) with details set by the meta parameter.

func (*Client) AddUserToGroup 

func (c *Client) AddUserToGroup(uid, gid int32) error

AddUserToGroup adds a user to a group.

func (*Client) AdminChangePass 

func (c *Client) AdminChangePass(id int32, pass string) error

AdminChangePass (admin-only) changes the specified user's password without requiring the current password.

func (*Client) AdminDeleteKit 

func (c *Client) AdminDeleteKit(id string) (err error)

AdminDeleteKit is an admin-only function which can delete a kit owned by any user.

func (*Client) AdminListKits 

func (c *Client) AdminListKits() (pkgs []types.IdKitState, err error)

AdminListKits is an admin-only function which lists all kits on the system. Non-administrators will get the same list as returned by ListKits.

func (*Client) AdminMode 

func (c *Client) AdminMode() bool

AdminMode returns true if the ?admin=true parameter is set for API requests.

func (*Client) AllUserFiles 

func (c *Client) AllUserFiles() (ufds []types.UserFileDetails, err error)

AllUserFiles pulls the complete list of all user files for the entire system. Non-administrators will receive the same list as returned by UserFiles.

func (*Client) AttachSearch 

func (c *Client) AttachSearch(id string) (s Search, err error)

AttachSearch connects to an existing search (specified with the id parameter) and returns the associated Search object.

func (*Client) BackgroundSearch 

func (c *Client) BackgroundSearch(sid string) error

BackgroundSearch will request that a search is backgrounded by ID

func (*Client) Backup 

func (c *Client) Backup(wtr io.Writer, includeSS bool) (err error)

Backup generates a complete backup of all content on the Gravwell webserver and writes it out to the io.Writer provided. By default, scheduled searches / scheduled scripts are not included; set the 'includeSS' option to include them.

func (*Client) BackupWithConfig added in v3.8.18 

func (c *Client) BackupWithConfig(wtr io.Writer, cfg types.BackupConfig) (err error)

func (*Client) BuildKit 

func (c *Client) BuildKit(pbr types.KitBuildRequest) (r types.KitBuildResponse, err error)

BuildKit builds a new kit. The parameter 'pbr' contains information about the kit to be built, including lists of objects to include. On success, the returned KitBuildResponse will contain a UUID which can be used to download the kit via the KitDownloadRequest function.

func (*Client) CapabilityList 

func (c *Client) CapabilityList() (cl []types.CapabilityDesc, err error)

CapabilityList returns a complete list of capabilities.

func (*Client) CapabilityTemplateList 

func (c *Client) CapabilityTemplateList() (cl []types.CapabilityTemplate, err error)

CapabilityTemplateList returns a list of CBAC templates defined on the system.

func (*Client) CheckApiVersion 

func (c *Client) CheckApiVersion() (string, error)

CheckApiVersion assert the REST API version of the webserver is compatible with the client.

func (*Client) ClearAdminMode 

func (c *Client) ClearAdminMode()

ClearAdminMode unsets the ?admin=true parameter for future API requests.

func (*Client) ClearFlowError added in v3.8.2 

func (c *Client) ClearFlowError(id int32) error

ClearFlowError clears the error field on the specified scheduled search.

func (*Client) ClearFlowState added in v3.8.2 

func (c *Client) ClearFlowState(id int32) error

ClearFlowState clears state variables on the specified scheduled search.

func (*Client) ClearScheduledSearchError 

func (c *Client) ClearScheduledSearchError(id int32) error

ClearScheduledSearchError clears the error field on the specified scheduled search.

func (*Client) ClearScheduledSearchState 

func (c *Client) ClearScheduledSearchState(id int32) error

ClearScheduledSearchState clears state variables on the specified scheduled search.

func (*Client) ClearUserScheduledSearches 

func (c *Client) ClearUserScheduledSearches(uid int32) error

ClearUserScheduledSearches removes all scheduled searches belonging to the specified user

func (*Client) CloneDashboard 

func (c *Client) CloneDashboard(origid uint64) (id uint64, err error)

CloneDashboard creates a copy of a dashboard and returns the ID of the new dashboard.

func (*Client) CloneResource 

func (c *Client) CloneResource(guid string, newName string) (*types.ResourceMetadata, error)

CloneResource creates a copy of an existing resource (specified by GUID) with the Name field set to the newName parameter.

func (*Client) Close 

func (c *Client) Close() error

Close shuts down the client and cleans up connections. It does NOT terminate sessions.

func (*Client) ConfigureMail 

func (c *Client) ConfigureMail(user, pass, server string, port uint16, useTLS, noVerify bool) error

ConfigureMail sets up mail server options for the current user. The user, pass, server, and port parameters specify the mail server and authentication options for the server. The useTLS flag enables TLS for SMTP, and the noVerify flag disables checking of TLS certs.

func (*Client) CreateFlow added in v3.8.2 

func (c *Client) CreateFlow(name, description, schedule, flow string, groups []int32) (int32, error)

CreateFlow makes a new flow and returns the ID. The parameters are:

- name: the flow name.

- description: the flow description.

- schedule: a cron-format schedule on which to execute the flow.

- flow: a valid JSON flow definition.

- groups: an optional array of groups which should be able to access this object.

func (*Client) CreateResource 

func (c *Client) CreateResource(name, description string, global bool, groups []int32) (*types.ResourceMetadata, error)

CreateResource makes a new resource. The resource name and description are specified at creation time, as are the Global flag and an optional list of groups with which to share it. The return value contains information about the newly-created resource.

func (*Client) CreateScheduledScript 

func (c *Client) CreateScheduledScript(name, description, schedule, script string, lang types.ScriptLang, groups []int32) (int32, error)

Create a scheduled search that executes a script instead of a search. The parameters are:

- name: the search name.

- description: the search description.

- schedule: a cron-format schedule on which to execute the search.

- script: a valid anko script.

- groups: an optional array of groups which should be able to access this object.

- lang: the language of scheduled script (anko, go)

func (*Client) CreateScheduledSearch 

func (c *Client) CreateScheduledSearch(name, description, schedule string, searchreference uuid.UUID, searchquery string, duration time.Duration, groups []int32) (int32, error)

CreateScheduledSearch makes a new scheduled search and returns the ID. The parameters are:

- name: the search name.

- description: the search description.

- schedule: a cron-format schedule on which to execute the search.

- searchreference: a reference to a query library item. Cannot be combined with searchquery.

- searchquery: a valid search query string. Cannot be combined with searchreference.

- duration: the amount of time over which the query should be run.

func (*Client) CreateSecret added in v3.8.16 

func (c *Client) CreateSecret(sc types.SecretCreate) (sf types.Secret, err error)

CreateSecret instantiates and returns a new Secret. The actual secret string will not be returned.

func (*Client) CreateToken added in v3.8.5 

func (c *Client) CreateToken(tc types.TokenCreate) (tf types.TokenFull, err error)

func (*Client) CurrentUserCapabilities 

func (c *Client) CurrentUserCapabilities() (set []types.CapabilityDesc, err error)

CurrentUserCapabilities returns the list of capabilities enabled for the current user.

func (*Client) CurrentUserCapabilityExplanations added in v3.8.21 

func (c *Client) CurrentUserCapabilityExplanations() (set []types.CapabilityExplanation, err error)

CurrentUserCapabilityExplanations returns the list of capabilities, marked up to explain whether or not a user has the capability and why.

func (*Client) DebugAddHeaderValue added in v3.8.27 

func (c *Client) DebugAddHeaderValue(key, value string)

DebugAddHeaderValue can be used to inject header values into all requests; this function is primarily used for testing and forcing interactions with web application firewalls, security devices, and general testing. Key values must not be empty, empted values are allowed.

func (*Client) DebugAddQueryValue added in v3.8.27 

func (c *Client) DebugAddQueryValue(key, value string)

DebugAddQueryValue can be used to URL parameters into all requests; this function is primarily used for testing and forcing interactions with web application firewalls, security devices, and general testing. Key values must not be empty, empted values are allowed.

func (*Client) DebugDeleteHeaderValue added in v3.8.27 

func (c *Client) DebugDeleteHeaderValue(key string)

DebugDeleteHeaderValue can be used to remove a previously injected header value. See DebugAddHeaderValue for more information

func (*Client) DebugDeleteQueryValue added in v3.8.27 

func (c *Client) DebugDeleteQueryValue(key string)

DebugDeleteQueryValue can be used to remove a previously injected query value. See DebugAddQueryValue for more information

func (*Client) DeleteAlert added in v3.8.23 

func (c *Client) DeleteAlert(id uuid.UUID) (err error)

DeleteAlert deletes an alert. The id must be the ThingUUID, for precision.

func (*Client) DeleteBuildKit 

func (c *Client) DeleteBuildKit(id string) (err error)

DeleteBuildKit removes a recently-built kit.

func (*Client) DeleteDashboard 

func (c *Client) DeleteDashboard(id uint64) error

DeleteDashboard deletes the specified dashboard.

func (*Client) DeleteDashboardByGuid 

func (c *Client) DeleteDashboardByGuid(id string) error

DeleteDashboardByGuid deletes a dashboard specified by GUID.

func (*Client) DeleteDefaultSearchGroup added in v3.8.9 

func (c *Client) DeleteDefaultSearchGroup(uid int32) error

DeleteDefaultSearchGroup removes the default search group for a specified user Admins can delete any user's default search group, but regular users can only delete their own.

func (*Client) DeleteExtraction 

func (c *Client) DeleteExtraction(uuid string) (wrs []types.WarnResp, err error)

DeleteExtraction deletes the specified autoextraction.

func (*Client) DeleteFlow added in v3.8.2 

func (c *Client) DeleteFlow(id int32) error

DeleteFlow removes the specified flow.

func (*Client) DeleteGroup 

func (c *Client) DeleteGroup(gid int32) error

DeleteGroup (admin-only) will delete a group.

func (*Client) DeleteKit 

func (c *Client) DeleteKit(id string) (err error)

DeleteKit uninstalls a kit (specified by UUID). Note that if kit items have been modified, DeleteKit will return an error; use ForceDeleteKit to remove the kit regardless.

func (*Client) DeleteKitBuildHistory 

func (c *Client) DeleteKitBuildHistory(id string) error

DeleteKitBuildHistory deletes a build history entry for the given ID e.g. "io.gravwell.foo"

func (*Client) DeleteKitEx added in v3.8.0 

func (c *Client) DeleteKitEx(id string) ([]types.SourcedKitItem, error)

DeleteKitEx attempts to uninstall a kit. If kit items have been modified, it will return an error and a list of modified items. If nothing has been changed, it returns an empty list and a nil error.

func (*Client) DeleteMacro 

func (c *Client) DeleteMacro(id uint64) error

DeleteMacro deletes a macro.

func (*Client) DeleteMailConfig added in v3.8.16 

func (c *Client) DeleteMailConfig() error

DeleteMailConfig removes a users mail configuration fom preferences this completely uninstalls any mail configs

func (*Client) DeleteNotification added in v3.8.10 

func (c *Client) DeleteNotification(id uint64) error

DeleteNotification will delete a notification using a notification ID

func (*Client) DeletePivot 

func (c *Client) DeletePivot(guid uuid.UUID) (err error)

DeletePivot deletes the pivot with the specified GUID

func (*Client) DeletePlaybook 

func (c *Client) DeletePlaybook(id uuid.UUID) error

DeletePlaybook deletes the playbook with the specified UUID or GUID.

func (*Client) DeletePreferences 

func (c *Client) DeletePreferences(id int32) error

DeletePreferences clear's the specified user's preferences.

func (*Client) DeleteResource 

func (c *Client) DeleteResource(guid string) error

DeleteResource removes a resource by GUID.

func (*Client) DeleteScheduledSearch 

func (c *Client) DeleteScheduledSearch(id int32) error

DeleteScheduledSearch removes the specified scheduled search.

func (*Client) DeleteSearch 

func (c *Client) DeleteSearch(sid string) error

DeleteSearch will request that a search is deleted by search ID

func (*Client) DeleteSearchLibrary 

func (c *Client) DeleteSearchLibrary(id uuid.UUID) (err error)

DeleteSearchLibrary deletes a specific libary entry.

func (*Client) DeleteSecret added in v3.8.16 

func (c *Client) DeleteSecret(id uuid.UUID) (err error)

DeleteSecret deletes a Secret.

func (*Client) DeleteTemplate 

func (c *Client) DeleteTemplate(guid uuid.UUID) (err error)

DeleteTemplate deletes the template with the specified GUID

func (*Client) DeleteToken added in v3.8.5 

func (c *Client) DeleteToken(id uuid.UUID) (err error)

func (*Client) DeleteUser 

func (c *Client) DeleteUser(id int32) error

DeleteUser (admin-only) deletes the specified user.

func (*Client) DeleteUserFile 

func (c *Client) DeleteUserFile(id uuid.UUID) (err error)

DeleteUserFile removes a user file by its GUID

func (*Client) DeleteUserFromGroup 

func (c *Client) DeleteUserFromGroup(uid, gid int32) error

DeleteUserFromGroup removes a user from a group.

func (*Client) DeploymentInfo 

func (c *Client) DeploymentInfo() (di types.DeploymentInfo, err error)

DistributedWebservers queries to determine if the webserver is in distributed mode and therefore using the datastore. This means that certain resource changes may take some time to fully distribute. This is an admin-only function.

func (*Client) DetachSearch 

func (c *Client) DetachSearch(s Search)

DetachSearch disconnects the client from a search. This may lead to the search being garbage collected.

func (*Client) DialWebsocket 

func (c *Client) DialWebsocket(pth string) (conn *websocket.Conn, resp *http.Response, err error)

DialWebsocket uses the client's auth tokens to connect to a websocket on the server, returning the websocket connection.

func (*Client) DownloadRequest 

func (c *Client) DownloadRequest(url string) (resp *http.Response, err error)

DownloadRequest performs an authenticated GET request on the specified URL and hands back the http.Response object for the request.

func (*Client) DownloadRequestWithContext 

func (c *Client) DownloadRequestWithContext(url string, ctx context.Context) (resp *http.Response, err error)

DownloadRequestWithContext performs an authenticated GET request on the specified URL and hands back the http.Response object for the request.

func (*Client) DownloadSearch 

func (c *Client) DownloadSearch(sid string, tr types.TimeRange, format string) (r io.ReadCloser, err error)

DownloadSearch returns an io.ReadCloser which can be used to download the results of the search with the specified search ID. The tr parameter is the time frame over which to download results, and the format parameter specifies the desired download format ("json", "csv", "text", "pcap", "lookupdata", "ipexist", "archive")

func (*Client) ErrorLogF 

func (c *Client) ErrorLogF(format string, a ...interface{}) error

ErrorLogF submits a log message to the webserver at the Error log level.

func (*Client) ExploreGenerate 

func (c *Client) ExploreGenerate(tag string, ents []types.SearchEntry) (mp map[string][]types.GenerateAXResponse, err error)

ExploreGenerate takes a tag name and an array of one or more SearchEntry objects as arguments. It has the webserver attempt various data exploration extractions and returns a map of the results. The map keys are extraction modules, e.g. "json" or "winlog". The map values are arrays of GenerateAXResponse structures, each representing one possible extraction of the data, including an AX definition which can be installed if the user deems the extraction appropriate.

func (*Client) ExportLoginToken added in v3.8.6 

func (c *Client) ExportLoginToken() (token string, err error)

func (*Client) ExtractionSupportedEngines 

func (c *Client) ExtractionSupportedEngines() (v []string, err error)

ExtractionSupportedEngines returns a list of valid engines for use in autoextraction definitions.

func (*Client) ForceDeleteKit 

func (c *Client) ForceDeleteKit(id string) (err error)

ForceDeleteKit uninstalls a kit (specified by UUID) regardless of any changes made since installation.

func (*Client) ForgetIngester added in v3.8.20 

func (c *Client) ForgetIngester(id uuid.UUID) (err error)

func (*Client) GetAlert added in v3.8.23 

func (c *Client) GetAlert(id uuid.UUID) (result types.AlertDefinition, err error)

GetAlert returns the definition for a specific alert. The id passed can be either a ThingUUID, which will always return a specific alert, or a GUID, in which case the webserver will attempt to resolve the "most appropriate" alert with that GUID.

func (*Client) GetAlertSampleEvent added in v3.8.23 

func (c *Client) GetAlertSampleEvent(id uuid.UUID) (result types.Event, err error)

GetAlertSampleEvent asks the webserver to generate a sample event for the given alert.

func (*Client) GetAlerts added in v3.8.23 

func (c *Client) GetAlerts() (result []types.AlertDefinition, err error)

GetAlerts returns a list of alerts the user has access to. As admin, set the admin flag (c.SetAdminMode) to get a list of all alerts on the system.

func (*Client) GetAlertsByConsumer added in v3.8.30 

func (c *Client) GetAlertsByConsumer(consumerID string, consumerType types.AlertConsumerType) (result []types.AlertDefinition, err error)

GetAlertsByConsumer returns a list of alerts who refer to the specified consumer. consumerID should be the *ID* of the a flow, not the *GUID*. Basically, this lets you ask: which alerts will launch *this specific flow*.

func (*Client) GetAlertsByDispatcher added in v3.8.30 

func (c *Client) GetAlertsByDispatcher(dispatcherID string, dispatcherType types.AlertDispatcherType) (result []types.AlertDefinition, err error)

GetAlertsByDispatcher returns a list of alerts who refer to the specified dispatcher. dispatcherID should be the *ID* of the a scheduled search, not the *GUID*. Basically, this lets you ask: which alerts will be invoked by *this specific scheduled search*.

func (*Client) GetAllDashboards 

func (c *Client) GetAllDashboards() ([]types.Dashboard, error)

GetAllDashboards (admin-only) returns a list of all dashboards on the system.

func (*Client) GetAllMacros 

func (c *Client) GetAllMacros() ([]types.SearchMacro, error)

GetAllMacros (admin-only) returns all macros on the system.

func (*Client) GetAllPlaybooks 

func (c *Client) GetAllPlaybooks() (pbs []types.Playbook, err error)

GetAllPlaybooks (admin-only) returns all playbooks for all users. Non-administrators will receive the same list as returned by GetUserPlaybooks.

func (*Client) GetAllPreferences 

func (c *Client) GetAllPreferences() (types.UserPreferences, error)

GetAllPreferences (admin-only) fetches preferences for all users.

func (*Client) GetAllResourceList 

func (c *Client) GetAllResourceList() (rm []types.ResourceMetadata, err error)

GetAllResourceList is an admin-only API to pull back the entire resource list. Non-administrators will receive the same list as returned by GetResourceList.

func (*Client) GetAllScheduledSearches 

func (c *Client) GetAllScheduledSearches() ([]types.ScheduledSearch, error)

GetAllScheduledSearches (admin-only) returns all scheduled searches on the system.

func (*Client) GetAllUsers 

func (c *Client) GetAllUsers() ([]types.UserDetails, error)

GetAllUsers returns information about all users on the system.

func (*Client) GetApiVersion added in v3.8.1 

func (c *Client) GetApiVersion() (types.ApiInfo, error)

GetApiVersion returns the REST API version of the webserver.

func (*Client) GetAttachSockets 

func (c *Client) GetAttachSockets() (*SearchSockets, error)

GetAttachSockets will hit the search routing websocket page and pull back only the attach socket.

func (*Client) GetAvailableEntryCount 

func (c *Client) GetAvailableEntryCount(s Search) (uint64, bool, error)

GetAvailableEntryCount returns the number of output entries for the specified search. The second return value is a boolean indicating if the search has finished or not.

func (*Client) GetCalendarStats added in v3.8.25 

func (c *Client) GetCalendarStats(start, end time.Time, wells []string) ([]types.CalendarEntry, error)

GetCalendarStats gets day-by-day calendar statistics for the given wells.

func (*Client) GetChartResults 

func (c *Client) GetChartResults(s Search, start, end uint64) (resp types.ChartResponse, err error)

GetChartResults queries a range of search results from the chart renderer. It returns a types.ChartResponse structure containing the results (see the Entries field).

func (*Client) GetChartTsRange 

func (c *Client) GetChartTsRange(s Search, start, end time.Time, first, last uint64) (types.ChartResponse, error)

GetChartTsRange queries search results for a time range from the chart renderer. It returns a types.ChartResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetDashboard 

func (c *Client) GetDashboard(id uint64) (types.Dashboard, error)

GetDashboard fetches a dashboard by numeric ID.

func (*Client) GetDashboardByGuid 

func (c *Client) GetDashboardByGuid(guid string) (types.Dashboard, error)

GetDashboardByGuid fetches a dashboard by GUID.

func (*Client) GetDefaultSearchGroup added in v3.8.9 

func (c *Client) GetDefaultSearchGroup(uid int32) (gid int32, err error)

GetDefaultSearchGroup returns the specified users default search group Admins can get any user's default search group, but regular users can only get their own.

func (*Client) GetEntries 

func (c *Client) GetEntries(s Search, start, end uint64) ([]types.StringTagEntry, error)

GetEntries fetches results from a search. These results have the Tag field represented as a string rather than the numeric representation used internally. Note that GetEntries is really only suitable for searches using the raw, text, or hex renderers. Results from the table renderer will also be restructured as entries, but other renderers are not supported.

func (*Client) GetExploreEntries 

func (c *Client) GetExploreEntries(s Search, start, end uint64) ([]types.SearchEntry, []types.ExploreResult, error)

GetExploreEntries takes the same arguments as GetEntries (a search + start and end indices), but in addition to the array of SearchEntries, it returns an array of ExploreResult objects. Each ExploreResult corresponds to the SearchEntry at the same index.

func (*Client) GetExtraction added in v3.8.21 

func (c *Client) GetExtraction(uuid string) (d types.AXDefinition, err error)

GetExtraction returns a particular extraction by UUID

func (*Client) GetExtractions 

func (c *Client) GetExtractions() (dfs []types.AXDefinition, err error)

GetExtractions returns the list of autoextraction definitions available to the current user.

func (*Client) GetFdgResults 

func (c *Client) GetFdgResults(s Search, start, end uint64) (types.FdgResponse, error)

GetFdgResults queries a range of search results from the FDG renderer. It returns a types.FdgResponse structure containing the results (see the Entries field).

func (*Client) GetFdgTsRange 

func (c *Client) GetFdgTsRange(s Search, start, end time.Time, first, last uint64) (types.FdgResponse, error)

GetFdgTsRange queries search results for a time range from the fdg renderer. It returns a types.FdgResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetFlow added in v3.8.2 

func (c *Client) GetFlow(id interface{}) (types.ScheduledSearch, error)

GetFlow returns the flow with the given ID. The ID is an interface{} to allow the user to specify either the flow's int32 "ID" or its UUID "GUID" field.

func (*Client) GetFlowList added in v3.8.2 

func (c *Client) GetFlowList() ([]types.ScheduledSearch, error)

GetFlowhList returns flows the user has access to.

func (*Client) GetFullSecret added in v3.8.16 

func (c *Client) GetFullSecret(id uuid.UUID) (s types.SecretFull, err error)

GetFullSecret fetches the entire Secret, including the value. This can only be used if you have authenticated using the searchagent token. The search agent knows how to set up the Client object correctly for this. If you are not writing something which acts like the search agent, you don't want this function, it won't work.

func (*Client) GetGaugeResults 

func (c *Client) GetGaugeResults(s Search, start, end uint64) (types.GaugeResponse, error)

GetGaugeResults queries a range of search results from the gauge or numbercard renderers. It returns a types.GaugeResponse structure containing the results (see the Entries field).

func (*Client) GetGaugeTsRange 

func (c *Client) GetGaugeTsRange(s Search, start, end time.Time, first, last uint64) (types.GaugeResponse, error)

GetGaugeTsRange queries search results for a time range from the gauge renderer. It returns a types.GaugeResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetGroup 

func (c *Client) GetGroup(id int32) (types.GroupDetails, error)

GetGroup returns information about the specified group.

func (*Client) GetGroupCapabilities 

func (c *Client) GetGroupCapabilities(gid int32) (cs types.CapabilityState, err error)

GetGroupCapabilities (admin-only) returns the list of capabilities enabled for a given group.

func (*Client) GetGroupDashboards 

func (c *Client) GetGroupDashboards(id int32) ([]types.Dashboard, error)

GetGroupDashboards returns a list of all dashboards shared with the specified group. Only admins or members of the group may call this function.

func (*Client) GetGroupList 

func (c *Client) GetGroupList() ([]types.GroupDetails, error)

GetGroupList gets a listing of groups with basic info like GID, name, desc.

func (*Client) GetGroupMacros 

func (c *Client) GetGroupMacros(id int32) ([]types.SearchMacro, error)

GetGroupMacros returns macros shared with the specified group.

func (*Client) GetGroupMap 

func (c *Client) GetGroupMap() (map[int32]string, error)

GetGroupMap returns a map of GID to group name for every group on the system.

func (*Client) GetGroupTagAccess 

func (c *Client) GetGroupTagAccess(gid int32) (ta types.TagAccess, err error)

GetGroupTagAccess (admin-only) returns the tag access restrictions for the specified group.

func (*Client) GetGroupUsers 

func (c *Client) GetGroupUsers(gid int32) ([]types.UserDetails, error)

ListGroupUsers will return user details for all members of a group. Only administrators or members of the group may call this function.

func (*Client) GetGroups 

func (c *Client) GetGroups() ([]types.GroupDetails, error)

GetGroups returns information about all groups on the system.

func (*Client) GetGuiSettings added in v3.8.8 

func (c *Client) GetGuiSettings() (types.GUISettings, error)

func (*Client) GetHeatmapResults 

func (c *Client) GetHeatmapResults(s Search, start, end uint64, fence types.Geofence) (types.HeatmapResponse, error)

GetHeatmapResults queries a range of search results from the heatmap renderer. It returns a types.HeatmapResponse structure containing the results (see the Entries field). The fence parameter is an option geofence to apply to the results.

func (*Client) GetHeatmapTsRange 

func (c *Client) GetHeatmapTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.HeatmapResponse, error)

GetHeatmapTsRange queries search results for a time range from the heatmap renderer. It returns a types.HeatmapResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified. The fence parameter is an option geofence to apply to the results.

func (*Client) GetHexResults 

func (c *Client) GetHexResults(s Search, start, end uint64) (types.TextResponse, error)

GetHexResults queries a range of search results from the hex renderer. It returns a types.TextResponse structure containing the results (see the Entries field)

func (*Client) GetHexTsRange 

func (c *Client) GetHexTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)

GetHexTsRange queries search results for a time range from the hex renderer. It returns a types.TextResponse structure containing the results (see the Entries field). The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetIndexStats 

func (c *Client) GetIndexStats() (map[string]types.IdxStats, error)

GetIndexStats gets statistics for all the indexes on all connected indexers.

func (*Client) GetIndexerCalendarStats added in v3.8.25 

func (c *Client) GetIndexerCalendarStats(indexer uuid.UUID, start, end time.Time, wells []string) ([]types.CalendarEntry, error)

GetIndexerCalendarStats gets day-by-day calendar statistics for a given indexer and given wells.

func (*Client) GetIndexerStorageStats added in v3.8.25 

func (c *Client) GetIndexerStorageStats(indexer uuid.UUID) (map[string]types.PerWellStorageStats, error)

GetIndexerStorageStats gets storage statistics for the given indexer..

func (*Client) GetIngesterStats 

func (c *Client) GetIngesterStats() (map[string]types.IngestStats, error)

GetIngesterStats gets statistics for all ingesters tied to each indexer.

func (*Client) GetLibFile 

func (c *Client) GetLibFile(repo, commit, fn string) (bts []byte, err error)

GetLibFile fetches the contents of a particular SOAR library file, as used in scheduled search scripts. The repo and commit arguments are optional. Examples: 

c.GetLibFile("https://github.com/gravwell/libs", "cd9d6c5", "alerts/email.ank")
c.GetLibFile("", "", "utils/links.ank")

func (*Client) GetLicenseDistributionState 

func (c *Client) GetLicenseDistributionState() (ds types.LicenseDistributionStatus, err error)

GetLicenseDistributionState checks the distribution status of a newly-uploaded license during the initial setup of a Gravwell cluster. This function MUST be called after calling InitLicense; when the status returned is "done", Gravwell is ready for use.

func (*Client) GetLicenseInfo 

func (c *Client) GetLicenseInfo() (li types.LicenseInfo, err error)

GetLicenseInfo returns information about the currently installed license.

func (*Client) GetLicenseSKU 

func (c *Client) GetLicenseSKU() (sku string, err error)

GetLicenseSKU returns the SKU for the license in use.

func (*Client) GetLicenseSerial 

func (c *Client) GetLicenseSerial() (serial string, err error)

GetLicenseSerial returns the serial number for the current license.

func (*Client) GetLogLevel 

func (c *Client) GetLogLevel() (string, error)

GetLogLevel is an admin-only function which returns the webserver's enabled log level.

Valid levels: "Off", "Error", "Warn", "Info", "Web Access".

func (*Client) GetMacro 

func (c *Client) GetMacro(id uint64) (types.SearchMacro, error)

GetMacro returns detailed about a particular macro.

func (*Client) GetMyPreferences 

func (c *Client) GetMyPreferences(obj interface{}) error

GetMyPreferences gets the current user's preferences into obj.

func (*Client) GetNumbercardResults 

func (c *Client) GetNumbercardResults(s Search, start, end uint64) (types.GaugeResponse, error)

GetNumbercardResults queries a range of search results from the gauge or numbercard renderers. It returns a types.GaugeResponse structure containing the results (see the Entries field).

func (*Client) GetNumbercardTsRange 

func (c *Client) GetNumbercardTsRange(s Search, start, end time.Time, first, last uint64) (types.GaugeResponse, error)

GetNumbercardTsRange queries search results for a time range from the gauge or numbercard renderers. It returns a types.GaugeResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetP2PResults 

func (c *Client) GetP2PResults(s Search, start, end uint64, fence types.Geofence) (types.P2PResponse, error)

GetP2PResults queries a range of search results from the point2point renderer. It returns a types.P2PResponse structure containing the results (see the Entries field). The fence parameter is an option geofence to apply to the results.

func (*Client) GetP2PTsRange 

func (c *Client) GetP2PTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.P2PResponse, error)

GetP2PTsRange queries search results for a time range from the point2point renderer. It returns a types.P2PResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified. The fence parameter is an option geofence to apply to the results.

func (*Client) GetPcapResults 

func (c *Client) GetPcapResults(s Search, start, end uint64) (types.TextResponse, error)

GetPcapResults queries a range of search results from the pcap renderer. It returns a types.TextResponse structure containing the results (see the Entries field).

func (*Client) GetPcapTsRange 

func (c *Client) GetPcapTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)

GetPcapTsRange queries search results for a time range from the pcap renderer. It returns a types.TextResponse structure containing the results (see the Entries field). The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetPingStates 

func (c *Client) GetPingStates() (map[string]string, error)

GetPingStates gets the connected/disconnected state of each indexer.

func (*Client) GetPivot 

func (c *Client) GetPivot(guid uuid.UUID) (pivot types.WirePivot, err error)

GetPivot returns a types.WirePivot with the requested GUID. Because unique GUIDs are not enforced, the following precedence is used when selecting a pivot to return: 1. Pivots owned by the user always have highest priority 2. Pivots shared with a group to which the user belongs are next 3. Global pivots are the lowest priority

func (*Client) GetPlaybook 

func (c *Client) GetPlaybook(id uuid.UUID) (types.Playbook, error)

GetPlaybook fetches the playbook with the specified UUID or GUID.

func (*Client) GetPointmapResults 

func (c *Client) GetPointmapResults(s Search, start, end uint64, fence types.Geofence) (types.PointmapResponse, error)

GetPointmapResults queries a range of search results from the pointmap renderer. It returns a types.PointmapResponse structure containing the results (see the Entries field). The fence parameter is an option geofence to apply to the results.

func (*Client) GetPointmapTsRange 

func (c *Client) GetPointmapTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.PointmapResponse, error)

GetPointmapTsRange queries search results for a time range from the pointmap renderer. It returns a types.PointmapResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified. The fence parameter is an option geofence to apply to the results.

func (*Client) GetPreferences 

func (c *Client) GetPreferences(id int32, obj interface{}) error

GetPreferences fetches the preferences structure for the user and unpacks them into obj.

func (*Client) GetRawResults 

func (c *Client) GetRawResults(s Search, start, end uint64) (types.TextResponse, error)

GetRawResults queries a range of search results from the raw renderer. It returns a types.TextResponse structure containing the results (see the Entries field).

func (*Client) GetRawTsRange 

func (c *Client) GetRawTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)

GetRawTsRange queries search results for a time range from the raw renderer. It returns a types.TextResponse structure containing the results (see the Entries field). The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetRefinedSearchHistory 

func (c *Client) GetRefinedSearchHistory(s string) ([]types.SearchLog, error)

GetRefinedSearchHistory retrieves the current search history for the currently logged in user narrowed to searches containing the substring s. It only pulls back searches invoked by the individual user.

func (*Client) GetResource 

func (c *Client) GetResource(name string) ([]byte, error)

GetResource returns the contents of the resource with the specified name. The name can be either the user-friendly Name field, or a stringified GUID. Because resources can be shared, and resources are not required to have globally-unique names, the following precedence is used when selecting a resource by user-friendly name: 1. Resources owned by the user always have highest priority 2. Resources shared with a group to which the user belongs are next 3. Global resources are the lowest priority

func (*Client) GetResourceList 

func (c *Client) GetResourceList() (rm []types.ResourceMetadata, err error)

GetResourceList returns information about all resources the user can access.

func (*Client) GetResourceMetadata added in v3.8.14 

func (c *Client) GetResourceMetadata(guid string) (*types.ResourceMetadata, error)

GetResourceMetadata gets the specified resource's metadata.

func (*Client) GetScheduledSearch 

func (c *Client) GetScheduledSearch(id interface{}) (types.ScheduledSearch, error)

GetScheduledSearch returns the scheduled search with the given ID. The ID is an interface{} to allow the user to specify either the int32 "ID" or the UUID "GUID" field.

func (*Client) GetScheduledSearchList 

func (c *Client) GetScheduledSearchList() ([]types.ScheduledSearch, error)

GetScheduledSearchList returns scheduled searches the user has access to.

func (*Client) GetSearchHistory 

func (c *Client) GetSearchHistory() ([]types.SearchLog, error)

GetSearchHistory retrieves the current search history for the currently logged in user. It only pulls back searches invoked by the individual user.

func (*Client) GetSearchHistoryRange 

func (c *Client) GetSearchHistoryRange(start, end int) ([]types.SearchLog, error)

GetSearchHistoryRange retrieves paginated search history for the currently logged in user. The start and end parameters are indexes into the search history, with 0 representing the most recent search.

func (*Client) GetSearchLibrary added in v3.8.6 

func (c *Client) GetSearchLibrary(id uuid.UUID) (sl types.WireSearchLibrary, err error)

GetSearchLibrary returns a query which matches the UUID given. It first checks for a query with a matching ThingUUID. If that is not found, it looks for a query with a matching GUID, prioritizing queries belonging to the current user.

func (*Client) GetSearchMetadata 

func (c *Client) GetSearchMetadata(s Search) (sm types.SearchMetadata, err error)

GetSearchMetadata request the enumerated value metadata stats from a search. The metadata stats contain some basic survey info about enumerated values in the pipeline. The survey info may contain numerical info such as min and max for numbers and a sample of enumerated value values for non-numerical types.

func (*Client) GetSearchSockets 

func (c *Client) GetSearchSockets() (*SearchSockets, error)

GetSearchSockets will hit the search routing websocket page and pull back the parse, search, and attach subprotocols.

func (*Client) GetStackGraphResults 

func (c *Client) GetStackGraphResults(s Search, start, end uint64) (types.StackGraphResponse, error)

GetStackGraphResults queries a range of search results from the stackgraph renderer. It returns a types.StackGraphResponse structure containing the results (see the Entries field).

func (*Client) GetStackGraphTsRange 

func (c *Client) GetStackGraphTsRange(s Search, start, end time.Time, first, last uint64) (types.StackGraphResponse, error)

GetStackGraphTsRange queries search results for a time range from the stackgraph renderer. It returns a types.StackGraphResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetStatSocket 

func (c *Client) GetStatSocket(subProto string) (*websocketRouter.SubProtoConn, *websocketRouter.SubProtoClient, error)

GetStatSocket will connect to the websocketRouter and get the subProto client for the stats socket only.

func (*Client) GetStorageStats added in v3.8.25 

func (c *Client) GetStorageStats() (map[string]types.StorageStats, error)

GetStorageStats gets storage statistics for all indexers.

func (*Client) GetSystemDescriptions 

func (c *Client) GetSystemDescriptions() (map[string]types.SysInfo, error)

GetSystemDescriptions hits the static page to hand back system descriptions for all active indexers and the webserver.

func (*Client) GetSystemStats 

func (c *Client) GetSystemStats() (map[string]types.SysStats, error)

GetSystemStats gets the system statistics from each active indexer.

func (*Client) GetTableResults 

func (c *Client) GetTableResults(s Search, start, end uint64) (types.TableResponse, error)

GetTableResults queries a range of search results from the table renderer. It returns a types.TableResponse structure containing the results (see the Entries field)

func (*Client) GetTableTsRange 

func (c *Client) GetTableTsRange(s Search, start, end time.Time, first, last uint64) (types.TableResponse, error)

GetTableTsRange queries search results for a time range from the table renderer. It returns a types.TableResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetTags 

func (c *Client) GetTags() ([]string, error)

GetTags returns an array of strings representing the tags on the Gravwell system.

func (*Client) GetTemplate 

func (c *Client) GetTemplate(guid uuid.UUID) (template types.WireUserTemplate, err error)

GetTemplate returns a types.WireUserTemplate with the requested GUID. Because unique GUIDs are not enforced, the following precedence is used when selecting a template to return: 1. Templates owned by the user always have highest priority 2. Templates shared with a group to which the user belongs are next 3. Global templates are the lowest priority

func (*Client) GetTextResults 

func (c *Client) GetTextResults(s Search, first, last uint64) (types.TextResponse, error)

GetTextResults queries a range of search results from the text, hex, or raw renderers. It returns a types.TextResponse structure containing the results (see the Entries field)

func (*Client) GetTextTsRange 

func (c *Client) GetTextTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)

GetTextTsRange queries search results for a time range from the text, hex, or raw renderers. It returns a types.TextResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.

func (*Client) GetUserCapabilities 

func (c *Client) GetUserCapabilities(uid int32) (cs types.CapabilityState, err error)

GetUserCapabilities (admin-only) returns the list of capabilities enabled for the specified user.

func (*Client) GetUserCapabilityExplanations added in v3.8.21 

func (c *Client) GetUserCapabilityExplanations(uid int32) (cs []types.CapabilityExplanation, err error)

GetUserCapabilityExplanations (admin-only) returns the list of capabilities enabled for the specified user & why

func (*Client) GetUserDashboards 

func (c *Client) GetUserDashboards(id int32) ([]types.Dashboard, error)

GetUserDashboards returns a list of all dashboards belonging to the specified user. Only admins or the user in question may call this function.

func (*Client) GetUserFile 

func (c *Client) GetUserFile(id uuid.UUID) (bts []byte, err error)

GetUserFile downloads a file with the given GUID and hands back its contents

func (*Client) GetUserFileDetails added in v3.8.17 

func (c *Client) GetUserFileDetails(id uuid.UUID) (dets types.UserFileDetails, err error)

GetUserFileDetails fetches info about a particular file by GUID or ThingUUID.

func (*Client) GetUserGroups 

func (c *Client) GetUserGroups(uid int32) ([]types.GroupDetails, error)

ListGroups returns information about groups to which the user belongs.

func (*Client) GetUserGroupsDashboards 

func (c *Client) GetUserGroupsDashboards() ([]types.Dashboard, error)

GetUserGroupsDashboards returns a list of all dashboards the current user can view.

func (*Client) GetUserGroupsMacros 

func (c *Client) GetUserGroupsMacros() ([]types.SearchMacro, error)

GetUserGroupsMacros returns all macros accessible to the current user.

func (*Client) GetUserInfo 

func (c *Client) GetUserInfo(id int32) (types.UserDetails, error)

GetUserInfo (admin-only) gets information about a specific user.

func (*Client) GetUserList 

func (c *Client) GetUserList() ([]types.UserDetails, error)

GetUserList gets a listing of users with basic info like UID, name, email, etc.

func (*Client) GetUserMacros 

func (c *Client) GetUserMacros(id int32) ([]types.SearchMacro, error)

GetUserMacros returns macros belonging to the specified user.

func (*Client) GetUserMap 

func (c *Client) GetUserMap() (map[int32]string, error)

GetUserMap returns a map of UID to username for every user on the system.

func (*Client) GetUserPlaybooks 

func (c *Client) GetUserPlaybooks() ([]types.Playbook, error)

GetUserPlaybooks returns all playbooks accessible to the current user.

func (*Client) GetUserScheduledSearches 

func (c *Client) GetUserScheduledSearches(uid int32) ([]types.ScheduledSearch, error)

GetUserScheduledSearches returns all scheduled searches belonging to the specified user.

func (*Client) GetUserSearchHistory 

func (c *Client) GetUserSearchHistory(uid int32) ([]types.SearchLog, error)

GetUserSearchHistory retrieves the current search history for the specified user. Only admins may request search history for users besides themselves.

func (*Client) GetUserTagAccess 

func (c *Client) GetUserTagAccess(uid int32) (ta types.TagAccess, err error)

GetUserTagAccess (admin-only) returns the tag access restrictions for the specified user.

func (*Client) Groups 

func (c *Client) Groups() (gps []types.GroupDetails, err error)

Groups returns the current user's group memberships.

func (*Client) HasCapability added in v3.8.20 

func (c *Client) HasCapability(cp types.Capability) bool

HasCapability checks if the client contains a given capability, if the capability list is not yet populated

func (*Client) Impersonate 

func (c *Client) Impersonate(uid int32) (nc *Client, err error)

Impersonate is an admin-only function which can be used to execute commands as another user, similar to the `su` command on Unix. It returns a Client object which is authenticated as the specified user.

func (*Client) ImportLoginToken 

func (c *Client) ImportLoginToken(token string) (err error)

ImportLoginToken takes an existing JWT token and loads it into the client. The token is not validated by the client at this point; use the TestLogin function to verify that the token is valid. If you need to save and restore sessions, consider using the SessionData and InheritSession functions instead.

func (*Client) ImportSearch 

func (c *Client) ImportSearch(rdr io.Reader, gid int32) (err error)

ImportSearch uploads an archived search to Gravwell. The gid parameter specifies a group to share with, if desired.

func (*Client) ImportSearchBatchInfo added in v3.7.1 

func (c *Client) ImportSearchBatchInfo(rdr io.Reader, gid int32, name, info string) (err error)

ImportSearchBatchInfo uploads an archived search to Gravwell with optional batch information. The gid parameter specifies a group to share with, if desired. The name and info parameters are optional extended batch information

func (*Client) InfoLogF 

func (c *Client) InfoLogF(format string, a ...interface{}) error

InfoLogF submits a log message to the webserver at the Info log level.

func (*Client) Ingest added in v3.7.5 

func (c *Client) Ingest(rdr io.Reader, tag, src string, ignoreTimestamp, assumeLocalTimezone bool) (resp types.IngestResponse, err error)

func (*Client) IngestEntries 

func (c *Client) IngestEntries(entries []types.StringTagEntry) error

IngestEntries takes an array of entries and uploads them to the webserver, which will then distribute them out to its indexers. Returns the number of ingested entries and any error.

func (*Client) IngestFile 

func (c *Client) IngestFile(file, tag, src string, ignoreTimestamp, assumeLocalTimezone bool) (resp types.IngestResponse, err error)

IngestFile uploads the contents of a file on disk and ingests them.

The 'file' argument should point at a valid file on disk containing line-delimited log entries, a pcap packet capture, or JSON as downloaded from Gravwell search results.

'tag' is the tag to use, and 'src' should be a string containing a valid IP address.

If 'ignoreTimestamp' is set, all entries will be tagged with the current time.

If 'assumeLocalTimezone' is set, any timezone information in the data will be ignored and timestamps will be assumed to be in the Gravwell server's local timezone.

func (*Client) IngestInternal added in v3.8.0 

func (c *Client) IngestInternal(entries []types.StringTagEntry) error

IngestInternal is used to perform ingest on internal logs for external components. Things like the searchagent and other drone controllers can use this to get their internal logs into the the gravwell tag without an ingest connection. This API requires admin status.

func (*Client) InheritSession 

func (c *Client) InheritSession(sess *ActiveSession) (bool, error)

InheritSession loads an ActiveSession object into the client and verifies that the session data is still valid. Session objects may be retrieved using the SessionData function, serialized to a file, and later restored using InheritSession to implement basic persistent session functionality.

func (*Client) InitLicense 

func (c *Client) InitLicense(b []byte) error

InitLicense uploads the contents of a Gravwell license. It will return nil if the license is valid and accepted by Gravwell. After calling InitLicense, you MUST use GetLicenseDistributionState to verify that Gravwell has distributed the license to the indexers and is ready to use.

func (*Client) InstallKit 

func (c *Client) InstallKit(id string, cfg types.KitConfig) (err error)

InstallKit tells the webserver to install a staged kit. The id parameter is the UUID of the staged kit. The cfg parameter provides install-time options.

func (*Client) IsAdmin 

func (c *Client) IsAdmin() (bool, error)

IsAdmin checks if the logged-in user is an admin.

func (*Client) KitDownloadRequest 

func (c *Client) KitDownloadRequest(id string) (*http.Response, error)

KitDownloadRequest initiates a download for the specified kit and returns the associated http.Response structure. The kit is available in the Body field of the response.

func (*Client) KitInfo 

func (c *Client) KitInfo(id uuid.UUID) (ki types.IdKitState, err error)

KitInfo returns information about a particular installed/staged kit, specified by the kit's UUID.

func (*Client) KitStatuses 

func (c *Client) KitStatuses() (statuses []types.InstallStatus, err error)

KitStatuses returns the statuses of any ongoing or completed kit installations.

func (*Client) LicenseInitRequired 

func (c *Client) LicenseInitRequired() bool

LicenseInitRequired returns true if the Gravwell cluster requires a license. If true, use InitLicense to upload a valid license file.

func (*Client) ListAllPivots 

func (c *Client) ListAllPivots() (pivots []types.WirePivot, err error)

ListAllPivots returns the list of all pivots in the system Non-administrators will receive the same list as returned by ListPivots.

func (*Client) ListAllSearchLibrary 

func (c *Client) ListAllSearchLibrary() (wsl []types.WireSearchLibrary, err error)

ListAllSearchLibrary (admin-only) returns the list of all search library entries for all users. Non-administrators will receive the same list as returned by ListSearchLibrary.

func (*Client) ListAllSearchStatuses 

func (c *Client) ListAllSearchStatuses() ([]types.SearchCtrlStatus, error)

ListAllSearchStatuses returns a list of all searches on the system. Only admin users can use this function.

func (*Client) ListAllTemplates 

func (c *Client) ListAllTemplates() (templates []types.WireUserTemplate, err error)

ListAllTemplates returns the list of all templates in the system. Non-administrators will receive the same list as returned by ListTemplates.

func (*Client) ListKitBuildHistory 

func (c *Client) ListKitBuildHistory() (hist []types.KitBuildRequest, err error)

ListKitBuildHistory returns KitBuildRequests for all kits previously built by the user. Note that only the most recent build request is stored for each unique kit ID (e.g. "io.gravwell.foo").

func (*Client) ListKits 

func (c *Client) ListKits() (pkgs []types.IdKitState, err error)

ListKits returns a list of all installed and staged kits.

func (*Client) ListPivots 

func (c *Client) ListPivots() (pivots []types.WirePivot, err error)

ListPivots returns a list of pivots accessible to the current user.

func (*Client) ListRemoteKits 

func (c *Client) ListRemoteKits(all bool) (mds []types.KitMetadata, err error)

ListRemoteKits returns a list of kits available on the kit server.

func (*Client) ListSearchDetails added in v3.8.17 

func (c *Client) ListSearchDetails() ([]types.SearchInfo, error)

ListSearchDetails returns details for all searches the current user has access to and their current status. If the admin flag is set (by calling SetAdminMode()) this will return info for all searches on the system.

func (*Client) ListSearchLibrary 

func (c *Client) ListSearchLibrary() (wsl []types.WireSearchLibrary, err error)

ListSearchLibrary returns the list of queries in the search library available to the user.

func (*Client) ListSearchStatuses 

func (c *Client) ListSearchStatuses() ([]types.SearchCtrlStatus, error)

ListSearchStatuses returns a list of all searches the current user has access to and their current status.

func (*Client) ListSecrets added in v3.8.16 

func (c *Client) ListSecrets() (s []types.Secret, err error)

ListSecrets returns a list of all Secret objects the user has access to. The actual secret string will not be returned.

func (*Client) ListTemplates 

func (c *Client) ListTemplates() (templates []types.WireUserTemplate, err error)

ListTemplates returns a list of templates accessible to the current user.

func (*Client) ListTokens added in v3.8.5 

func (c *Client) ListTokens() (ts []types.Token, err error)

func (*Client) LockUserAccount 

func (c *Client) LockUserAccount(id int32) error

LockUserAccount (admin-only) locks a user account. The user will be unable to log in until unlocked, and all existing sessions will be terminated.

func (*Client) LoggedIn 

func (c *Client) LoggedIn() bool

LoggedIn returns true if the client is in an authenticated state.

func (*Client) Login 

func (c *Client) Login(user, pass string) error

Login authenticates the client to the webserver using the specified username and password.

func (*Client) LoginWithAPIToken added in v3.8.30 

func (c *Client) LoginWithAPIToken(token string) (err error)

func (*Client) Logout 

func (c *Client) Logout() error

Logout terminates the current session on the server.

func (*Client) LogoutAll 

func (c *Client) LogoutAll() error

LogoutAll asks the server to terminate the current session and every other session for our user.

func (*Client) LookupGroup added in v3.8.19 

func (c *Client) LookupGroup(groupname string) (gd types.GroupDetails, err error)

LookupGroup looks up a GroupDetails object given a group name if the group name is not found, ErrNotFound is returned

func (*Client) LookupResourceGUID 

func (c *Client) LookupResourceGUID(name string) (string, error)

LookupResourceGUID attempts to resolve the GUID for a resource with the specified user-friendly name. It follows precedence as defined on the GetResource method.

func (*Client) LookupUser added in v3.8.19 

func (c *Client) LookupUser(username string) (ud types.UserDetails, err error)

LookupUser looks up a UserDetails object given a username if the username is not found, ErrNotFound is returned

func (*Client) MailConfig added in v3.8.17 

func (c *Client) MailConfig() (mc types.UserMailConfig, err error)

MailConfig retrieves the current mail config if no mail config is set an empty UserMailConfig is returned Even on a valid mail config the Password portion is not present in the response

func (*Client) ModifyKit added in v3.8.22 

func (c *Client) ModifyKit(id string, cfg types.KitConfig) (report types.KitModifyReport, err error)

ModifyKit tells the webserver to change parameters on an installed kit. The id parameter is the UUID of the installed kit. The cfg parameter provides the desired changes, with the following fields being respected: Global, InstallationGroup, and Labels.

func (*Client) MyAdminStatus 

func (c *Client) MyAdminStatus() bool

MyAdminStatus returns true if the current user is marked as an administrator.

func (*Client) MyInfo 

func (c *Client) MyInfo() (types.UserDetails, error)

MyInfo returns the current user's information.

func (*Client) MyNewNotificationCount 

func (c *Client) MyNewNotificationCount() (int, error)

MyNewNotificationCount returns the number of new notifications since the last read notification.

func (*Client) MyNewNotifications 

func (c *Client) MyNewNotifications() (types.NotificationSet, error)

MyNewNotifications returns notifications which have not been previously read. Calling MyNewNotifications updates the last-read notification.

func (*Client) MyNotificationCount 

func (c *Client) MyNotificationCount() (int, error)

MyNotificationCount returns the number of notifications for the current user.

func (*Client) MyNotifications 

func (c *Client) MyNotifications() (types.NotificationSet, error)

MyNotifications returns all notifications for the current user. Calling MyNotifications updates the last-read notification.

func (*Client) MySessions 

func (c *Client) MySessions() ([]types.Session, error)

MySessions returns an array of the current user's sessions.

func (*Client) MyUID 

func (c *Client) MyUID() int32

MyUID returns the current user's numeric user ID.

func (*Client) NewAlert added in v3.8.23 

func (c *Client) NewAlert(def types.AlertDefinition) (result types.AlertDefinition, err error)

NewAlert creates a new alert.

func (*Client) NewPivot 

func (c *Client) NewPivot(guid uuid.UUID, name, description string, contents types.RawObject) (storedGuid uuid.UUID, err error)

NewPivot creates a new pivot with the given GUID, name, description, contents. If guid is set to uuid.Nil, a random GUID will be chosen automatically.

func (*Client) NewSearchLibrary 

func (c *Client) NewSearchLibrary(sl types.WireSearchLibrary) (wsl types.WireSearchLibrary, err error)

NewSearchLibrary creates a new search library entry for the current user.

func (*Client) NewTemplate 

func (c *Client) NewTemplate(guid uuid.UUID, name, description string, contents types.RawObject) (details types.WireUserTemplate, err error)

NewTemplate creates a new template with the given GUID, name, description, contents. If guid is set to uuid.Nil, a random GUID will be chosen automatically.

func (*Client) ParseFlow added in v3.8.2 

func (c *Client) ParseFlow(flow string) (outputPayloads map[int]map[string]interface{}, err error)

ParseFlow asks the API to check a flow. If there is no error, outputPayloads will be a map containing the outputs of each node, keyed by the node ID.

func (*Client) ParseReactiveFlow added in v3.8.23 

func (c *Client) ParseReactiveFlow(flow string, event types.Event) (outputPayloads map[int]map[string]interface{}, err error)

ParseReactiveFlow asks the API to check a flow as if triggered by an alert. The event parameter will be injected into the initial payload under the name `event`. If there is no error, outputPayloads will be a map containing the outputs of each node, keyed by the node ID.

func (*Client) ParseScheduledScript 

func (c *Client) ParseScheduledScript(data string, lang types.ScriptLang) (line, column int, err error)

ParseScheduledScript asks the API to parse a script given an ID if there is no error line and column will have a return value of 0 if there is an error, err will be populated and potentially a line and column if the error was in the script

func (*Client) ParseSearch 

func (c *Client) ParseSearch(query string) (err error)

ParseSearch validates a search query. Gravwell will return an error if the query is not valid.

func (*Client) ParseSearchWithResponse 

func (c *Client) ParseSearchWithResponse(query string, filters []types.FilterRequest) (psr types.ParseSearchResponse, err error)

ParseSearchWithResponse behaves as ParseSearch, but it returns the ParseSearchResponse which contains detailed information about how Gravwell parsed out the search.

func (*Client) PopulateResource 

func (c *Client) PopulateResource(guid string, data []byte) error

PopulateResource updates the contents of the resource with the specified GUID.

func (*Client) PopulateResourceFromReader 

func (c *Client) PopulateResourceFromReader(guid string, data io.Reader) (err error)

PopulateResourceFromReader updates the contents of the specified resource using data read from an io.Reader rather than a slice of bytes.

func (*Client) PullKit 

func (c *Client) PullKit(guid uuid.UUID) (pc types.KitState, err error)

PullKit tells the webserver to stage the kit with the specified GUID for installation, pulling the kit from the kit server. A KitState object containing information about the kit is returned on success.

func (*Client) PurgeUser added in v3.8.6 

func (c *Client) PurgeUser(id int32) error

PurgeUser will first enumerate every asset that is owned by the user and delete them then it will delete the user. This is an admin-only function.

func (*Client) PutMyPreferences 

func (c *Client) PutMyPreferences(obj interface{}) error

PutMyPreferences updates the current user's preferences with obj.

func (*Client) PutPreferences 

func (c *Client) PutPreferences(id int32, obj interface{}) error

PutPreferences updates the specified user's preferences with obj.

func (*Client) RefreshLoginToken added in v3.7.5 

func (c *Client) RefreshLoginToken() (err error)

RefreshLoginToken will ask the webserver to refresh the login state this means we get a new JWT and cookie and discard the old one. The client must be logged in to use this API

func (*Client) RequestTimeout 

func (c *Client) RequestTimeout() (time.Duration, error)

RequestTimeout returns the current client request timeout value.

func (*Client) Restore 

func (c *Client) Restore(rdr io.Reader) (err error)

Restore reads a backup archive from rdr and unpacks it on the Gravwell server.

func (*Client) RestoreEncrypted added in v3.8.18 

func (c *Client) RestoreEncrypted(rdr io.Reader, password string) (err error)

RestoreEncrypted reads a backup archive from rdr and unpacks it on the Gravwell server.

func (*Client) SaveSearch 

func (c *Client) SaveSearch(sid string, ssp ...types.SaveSearchPatch) error

SaveSearch will request that a search is saved by ID, an optional SaveSearchPatch can be sent to modify the expiration or search name and notes

func (*Client) ScheduledSearchCheckin 

func (c *Client) ScheduledSearchCheckin(cfg types.SearchAgentConfig) error

ScheduledSearchCheckin (admin-only) informs the webserver that the search agent is active.

func (*Client) SearchDownloadRequest 

func (c *Client) SearchDownloadRequest(id, format string, tr types.TimeRange) (resp *http.Response, err error)

SearchDownloadRequest initiates a download of search results. The id parameter specifies the search to download. The format should be a supported download format for the search's renderer ("json", "csv", "text", "pcap", "lookupdata", "ipexist", "archive"). The tr parameter is the time frame over which results should be downloaded.

func (*Client) SearchDownloadRequestWithContext 

func (c *Client) SearchDownloadRequestWithContext(id, format string, tr types.TimeRange, ctx context.Context) (resp *http.Response, err error)

SearchDownloadRequestWithContext initiates a download of search results. The id parameter specifies the search to download. The format should be a supported download format for the search's renderer ("json", "csv", "text", "pcap", "lookupdata", "ipexist", "archive"). The tr parameter is the time frame over which results should be downloaded.

func (*Client) SearchInfo 

func (c *Client) SearchInfo(sid string) (types.SearchInfo, error)

SearchInfo requests the search info for a given search ID

func (*Client) SearchStatus added in v3.8.21 

func (c *Client) SearchStatus(sid string) (types.SearchCtrlStatus, error)

SearchStatus requests the status of a given search ID

func (*Client) SecretInfo added in v3.8.16 

func (c *Client) SecretInfo(id uuid.UUID) (s types.Secret, err error)

SecretInfo fetches information about a particular Secret. The actual secret string will not be returned.

func (*Client) SendMail 

func (c *Client) SendMail(from string, to []string, subject string, body string, attch []types.UserMailAttachment) error

SendMail sends an email with the specified parameters using the mail server configuration defined for the current user. Note that the email will be sent from the webserver, not the system running the client code.

func (*Client) SendPrebuiltMail 

func (c *Client) SendPrebuiltMail(msg types.UserMail) error

SendPrebuiltMail operates as SendMail, but takes a pre-populated types.UserMail object as an argument instead of discrete arguments.

func (*Client) Server 

func (c *Client) Server() string

func (*Client) ServerIP 

func (c *Client) ServerIP() net.IP

ServerIP attempts to return an IP address for the webserver. If it cannot resolve the hostname, it will return an unspecified IP

func (Client) SessionData 

func (c Client) SessionData() (ActiveSession, error)

SessionData returns a structure containing auth tokens for the current login session.

func (*Client) Sessions 

func (c *Client) Sessions(id int32) ([]types.Session, error)

Sessions lists sessions for the specified user.

func (*Client) SetAdmin 

func (c *Client) SetAdmin(id int32, admin bool) error

SetAdmin (admin-only) changes the admin status for the user with the given ID.

func (*Client) SetAdminMode 

func (c *Client) SetAdminMode()

SetAdminMode sets the ?admin=true parameter on future API requests. Note that setting this parameter has no effect for non-admin users. Admin users should use this parameter carefully, as it gives access to objects belonging to other users and makes it easy to break things.

func (*Client) SetDefaultSearchGroup 

func (c *Client) SetDefaultSearchGroup(uid int32, gid int32) error

SetDefaultSearchGroup will set the specified user's default search group. Admins can set any user's default search group, but regular users can only set their own.

func (*Client) SetGroup 

func (c *Client) SetGroup(sid string, gid int32) error

SetGroup will set the GID of the group which can read the search. Setting it to 0 will disable group access.

func (*Client) SetGroupCapabilities 

func (c *Client) SetGroupCapabilities(gid int32, cs types.CapabilityState) (err error)

SetGroupCapabilities (admin-only) sets the capability list for a group.

func (*Client) SetGroupTagAccess 

func (c *Client) SetGroupTagAccess(gid int32, ta types.TagAccess) (err error)

SetGroupTagAccess (admin-only) sets the tag access rules for a group.

func (*Client) SetLogLevel 

func (c *Client) SetLogLevel(level string) error

SetLogLevel is an admin-only function which sets the webserver's logging level.

Valid levels: "Off", "Error", "Warn", "Info", "Web Access".

func (*Client) SetNoCache added in v3.8.27 

func (c *Client) SetNoCache(v bool)

SetNoCache enables or disables Cache-Control headers on requests

func (*Client) SetPivot 

func (c *Client) SetPivot(guid uuid.UUID, pivot types.WirePivot) (details types.WirePivot, err error)

SetPivot allows the owner of a pivot (or an admin) to update the contents of the pivot.

func (*Client) SetRequestTimeout 

func (c *Client) SetRequestTimeout(to time.Duration) error

SetRequestTimeout overrides the client request timeout value. The timeout defaults to a very high value because large downloads may take significant time.

func (*Client) SetTemplate 

func (c *Client) SetTemplate(guid uuid.UUID, template types.WireUserTemplate) (details types.WireUserTemplate, err error)

SetTemplate allows the owner of a template (or an admin) to update the contents of the template.

func (*Client) SetUserAgent 

func (c *Client) SetUserAgent(v string) error

SetUserAgent changes the User-Agent field the client sends with requests (default: “GravwellCLI”).

func (*Client) SetUserCapabilities 

func (c *Client) SetUserCapabilities(uid int32, cs types.CapabilityState) (err error)

SetUserCaapbilities (admin-only) sets a user's capabilities to the provided list.

func (*Client) SetUserTagAccess 

func (c *Client) SetUserTagAccess(uid int32, ta types.TagAccess) (err error)

SetUserTagAccess (admin-only) sets the tag access rules for a user.

func (*Client) StartBackgroundSearch 

func (c *Client) StartBackgroundSearch(query string, start, end time.Time, nohistory bool) (s Search, err error)

StartBackgroundSearch launches a backgrounded search with the given query and the specified start and end times. If "nohistory" is set, the search will be hidden in the user's search history; if false, it will be visible.

func (*Client) StartFilteredSearch 

func (c *Client) StartFilteredSearch(query string, start, end time.Time, nohistory bool, filters []types.FilterRequest) (s Search, err error)

StartFilteredSearch launches a foregrounded search with the given query and start/end. The filters parameter is an array of filters; these will be automatically inserted into the query during the parse phase. If "nohistory" is set, the search will be hidden in the user's search history; if false, it will be visible.

func (*Client) StartSearch 

func (c *Client) StartSearch(query string, start, end time.Time, nohistory bool) (s Search, err error)

StartSearch launches a foregrounded search with the given query and start/end. If "nohistory" is set, the search will be hidden in the user's search history; if false, it will be visible.

func (*Client) StartSearchEx added in v3.7.1 

func (c *Client) StartSearchEx(sr types.StartSearchRequest) (s Search, err error)

StartSearchExtended launches a search using a StartSearchRequest object This function grants the maximum amount of control over the search starting process

func (*Client) StopSearch 

func (c *Client) StopSearch(id string) (err error)

StopSearch asks the search to stop progressing through the underlying data. The renderer maintains any data it currently has and the query is entirely usable, The data feed is just stopped. Issuing a Stop command to a query that is done has no affect. Meaning that if you attached to an archived search and issue a stop nothing happens. Requests to stop queries that you don't own return an error unless the caller is an admin

func (*Client) Sync 

func (c *Client) Sync() (err error)

Sync fetches some useful information for local reference, such as user details. It is typically not necessary to call this function; in the past, you had to call Sync immediately after authenticating, but the Login function now fetches the same information automatically.

func (*Client) Test 

func (c *Client) Test() error

Test checks if the webserver is responding to HTTP requests.

func (*Client) TestAddExtraction 

func (c *Client) TestAddExtraction(d types.AXDefinition) (wrs []types.WarnResp, err error)

TestAddExtraction validates an autoextractor definition.

func (*Client) TestGet 

func (c *Client) TestGet(path string) error

TestGet performs a GET request to the specified URL path, e.g. `/api/test`. It returns nil for response code 200 or an error otherwise.

func (*Client) TestIngest added in v3.8.6 

func (c *Client) TestIngest() (err error)

TestIngest returns whether or not this client is allowed to ingest data if ingest is allowed err will be nil

func (*Client) TestLogin 

func (c *Client) TestLogin() error

TestLogin checks if the client is successfully logged in, indicated by a nil return value.

func (*Client) TokenCapabilities added in v3.8.5 

func (c *Client) TokenCapabilities() (cl []string, err error)

func (*Client) TokenInfo added in v3.8.5 

func (c *Client) TokenInfo(id uuid.UUID) (t types.Token, err error)

func (*Client) UnlockUserAccount 

func (c *Client) UnlockUserAccount(id int32) error

LockUserAccount (admin-only) unlocks a user account.

func (*Client) UpdateAlert added in v3.8.23 

func (c *Client) UpdateAlert(def types.AlertDefinition) (result types.AlertDefinition, err error)

UpdateAlert modifies an alert. Make sure to have ThingUUID set, as this is used to resolve the appropriate alert to modify.

func (*Client) UpdateDashboard 

func (c *Client) UpdateDashboard(db *types.Dashboard) error

UpdateDashboard takes a types.Dashboard as an argument and updates the corresponding dashboard on the server to match.

func (*Client) UpdateExtraction 

func (c *Client) UpdateExtraction(d types.AXDefinition) (wrs []types.WarnResp, err error)

UpdateExtraction modifies an existing autoextractor. The UUID field of the definition passed in must match the UUID of an existing definition owned by the user.

func (*Client) UpdateFlow added in v3.8.2 

func (c *Client) UpdateFlow(ss types.ScheduledSearch) error

UpdateFlow is used to modify an existing flow.

func (*Client) UpdateFlowResults added in v3.8.2 

func (c *Client) UpdateFlowResults(ss types.ScheduledSearch) error

UpdateFlowResults is used to update the flow after it has been run. It only updates the LastRun, LastRunDuration, LastSearchIDs, and LastError fields.

func (*Client) UpdateGroup 

func (c *Client) UpdateGroup(gid int32, gdet types.GroupDetails) error

UpdateGroup (admin-only) will update the specified group's details.

func (*Client) UpdateMacro 

func (c *Client) UpdateMacro(m types.SearchMacro) error

UpdateMacro modifies an existing macro.

func (*Client) UpdateMetadata 

func (c *Client) UpdateMetadata(guid string, metadata types.ResourceMetadata) error

UpdateMetadata sets the specified resource's metadata.

func (*Client) UpdateNotification added in v3.8.10 

func (c *Client) UpdateNotification(id uint64, n types.Notification) error

UpdateNotification will update a notification using a notification ID

func (*Client) UpdatePlaybook 

func (c *Client) UpdatePlaybook(m types.Playbook) error

UpdatePlaybook modifies an existing playbook. The UUID or GUID field of the parameter must match an existing playbook on the system that the user has access to.

func (*Client) UpdateScheduledSearch 

func (c *Client) UpdateScheduledSearch(ss types.ScheduledSearch) error

UpdateScheduledSearch is used to modify an existing scheduled search.

func (*Client) UpdateScheduledSearchResults 

func (c *Client) UpdateScheduledSearchResults(ss types.ScheduledSearch) error

UpdateScheduledSearchResults is used to update the scheduled search after it has been run. It only updates the PersistentMaps, LastRun, LastRunDuration, LastSearchIDs, and LastError fields

func (*Client) UpdateSearchLibrary 

func (c *Client) UpdateSearchLibrary(sl types.WireSearchLibrary) (nsl types.WireSearchLibrary, err error)

UpdateSearchLibrary updates a specific search library entry.

func (*Client) UpdateSecret added in v3.8.16 

func (c *Client) UpdateSecret(id uuid.UUID, value string) (s types.Secret, err error)

UpdateSecret changes the value of a particular secret. The actual secret string will not be returned.

func (*Client) UpdateSecretDetails added in v3.8.17 

func (c *Client) UpdateSecretDetails(id uuid.UUID, sc types.SecretCreate) (s types.Secret, err error)

UpdateSecretDetails changes the details (not the value) of a particular secret. The actual secret string will not be returned.

func (*Client) UpdateToken added in v3.8.5 

func (c *Client) UpdateToken(id uuid.UUID, tr types.TokenCreate) (t types.Token, err error)

func (*Client) UpdateUserFile 

func (c *Client) UpdateUserFile(id uuid.UUID, pth string) (err error)

UpdateUserFile will push a new user file with name and description to the given GUID

func (*Client) UpdateUserFileMetadata 

func (c *Client) UpdateUserFileMetadata(id uuid.UUID, uf types.UserFileDetails) (err error)

UpdateUserFileMetadata will change every field of the user file but not the actual contents of the file

func (*Client) UpdateUserInfo 

func (c *Client) UpdateUserInfo(id int32, user, name, email string) error

AdminUpdateInfo changes basic information about the specified user. Admins can set any user's info, but regular users can only set their own.

func (*Client) UploadExtraction 

func (c *Client) UploadExtraction(b []byte) (wrs []types.WarnResp, err error)

UploadExtraction uploads a TOML-formatted byteslice containing one or more autoextractor definitions. Gravwell will parse these definitions and install or update autoextractors as appropriate.

func (*Client) UploadKit 

func (c *Client) UploadKit(p string) (pc types.KitState, err error)

UploadKit stages a kit file for installation. The parameter 'p' should be the path of a kit file on disk. A KitState object containing information about the kit is returned on success.

func (*Client) UploadLicenseFile 

func (c *Client) UploadLicenseFile(f string) ([]types.LicenseUpdateError, error)

UploadLicenseFile is an admin-only function to upload a new license to the Gravwell system. It takes a path to a license file as the argument.

func (*Client) UserChangePass 

func (c *Client) UserChangePass(id int32, orig, pass string) error

UserChangePass changes the given user's password. Any user may change their own password, but they must know the current password.

func (*Client) UserFiles 

func (c *Client) UserFiles() (ufds []types.UserFileDetails, err error)

UserFiles lists all the user files the logged in account has access to

func (*Client) ValidateAlertFlowConsumer added in v3.8.23 

func (c *Client) ValidateAlertFlowConsumer(flowID uuid.UUID, alert types.AlertDefinition) (resp types.AlertConsumerValidateResponse, err error)

ValidateAlertFlowConsumer validates an existing flow against a given alert, making sure it does not consume any fields not provided by the schema.

func (*Client) ValidateAlertScheduledSearchDispatcher added in v3.8.23 

func (c *Client) ValidateAlertScheduledSearchDispatcher(ssearchID uuid.UUID, schema types.AlertSchemas) (resp types.AlertDispatcherValidateResponse, err error)

ValidateAlertScheduledSearchDispatcher validates an existing scheduled search against a given schema.

func (*Client) WaitForSearch 

func (c *Client) WaitForSearch(s Search) (err error)

WaitForSearch sleeps until the given search is complete. If the search fails for some reason, WaitForSearch will return an error describing the reason for the failure.

func (*Client) WarnLogF 

func (c *Client) WarnLogF(format string, a ...interface{}) error

WarnLogF submits a log message to the webserver at the Warn log level.

func (*Client) WellData 

func (c *Client) WellData() (mp map[string]types.IndexerWellData, err error)

WellData returns information about the storage wells on the indexers. The return value is a map of indexer name strings to IndexerWellData objects.

type ClientError added in v3.8.23 

type ClientError struct {
	Status     string
	StatusCode int
	ErrorBody  string
}

func (*ClientError) Error added in v3.8.23 

func (e *ClientError) Error() string

type Opts added in v3.8.19 

type Opts struct {
	Server                 string
	UseHttps               bool
	InsecureNoEnforceCerts bool
	ObjLogger              objlog.ObjLog
}
type Search struct {
	ID        string
	RenderMod string

	types.StartSearchRequest
	// contains filtered or unexported fields
}

Search represents an search on the Gravwell system.

func (*Search) Exchange added in v3.8.6 

func (s *Search) Exchange(req, resp interface{}) (err error)

func (*Search) Ping added in v3.8.11 

func (s *Search) Ping() error

Ping sends a message via the search's websockets (if present) to keep the sockets open. If you intend to run a search and then wait a long time before interacting with it further, you should periodically call Ping() to keep the connection alive.

type SearchSockets 

type SearchSockets struct {
	Parse  *websocketRouter.SubProtoConn
	Search *websocketRouter.SubProtoConn
	Attach *websocketRouter.SubProtoConn
	Pong   *websocketRouter.SubProtoConn
	Client *websocketRouter.SubProtoClient
}

SearchSockets wraps up several different websocket subprotocols. Depending on the function used to obtain the SearchSockets object, not all subprotocols may be populated--refer to the individual function's documentation.

type VersionStruct 

type VersionStruct struct {
	Major    uint16
	Minor    uint16
	Revision uint16
}

func (VersionStruct) String 

func (v VersionStruct) String() string

String returns the version in the format <Major>.<Minor>.<Revision>, e.g. "4.1.0".

Source Files

View all Source files

Directories

Path Synopsis
kits
Package kits provides tools for interacting with kit archives directly.
 Package kits provides tools for interacting with kit archives directly.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.