Documentation ¶
Overview ¶
Package client wraps the Gravwell REST API.
Index ¶
- Constants
- Variables
- type ActiveSession
- type Client
- func (c *Client) AccessLogF(format string, a ...interface{}) error
- func (c *Client) AddDashboard(name, desc string, obj interface{}) (uint64, error)
- func (c *Client) AddExtraction(d types.AXDefinition) (id uuid.UUID, wrs []types.WarnResp, err error)
- func (c *Client) AddGroup(name, desc string) error
- func (c *Client) AddIndexer(dialstring string) (map[string]string, error)
- func (c *Client) AddMacro(m types.SearchMacro) (id uint64, err error)
- func (c *Client) AddPlaybook(name, desc string, body []byte) (uuid.UUID, error)
- func (c *Client) AddSelfTargetedNotification(notifType uint32, msg, link string, expiration time.Time) error
- func (c *Client) AddUser(user, pass, name, email string, admin bool) error
- func (c *Client) AddUserFile(name, desc, pth string) (guid uuid.UUID, err error)
- func (c *Client) AddUserFileDetails(meta types.UserFileDetails, pth string) (guid uuid.UUID, err error)
- func (c *Client) AddUserToGroup(uid, gid int32) error
- func (c *Client) AdminChangePass(id int32, pass string) error
- func (c *Client) AdminClearUserMFA(uid int32) error
- func (c *Client) AdminDeleteKit(id string) (err error)
- func (c *Client) AdminListKits() (pkgs []types.IdKitState, err error)
- func (c *Client) AdminMode() bool
- func (c *Client) AllNotifications() (n types.NotificationSet, err error)
- func (c *Client) AllUserFiles() (ufds []types.UserFileDetails, err error)
- func (c *Client) AttachSearch(id string) (s Search, err error)
- func (c *Client) BackgroundSearch(sid string) error
- func (c *Client) Backup(wtr io.Writer, includeSS bool) (err error)
- func (c *Client) BackupWithConfig(wtr io.Writer, cfg types.BackupConfig) (err error)
- func (c *Client) BuildKit(pbr types.KitBuildRequest) (r types.KitBuildResponse, err error)
- func (c *Client) CapabilityList() (cl []types.CapabilityDesc, err error)
- func (c *Client) CapabilityTemplateList() (cl []types.CapabilityTemplate, err error)
- func (c *Client) CheckApiVersion() (string, error)
- func (c *Client) ClearAdminMode()
- func (c *Client) ClearAllMFA(user, pass string, authtype types.AuthType, code string) error
- func (c *Client) ClearFlowError(id int32) error
- func (c *Client) ClearFlowState(id int32) error
- func (c *Client) ClearScheduledSearchError(id int32) error
- func (c *Client) ClearScheduledSearchState(id int32) error
- func (c *Client) ClearUserScheduledSearches(uid int32) error
- func (c *Client) CloneDashboard(origid uint64) (id uint64, err error)
- func (c *Client) CloneResource(guid string, newName string) (*types.ResourceMetadata, error)
- func (c *Client) Close() error
- func (c *Client) ConfigureMail(user, pass, server string, port uint16, useTLS, noVerify bool) error
- func (c *Client) CreateFlow(name, description, schedule, flow string, groups []int32) (int32, error)
- func (c *Client) CreateResource(name, description string, global bool, groups []int32) (*types.ResourceMetadata, error)
- func (c *Client) CreateScheduledScript(name, description, schedule, script string, lang types.ScriptLang, ...) (int32, error)
- func (c *Client) CreateScheduledSearch(name, description, schedule string, searchreference uuid.UUID, ...) (int32, error)
- func (c *Client) CreateScheduledSearchFromObject(s types.ScheduledSearch) (int32, error)
- func (c *Client) CreateSecret(sc types.SecretCreate) (sf types.Secret, err error)
- func (c *Client) CreateToken(tc types.TokenCreate) (tf types.TokenFull, err error)
- func (c *Client) CurrentUserCapabilities() (set []types.CapabilityDesc, err error)
- func (c *Client) CurrentUserCapabilityExplanations() (set []types.CapabilityExplanation, err error)
- func (c *Client) DebugAddHeaderValue(key, value string)
- func (c *Client) DebugAddQueryValue(key, value string)
- func (c *Client) DebugDeleteHeaderValue(key string)
- func (c *Client) DebugDeleteQueryValue(key string)
- func (c *Client) DeleteAlert(id uuid.UUID) (err error)
- func (c *Client) DeleteBuildKit(id string) (err error)
- func (c *Client) DeleteDashboard(id uint64) error
- func (c *Client) DeleteDashboardByGuid(id string) error
- func (c *Client) DeleteDefaultSearchGroup(uid int32) error
- func (c *Client) DeleteExtraction(uuid string) (wrs []types.WarnResp, err error)
- func (c *Client) DeleteFlow(id int32) error
- func (c *Client) DeleteGroup(gid int32) error
- func (c *Client) DeleteKit(id string) (err error)
- func (c *Client) DeleteKitBuildHistory(id string) error
- func (c *Client) DeleteKitEx(id string) ([]types.SourcedKitItem, error)
- func (c *Client) DeleteMacro(id uint64) error
- func (c *Client) DeleteMailConfig() error
- func (c *Client) DeleteNotification(id uint64) error
- func (c *Client) DeletePivot(guid uuid.UUID) (err error)
- func (c *Client) DeletePlaybook(id uuid.UUID) error
- func (c *Client) DeletePreferences(id int32) error
- func (c *Client) DeleteResource(guid string) error
- func (c *Client) DeleteScheduledSearch(id int32) error
- func (c *Client) DeleteSearch(sid string) error
- func (c *Client) DeleteSearchLibrary(id uuid.UUID) (err error)
- func (c *Client) DeleteSecret(id uuid.UUID) (err error)
- func (c *Client) DeleteTemplate(guid uuid.UUID) (err error)
- func (c *Client) DeleteToken(id uuid.UUID) (err error)
- func (c *Client) DeleteUser(id int32) error
- func (c *Client) DeleteUserFile(id uuid.UUID) (err error)
- func (c *Client) DeleteUserFromGroup(uid, gid int32) error
- func (c *Client) DeploymentInfo() (di types.DeploymentInfo, err error)
- func (c *Client) DetachSearch(s Search)
- func (c *Client) DialWebsocket(pth string) (conn *websocket.Conn, resp *http.Response, err error)
- func (c *Client) DownloadRequest(url string) (resp *http.Response, err error)
- func (c *Client) DownloadRequestWithContext(url string, ctx context.Context) (resp *http.Response, err error)
- func (c *Client) DownloadSearch(sid string, tr types.TimeRange, format string) (r io.ReadCloser, err error)
- func (c *Client) ErrorLogF(format string, a ...interface{}) error
- func (c *Client) ExploreGenerate(tag string, ents []types.SearchEntry) (mp map[string][]types.GenerateAXResponse, err error)
- func (c *Client) ExportLoginToken() (token string, err error)
- func (c *Client) ExtractionSupportedEngines() (v []string, err error)
- func (c *Client) ForceDeleteKit(id string) (err error)
- func (c *Client) ForgetIngester(id uuid.UUID) (err error)
- func (c *Client) GenerateRecoveryCodes(user, pass string, authtype types.AuthType, code string) (codes types.RecoveryCodes, err error)
- func (c *Client) GetAlert(id uuid.UUID) (result types.AlertDefinition, err error)
- func (c *Client) GetAlertSampleEvent(id uuid.UUID) (result types.Event, err error)
- func (c *Client) GetAlerts() (result []types.AlertDefinition, err error)
- func (c *Client) GetAlertsByConsumer(consumerID string, consumerType types.AlertConsumerType) (result []types.AlertDefinition, err error)
- func (c *Client) GetAlertsByDispatcher(dispatcherID string, dispatcherType types.AlertDispatcherType) (result []types.AlertDefinition, err error)
- func (c *Client) GetAllDashboards() ([]types.Dashboard, error)
- func (c *Client) GetAllMacros() ([]types.SearchMacro, error)
- func (c *Client) GetAllPlaybooks() (pbs []types.Playbook, err error)
- func (c *Client) GetAllPreferences() (types.UserPreferences, error)
- func (c *Client) GetAllResourceList() (rm []types.ResourceMetadata, err error)
- func (c *Client) GetAllScheduledSearches() ([]types.ScheduledSearch, error)
- func (c *Client) GetAllUsers() ([]types.UserDetails, error)
- func (c *Client) GetApiVersion() (types.ApiInfo, error)
- func (c *Client) GetAttachSockets() (*SearchSockets, error)
- func (c *Client) GetAvailableEntryCount(s Search) (uint64, bool, error)
- func (c *Client) GetCalendarStats(start, end time.Time, wells []string) ([]types.CalendarEntry, error)
- func (c *Client) GetChartResults(s Search, start, end uint64) (resp types.ChartResponse, err error)
- func (c *Client) GetChartTsRange(s Search, start, end time.Time, first, last uint64) (types.ChartResponse, error)
- func (c *Client) GetDashboard(id uint64) (types.Dashboard, error)
- func (c *Client) GetDashboardByGuid(guid string) (types.Dashboard, error)
- func (c *Client) GetDefaultSearchGroup(uid int32) (gid int32, err error)
- func (c *Client) GetEntries(s Search, start, end uint64) ([]types.StringTagEntry, error)
- func (c *Client) GetExploreEntries(s Search, start, end uint64) ([]types.SearchEntry, []types.ExploreResult, error)
- func (c *Client) GetExtraction(uuid string) (d types.AXDefinition, err error)
- func (c *Client) GetExtractions() (dfs []types.AXDefinition, err error)
- func (c *Client) GetFdgResults(s Search, start, end uint64) (types.FdgResponse, error)
- func (c *Client) GetFdgTsRange(s Search, start, end time.Time, first, last uint64) (types.FdgResponse, error)
- func (c *Client) GetFlow(id interface{}) (types.ScheduledSearch, error)
- func (c *Client) GetFlowList() ([]types.ScheduledSearch, error)
- func (c *Client) GetFullSecret(id uuid.UUID) (s types.SecretFull, err error)
- func (c *Client) GetGaugeResults(s Search, start, end uint64) (types.GaugeResponse, error)
- func (c *Client) GetGaugeTsRange(s Search, start, end time.Time, first, last uint64) (types.GaugeResponse, error)
- func (c *Client) GetGroup(id int32) (types.GroupDetails, error)
- func (c *Client) GetGroupCapabilities(gid int32) (cs types.CapabilityState, err error)
- func (c *Client) GetGroupDashboards(id int32) ([]types.Dashboard, error)
- func (c *Client) GetGroupList() ([]types.GroupDetails, error)
- func (c *Client) GetGroupMacros(id int32) ([]types.SearchMacro, error)
- func (c *Client) GetGroupMap() (map[int32]string, error)
- func (c *Client) GetGroupTagAccess(gid int32) (ta types.TagAccess, err error)
- func (c *Client) GetGroupUsers(gid int32) ([]types.UserDetails, error)
- func (c *Client) GetGroups() ([]types.GroupDetails, error)
- func (c *Client) GetGuiSettings() (types.GUISettings, error)
- func (c *Client) GetHeatmapResults(s Search, start, end uint64, fence types.Geofence) (types.HeatmapResponse, error)
- func (c *Client) GetHeatmapTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.HeatmapResponse, error)
- func (c *Client) GetHexResults(s Search, start, end uint64) (types.TextResponse, error)
- func (c *Client) GetHexTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)
- func (c *Client) GetIndexStats() (map[string]types.IdxStats, error)
- func (c *Client) GetIndexerCalendarStats(indexer uuid.UUID, start, end time.Time, wells []string) ([]types.CalendarEntry, error)
- func (c *Client) GetIndexerStorageStats(indexer uuid.UUID) (map[string]types.PerWellStorageStats, error)
- func (c *Client) GetIngesterStats() (map[string]types.IngestStats, error)
- func (c *Client) GetLibFile(repo, commit, fn string) (bts []byte, err error)
- func (c *Client) GetLicenseDistributionState() (ds types.LicenseDistributionStatus, err error)
- func (c *Client) GetLicenseInfo() (li types.LicenseInfo, err error)
- func (c *Client) GetLicenseSKU() (sku string, err error)
- func (c *Client) GetLicenseSerial() (serial string, err error)
- func (c *Client) GetLogLevel() (string, error)
- func (c *Client) GetMFAInfo() (resp types.MFAInfo, err error)
- func (c *Client) GetMacro(id uint64) (types.SearchMacro, error)
- func (c *Client) GetMyPreferences(obj interface{}) error
- func (c *Client) GetNumbercardResults(s Search, start, end uint64) (types.GaugeResponse, error)
- func (c *Client) GetNumbercardTsRange(s Search, start, end time.Time, first, last uint64) (types.GaugeResponse, error)
- func (c *Client) GetP2PResults(s Search, start, end uint64, fence types.Geofence) (types.P2PResponse, error)
- func (c *Client) GetP2PTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.P2PResponse, error)
- func (c *Client) GetPcapResults(s Search, start, end uint64) (types.TextResponse, error)
- func (c *Client) GetPcapTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)
- func (c *Client) GetPingStates() (map[string]string, error)
- func (c *Client) GetPivot(guid uuid.UUID) (pivot types.WirePivot, err error)
- func (c *Client) GetPlaybook(id uuid.UUID) (types.Playbook, error)
- func (c *Client) GetPointmapResults(s Search, start, end uint64, fence types.Geofence) (types.PointmapResponse, error)
- func (c *Client) GetPointmapTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.PointmapResponse, error)
- func (c *Client) GetPreferences(id int32, obj interface{}) error
- func (c *Client) GetRawResults(s Search, start, end uint64) (types.TextResponse, error)
- func (c *Client) GetRawTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)
- func (c *Client) GetRefinedSearchHistory(s string) ([]types.SearchLog, error)
- func (c *Client) GetResource(name string) ([]byte, error)
- func (c *Client) GetResourceList() (rm []types.ResourceMetadata, err error)
- func (c *Client) GetResourceMetadata(guid string) (*types.ResourceMetadata, error)
- func (c *Client) GetScheduledSearch(id interface{}) (types.ScheduledSearch, error)
- func (c *Client) GetScheduledSearchList() ([]types.ScheduledSearch, error)
- func (c *Client) GetSearchAgentCheckin() (ci types.SearchAgentCheckin, err error)
- func (c *Client) GetSearchHistory() ([]types.SearchLog, error)
- func (c *Client) GetSearchHistoryRange(start, end int) ([]types.SearchLog, error)
- func (c *Client) GetSearchLibrary(id uuid.UUID) (sl types.WireSearchLibrary, err error)
- func (c *Client) GetSearchMetadata(s Search) (sm types.SearchMetadata, err error)
- func (c *Client) GetSearchSockets() (*SearchSockets, error)
- func (c *Client) GetStackGraphResults(s Search, start, end uint64) (types.StackGraphResponse, error)
- func (c *Client) GetStackGraphTsRange(s Search, start, end time.Time, first, last uint64) (types.StackGraphResponse, error)
- func (c *Client) GetStatSocket(subProto string) (*websocketRouter.SubProtoConn, *websocketRouter.SubProtoClient, error)
- func (c *Client) GetStorageStats() (map[string]types.StorageStats, error)
- func (c *Client) GetSystemDescriptions() (map[string]types.SysInfo, error)
- func (c *Client) GetSystemStats() (map[string]types.SysStats, error)
- func (c *Client) GetTOTPSetup(user, pass string) (types.MFATOTPSetupResponse, error)
- func (c *Client) GetTOTPSetupEx(user, pass string, authtype types.AuthType, code string) (types.MFATOTPSetupResponse, error)
- func (c *Client) GetTableResults(s Search, start, end uint64) (types.TableResponse, error)
- func (c *Client) GetTableTsRange(s Search, start, end time.Time, first, last uint64) (types.TableResponse, error)
- func (c *Client) GetTags() ([]string, error)
- func (c *Client) GetTemplate(guid uuid.UUID) (template types.WireUserTemplate, err error)
- func (c *Client) GetTextResults(s Search, first, last uint64) (types.TextResponse, error)
- func (c *Client) GetTextTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)
- func (c *Client) GetUserCapabilities(uid int32) (cs types.CapabilityState, err error)
- func (c *Client) GetUserCapabilityExplanations(uid int32) (cs []types.CapabilityExplanation, err error)
- func (c *Client) GetUserDashboards(id int32) ([]types.Dashboard, error)
- func (c *Client) GetUserFile(id uuid.UUID) (bts []byte, err error)
- func (c *Client) GetUserFileDetails(id uuid.UUID) (dets types.UserFileDetails, err error)
- func (c *Client) GetUserGroups(uid int32) ([]types.GroupDetails, error)
- func (c *Client) GetUserGroupsDashboards() ([]types.Dashboard, error)
- func (c *Client) GetUserGroupsMacros() ([]types.SearchMacro, error)
- func (c *Client) GetUserInfo(id int32) (types.UserDetails, error)
- func (c *Client) GetUserList() ([]types.UserDetails, error)
- func (c *Client) GetUserMacros(id int32) ([]types.SearchMacro, error)
- func (c *Client) GetUserMap() (map[int32]string, error)
- func (c *Client) GetUserPlaybooks() ([]types.Playbook, error)
- func (c *Client) GetUserScheduledSearches(uid int32) ([]types.ScheduledSearch, error)
- func (c *Client) GetUserSearchHistory(uid int32) ([]types.SearchLog, error)
- func (c *Client) GetUserTagAccess(uid int32) (ta types.TagAccess, err error)
- func (c *Client) Groups() (gps []types.GroupDetails, err error)
- func (c *Client) HasCapability(cp types.Capability) bool
- func (c *Client) Impersonate(uid int32) (nc *Client, err error)
- func (c *Client) ImportLoginToken(token string) (err error)
- func (c *Client) ImportSearch(rdr io.Reader, gid int32) (err error)
- func (c *Client) ImportSearchBatchInfo(rdr io.Reader, gid int32, name, info string) (err error)
- func (c *Client) InfoLogF(format string, a ...interface{}) error
- func (c *Client) Ingest(rdr io.Reader, tag, src string, ignoreTimestamp, assumeLocalTimezone bool) (resp types.IngestResponse, err error)
- func (c *Client) IngestEntries(entries []types.StringTagEntry) error
- func (c *Client) IngestFile(file, tag, src string, ignoreTimestamp, assumeLocalTimezone bool) (resp types.IngestResponse, err error)
- func (c *Client) IngestInternal(entries []types.StringTagEntry) error
- func (c *Client) InheritSession(sess *ActiveSession) (bool, error)
- func (c *Client) InitLicense(b []byte) error
- func (c *Client) InstallKit(id string, cfg types.KitConfig) (err error)
- func (c *Client) InstallTOTPSetup(user, pass, code string) (types.MFATOTPInstallResponse, error)
- func (c *Client) IsAdmin() (bool, error)
- func (c *Client) KitDownloadRequest(id string) (*http.Response, error)
- func (c *Client) KitInfo(id uuid.UUID) (ki types.IdKitState, err error)
- func (c *Client) KitStatuses() (statuses []types.InstallStatus, err error)
- func (c *Client) LicenseInitRequired() bool
- func (c *Client) ListAllPivots() (pivots []types.WirePivot, err error)
- func (c *Client) ListAllSearchLibrary() (wsl []types.WireSearchLibrary, err error)
- func (c *Client) ListAllSearchStatuses() ([]types.SearchCtrlStatus, error)
- func (c *Client) ListAllTemplates() (templates []types.WireUserTemplate, err error)
- func (c *Client) ListKitBuildHistory() (hist []types.KitBuildRequest, err error)
- func (c *Client) ListKits() (pkgs []types.IdKitState, err error)
- func (c *Client) ListPivots() (pivots []types.WirePivot, err error)
- func (c *Client) ListRemoteKits(all bool) (mds []types.KitMetadata, err error)
- func (c *Client) ListSearchDetails() ([]types.SearchInfo, error)
- func (c *Client) ListSearchLibrary() (wsl []types.WireSearchLibrary, err error)
- func (c *Client) ListSearchStatuses() ([]types.SearchCtrlStatus, error)
- func (c *Client) ListSecrets() (s []types.Secret, err error)
- func (c *Client) ListTemplates() (templates []types.WireUserTemplate, err error)
- func (c *Client) ListTokens() (ts []types.Token, err error)
- func (c *Client) LockUserAccount(id int32) error
- func (c *Client) LoggedIn() bool
- func (c *Client) Login(user, pass string) error
- func (c *Client) LoginEx(user, pass string) (types.LoginResponse, error)
- func (c *Client) LoginWithAPIToken(token string) (err error)
- func (c *Client) Logout() error
- func (c *Client) LogoutAll() error
- func (c *Client) LookupGroup(groupname string) (gd types.GroupDetails, err error)
- func (c *Client) LookupResourceGUID(name string) (string, error)
- func (c *Client) LookupUser(username string) (ud types.UserDetails, err error)
- func (c *Client) MFALogin(user, pass string, authtype types.AuthType, code string) (types.LoginResponse, error)
- func (c *Client) MailConfig() (mc types.UserMailConfig, err error)
- func (c *Client) ModifyKit(id string, cfg types.KitConfig) (report types.KitModifyReport, err error)
- func (c *Client) MyAdminStatus() bool
- func (c *Client) MyInfo() (types.UserDetails, error)
- func (c *Client) MyNewNotificationCount() (int, error)
- func (c *Client) MyNewNotifications() (types.NotificationSet, error)
- func (c *Client) MyNotificationCount() (int, error)
- func (c *Client) MyNotifications() (types.NotificationSet, error)
- func (c *Client) MySessions() ([]types.Session, error)
- func (c *Client) MyUID() int32
- func (c *Client) NewAlert(def types.AlertDefinition) (result types.AlertDefinition, err error)
- func (c *Client) NewPivot(guid uuid.UUID, name, description string, contents types.RawObject) (storedGuid uuid.UUID, err error)
- func (c *Client) NewSearchLibrary(sl types.WireSearchLibrary) (wsl types.WireSearchLibrary, err error)
- func (c *Client) NewTemplate(guid uuid.UUID, name, description string, contents types.RawObject) (details types.WireUserTemplate, err error)
- func (c *Client) ParseFlow(flow string) (outputPayloads map[int]map[string]interface{}, err error)
- func (c *Client) ParseReactiveFlow(flow string, event types.Event) (outputPayloads map[int]map[string]interface{}, err error)
- func (c *Client) ParseScheduledScript(data string, lang types.ScriptLang) (line, column int, err error)
- func (c *Client) ParseSearch(query string) (err error)
- func (c *Client) ParseSearchWithResponse(query string, filters []types.FilterRequest) (psr types.ParseSearchResponse, err error)
- func (c *Client) PopulateResource(guid string, data []byte) error
- func (c *Client) PopulateResourceFromReader(guid string, data io.Reader) (err error)
- func (c *Client) PullKit(guid uuid.UUID) (pc types.KitState, err error)
- func (c *Client) PurgeUser(id int32) error
- func (c *Client) PutMyPreferences(obj interface{}) error
- func (c *Client) PutPreferences(id int32, obj interface{}) error
- func (c *Client) RefreshLoginToken() (err error)
- func (c *Client) RequestTimeout() (time.Duration, error)
- func (c *Client) Restore(rdr io.Reader) (err error)
- func (c *Client) RestoreEncrypted(rdr io.Reader, password string) (err error)
- func (c *Client) SaveSearch(sid string, ssp ...types.SaveSearchPatch) error
- func (c *Client) ScheduledSearchCheckin(cfg types.SearchAgentConfig) error
- func (c *Client) SearchDownloadRequest(id, format string, tr types.TimeRange) (resp *http.Response, err error)
- func (c *Client) SearchDownloadRequestWithContext(id, format string, tr types.TimeRange, ctx context.Context) (resp *http.Response, err error)
- func (c *Client) SearchInfo(sid string) (types.SearchInfo, error)
- func (c *Client) SearchStatus(sid string) (types.SearchCtrlStatus, error)
- func (c *Client) SecretInfo(id uuid.UUID) (s types.Secret, err error)
- func (c *Client) SendMail(from string, to []string, subject string, body string, ...) error
- func (c *Client) SendPrebuiltMail(msg types.UserMail) error
- func (c *Client) Server() string
- func (c *Client) ServerIP() net.IP
- func (c Client) SessionData() (ActiveSession, error)
- func (c *Client) Sessions(id int32) ([]types.Session, error)
- func (c *Client) SetAdmin(id int32, admin bool) error
- func (c *Client) SetAdminMode()
- func (c *Client) SetDefaultSearchGroup(uid int32, gid int32) error
- func (c *Client) SetGlobal(sid string, global bool) error
- func (c *Client) SetGroup(sid string, gid int32) error
- func (c *Client) SetGroupCapabilities(gid int32, cs types.CapabilityState) (err error)
- func (c *Client) SetGroupTagAccess(gid int32, ta types.TagAccess) (err error)
- func (c *Client) SetGroups(sid string, gids []int32) error
- func (c *Client) SetLogLevel(level string) error
- func (c *Client) SetNoCache(v bool)
- func (c *Client) SetPivot(guid uuid.UUID, pivot types.WirePivot) (details types.WirePivot, err error)
- func (c *Client) SetRequestTimeout(to time.Duration) error
- func (c *Client) SetTemplate(guid uuid.UUID, template types.WireUserTemplate) (details types.WireUserTemplate, err error)
- func (c *Client) SetUserAgent(v string) error
- func (c *Client) SetUserCapabilities(uid int32, cs types.CapabilityState) (err error)
- func (c *Client) SetUserTagAccess(uid int32, ta types.TagAccess) (err error)
- func (c *Client) StartBackgroundSearch(query string, start, end time.Time, nohistory bool) (s Search, err error)
- func (c *Client) StartFilteredSearch(query string, start, end time.Time, nohistory bool, ...) (s Search, err error)
- func (c *Client) StartSearch(query string, start, end time.Time, nohistory bool) (s Search, err error)
- func (c *Client) StartSearchEx(sr types.StartSearchRequest) (s Search, err error)
- func (c *Client) State() ClientState
- func (c *Client) StopSearch(id string) (err error)
- func (c *Client) Sync() (err error)
- func (c *Client) TOTPClear(user, pass string, authtype types.AuthType, code string) error
- func (c *Client) TOTPLogin(user, pass, code string) (types.LoginResponse, error)
- func (c *Client) Test() error
- func (c *Client) TestAddExtraction(d types.AXDefinition) (wrs []types.WarnResp, err error)
- func (c *Client) TestGet(path string) error
- func (c *Client) TestIngest() (err error)
- func (c *Client) TestLogin() error
- func (c *Client) TokenCapabilities() (cl []string, err error)
- func (c *Client) TokenInfo(id uuid.UUID) (t types.Token, err error)
- func (c *Client) UnlockUserAccount(id int32) error
- func (c *Client) UpdateAlert(def types.AlertDefinition) (result types.AlertDefinition, err error)
- func (c *Client) UpdateDashboard(db *types.Dashboard) error
- func (c *Client) UpdateExtraction(d types.AXDefinition) (wrs []types.WarnResp, err error)
- func (c *Client) UpdateFlow(ss types.ScheduledSearch) error
- func (c *Client) UpdateFlowResults(ss types.ScheduledSearch) error
- func (c *Client) UpdateGroup(gid int32, gdet types.GroupDetails) error
- func (c *Client) UpdateMacro(m types.SearchMacro) error
- func (c *Client) UpdateMetadata(guid string, metadata types.ResourceMetadata) error
- func (c *Client) UpdateNotification(id uint64, n types.Notification) error
- func (c *Client) UpdatePlaybook(m types.Playbook) error
- func (c *Client) UpdateScheduledSearch(ss types.ScheduledSearch) error
- func (c *Client) UpdateScheduledSearchResults(ss types.ScheduledSearch) error
- func (c *Client) UpdateSearchLibrary(sl types.WireSearchLibrary) (nsl types.WireSearchLibrary, err error)
- func (c *Client) UpdateSecret(id uuid.UUID, value string) (s types.Secret, err error)
- func (c *Client) UpdateSecretDetails(id uuid.UUID, sc types.SecretCreate) (s types.Secret, err error)
- func (c *Client) UpdateToken(id uuid.UUID, tr types.TokenCreate) (t types.Token, err error)
- func (c *Client) UpdateUserFile(id uuid.UUID, pth string) (err error)
- func (c *Client) UpdateUserFileMetadata(id uuid.UUID, uf types.UserFileDetails) (err error)
- func (c *Client) UpdateUserInfo(id int32, user, name, email string) error
- func (c *Client) UploadExtraction(b []byte) (wrs []types.WarnResp, err error)
- func (c *Client) UploadKit(p string) (pc types.KitState, err error)
- func (c *Client) UploadLicenseFile(f string) ([]types.LicenseUpdateError, error)
- func (c *Client) UserChangePass(id int32, orig, pass string) error
- func (c *Client) UserFiles() (ufds []types.UserFileDetails, err error)
- func (c *Client) ValidateAlertFlowConsumer(flowID uuid.UUID, alert types.AlertDefinition) (resp types.AlertConsumerValidateResponse, err error)
- func (c *Client) ValidateAlertScheduledSearchDispatcher(ssearchID uuid.UUID, schema types.AlertSchemas) (resp types.AlertDispatcherValidateResponse, err error)
- func (c *Client) WaitForSearch(s Search) (err error)
- func (c *Client) WarnLogF(format string, a ...interface{}) error
- func (c *Client) WellData() (mp map[string]types.IndexerWellData, err error)
- type ClientError
- type ClientState
- type Opts
- type Search
- type SearchSockets
- type VersionStruct
Constants ¶
const ( // Websocket subprotocols PROTO_PING string = "ping" PROTO_IDX string = "idxStats" PROTO_SYS string = "sysStats" PROTO_DESC string = "sysDesc" PROTO_IGST string = "igstStats" PROTO_PONG string = `PONG` PROTO_PARSE string = `parse` PROTO_SEARCH string = `search` PROTO_ATTACH string = `attach` STAT_R_SIZE = 1024 STAT_W_SIZE = 1024 )
const ( // login field names USER_FIELD string = "User" PASS_FIELD string = "Pass" // API paths LOGIN_URL = `/api/login` LOGOUT_URL = `/api/logout` MFA_URL = `/api/mfa` MFA_CLEAR_ALL_URL = `/api/mfa/clear` MFA_LOGIN_URL = `/api/login/mfa` MFA_TOTP_SETUP_URL = `/api/mfa/totp/setup` MFA_TOTP_CLEAR_URL = `/api/mfa/totp/clear` MFA_RECOVERY_GENERATE_PATH = "/api/mfa/recoverycodes/generate" TEMP_TOKEN_URL = `/api/login/tmptoken` REFRESH_TOKEN_URL = `/api/login/refreshtoken` USER_INFO_URL = `/api/info/whoami` DESC_URL = `/api/stats/sysDesc` STATE_URL = `/api/stats/ping` STATS_URL = `/api/stats/sysStats` IDX_URL = `/api/stats/idxStats` INGESTER_URL = `/api/stats/igstStats` WELLS_URL = `/api/stats/wellStats` STORAGE_URL = `/api/stats/storage/indexers` STORAGE_INDEXER_URL = `/api/stats/storage/indexer/%s/wells` CALENDAR_URL = `/api/stats/storage/calendar` CALENDAR_INDEXER_URL = `/api/stats/storage/indexer/%s/calendar` ADD_USER_URL = `/api/users` USERS_LIST_URL = `/api/users` USERS_INFO_URL = `/api/users/%d` USERS_LOCK_URL = `/api/users/%d/lock` USERS_LOCKED_URL = `/api/users/%d/locked` USERS_DASHBOARD_URL = `/api/users/%d/dashboards` USERS_MACROS_URL = `/api/users/%d/macros` USERS_PREFS_URL = `/api/users/%d/preferences` USERS_ALL_PREFS_URL = `/api/users/preferences` USERS_ADMIN_URL = `/api/users/%d/admin` USERS_ADMIN_SU_PATH = `/api/users/su/%d` USER_SESSIONS_URL = `/api/users/%d/sessions` CHANGE_PASS_URL = `/api/users/%d/pwd` USERS_GROUP_URL = `/api/users/%d/group` USERS_GROUP_ID_URL = `/api/users/%d/group/%d` USERS_SEARCH_GROUP_URL = `/api/users/%d/searchgroup` USERS_MFA_CLEAR_URL = `/api/users/%d/mfa/clear` WS_STAT_URL = `/api/ws/stats` WS_SEARCH_URL = `/api/ws/search` WS_ATTACH_URL = `/api/ws/attach/%s` PARSE_URL = `/api/parse` API_VERSION_URL = `/api/version` GROUP_ID_URL = `/api/groups/%d` GROUP_MEMBERS_URL = `/api/groups/%d/members` GROUP_DASHBOARD_URL = `/api/groups/%d/dashboards` GROUP_MACROS_URL = `/api/groups/%d/macros` GROUP_URL = `/api/groups` SEARCH_CTRL_LIST_URL = `/api/searchctrl` SEARCH_CTRL_LIST_DETAILS_URL = `/api/searchctrl/details` SEARCH_CTRL_LIST_ALL_URL = `/api/searchctrl/all` SEARCH_CTRL_URL = `/api/searchctrl/%s` SEARCH_CTRL_ATTACH_URL = `/api/searchctrl/%s/attach` SEARCH_CTRL_DETAILS = `/api/searchctrl/%s/details` SEARCH_CTRL_BACKGROUND_URL = `/api/searchctrl/%s/background` SEARCH_CTRL_GROUP_URL = `/api/searchctrl/%s/group` SEARCH_CTRL_GROUPS_URL = `/api/searchctrl/%s/groups` SEARCH_CTRL_GLOBAL_URL = `/api/searchctrl/%s/global` SEARCH_CTRL_SAVE_URL = `/api/searchctrl/%s/save` SEARCH_CTRL_STOP_URL = `/api/searchctrl/%s/stop` SEARCH_CTRL_DOWNLOAD_URL = `/api/searchctrl/%s/download/%s` SEARCH_CTRL_PING_URL = `/api/searchctrl/%s/ping` SEARCH_CTRL_DETACH_URL = `/api/searchctrl/%s/detach` SEARCH_CTRL_STATS_URL = `/api/searchctrl/%s/stats` SEARCH_CTRL_STATS_OVERVIEW_URL = `/api/searchctrl/%s/stats/overview` SEARCH_CTRL_EXPLORE_URL = `/api/searchctrl/%s/renderer/%s/explore` SEARCH_CTRL_IMPORT_URL = `/api/searchctrl/import` SEARCH_CTRL_LAUNCH_URL = `/api/searchctrl/launch` SEARCH_HISTORY_URL = `/api/searchhistory/%s/%d` NOTIFICATIONS_URL = `/api/notifications` NOTIFICATIONS_ID_URL = `/api/notifications/%d` NOTIFICATIONS_SELF_TARGETED_URL = `/api/notifications/targeted/self` LOGGING_PATH_URL = `/api/logging` TEST_URL = `/api/test` TEST_AUTH_URL = `/api/testauth` DASHBOARD_URL = `/api/dashboards/%v` DASHBOARD_MY_URL = `/api/dashboards` DASHBOARD_ALL_URL = `/api/dashboards/all` DASHBOARD_CLONE_URL = `/api/dashboards/%d/clone` MACROS_URL = `/api/macros` MACROS_ALL_URL = `/api/macros/all` MACROS_ID_URL = `/api/macros/%d` LICENSE_INFO_URL = `/api/license` LICENSE_SKU_URL = `/api/license/sku` LICENSE_SERIAL_URL = `/api/license/serial` LICENSE_UPDATE_URL = `/api/license/update` RESOURCES_LIST_URL = "/api/resources" RESOURCES_GUID_URL = "/api/resources/%s" RESOURCES_GUID_RAW_URL = "/api/resources/%s/raw" RESOURCES_GUID_CLONE_URL = "/api/resources/%s/clone" RESOURCES_LOOKUP_URL = "/api/resources/lookup/%s" SCHEDULED_SEARCH_URL = "/api/scheduledsearches" SCHEDULED_SEARCH_ALL_URL = "/api/scheduledsearches/all" SCHEDULED_SEARCH_ID_URL = "/api/scheduledsearches/%v" SCHEDULED_SEARCH_RESULTS_ID_URL = "/api/scheduledsearches/%d/results" SCHEDULED_SEARCH_ERROR_ID_URL = "/api/scheduledsearches/%d/error" SCHEDULED_SEARCH_STATE_ID_URL = "/api/scheduledsearches/%d/state" SCHEDULED_SEARCH_CANCEL_ID_URL = "/api/scheduledsearches/%d/cancel" SCHEDULED_SEARCH_USER_URL = "/api/scheduledsearches/user/%d" SCHEDULED_SEARCH_CHECKIN_URL = "/api/scheduledsearches/checkin" SCHEDULED_SEARCH_PARSE = "/api/scheduledsearches/parse" FLOW_URL = "/api/flows" FLOW_ID_URL = "/api/flows/%v" FLOW_RESULTS_ID_URL = "/api/flows/%d/results" FLOW_ERROR_ID_URL = "/api/flows/%d/error" FLOW_STATE_ID_URL = "/api/flows/%d/state" FLOW_CANCEL_ID_URL = "/api/flows/%d/cancel" FLOW_USER_URL = "/api/flows/user/%d" FLOW_PARSE_URL = "/api/flows/parse" MAIL_URL = "/api/mail" MAIL_CONFIGURE_URL = `/api/mail/configure` JSON_INGEST_URL = "/api/ingest/json" LINES_INGEST_URL = "/api/ingest/lines" INTERNAL_INGEST_URL = "/api/ingest/internal" TEST_INGEST_URL = "/api/ingest/test" TAGS_URL = "/api/tags" INDEXER_MANAGE_ADD_URL = "/api/indexer/manage/add" KIT_URL = `/api/kits` KIT_ID_URL = `/api/kits/%s` KIT_BUILD_URL = `/api/kits/build` KIT_BUILD_ID_URL = `/api/kits/build/%s` KIT_STATUS_URL = `/api/kits/status` KIT_STATUS_ID_URL = `/api/kits/status/%s` KIT_REMOTE_LIST_URL = `/api/kits/remote/list` KIT_REMOTE_LIST_ALL_URL = `/api/kits/remote/list/all` KIT_BUILD_HISTORY_URL = `/api/kits/build/history` KIT_BUILD_HISTORY_ID_URL = `/api/kits/build/history/%s` EXTRACTORS_URL = `/api/autoextractors` EXTRACTORS_UPLOAD_URL = `/api/autoextractors/upload` EXTRACTORS_TEST_URL = `/api/autoextractors/test` EXTRACTORS_ID_URL = `/api/autoextractors/%s` EXTRACTORS_SYNC_URL = `/api/autoextractors/sync` EXTRACTORS_ENGINES_URL = `/api/autoextractors/engines` EXPLORE_GENERATE_URL = `/api/explore/generate` TEMPLATES_URL = "/api/templates" TEMPLATES_ID_URL = "/api/templates/%s" TEMPLATES_ID_DETAILS_URL = "/api/templates/%s/details" PIVOTS_URL = "/api/pivots" PIVOTS_ID_URL = "/api/pivots/%s" PIVOTS_ID_DETAILS_URL = "/api/pivots/%s/details" USER_FILES_URL = "/api/files" USER_FILES_ID_URL = "/api/files/%s" USER_FILES_ID_DETAILS_URL = "/api/files/%s/details" LIBRARY_URL = "/api/library" LIBRARY_ID_URL = "/api/library/%s" LIBS_URL = `/api/libs` CAPABILITY_LIST_URL = `/api/info/capabilities` CAPABILITY_TEMPLATE_LIST_URL = `/api/info/capabilities/templates` CAPABILITY_CURRENT_USER_LIST_URL = `/api/info/capabilities/my` CAPABILITY_CURRENT_USER_WHY_URL = `/api/info/capabilities/why` CAPABILITY_USER_URL = `/api/users/%d/capabilities` CAPABILITY_USER_WHY_URL = `/api/users/%d/capabilities/why` CAPABILITY_GROUP_URL = `/api/groups/%d/capabilities` GROUP_TAG_ACCESS_URL = `/api/groups/%d/tags` USER_TAG_ACCESS_URL = `/api/users/%d/tags` PLAYBOOKS_URL = `/api/playbooks` PLAYBOOKS_ID_URL = `/api/playbooks/%s` BACKUP_URL = `/api/backup` DEPLOYMENT_URL = `/api/deployment` TOKENS_URL = `/api/tokens` TOKENS_ID_URL = `/api/tokens/%s` TOKENS_CAPABILITIES_URL = `/api/tokens/capabilities` SECRETS_URL = `/api/secrets` SECRETS_ID_URL = `/api/secrets/%s` SECRETS_ID_DETAILS_URL = `/api/secrets/%s/details` SECRETS_ID_FULL_URL = `/api/secrets/%s/full` SETTINGS_URL = `/api/settings` INGESTERS_TRACKING_URL = `/api/ingesters/%s/tracking` CBAC_DEFAULT_URL = `/api/cbac/default` CBAC_DEFAULT_CAPABILITIES_URL = `/api/cbac/default/capabilities` CBAC_DEFAULT_TAGS_URL = `/api/cbac/default/tags` ALERTS_URL = `/api/alerts` ALERTS_ID_URL = `/api/alerts/%s` ALERTS_ID_SAMPLE_URL = `/api/alerts/%s/sample` ALERTS_VALIDATE_DISPATCHER_URL = `/api/alerts/validate/dispatcher` ALERTS_VALIDATE_CONSUMER_URL = `/api/alerts/validate/consumer` // Special APIs for installing licenses LICENSE_INIT_UPLOAD = `/license` LICENSE_INIT_STATUS = `/license/status` )
const (
SEARCH_HISTORY_USER = `user`
)
Variables ¶
var ( ErrInvalidTestStatus error = errors.New("Invalid status on webserver test") ErrAccountLocked error = errors.New(`Account is Locked`) ErrLoginFail error = errors.New(`Username and Password are incorrect`) ErrMFARequired error = errors.New(`MFA required`) ErrMFASetupRequired error = errors.New(`MFA configuration required`) ErrNotSynced error = errors.New(`Client has not been synced`) ErrNoLogin error = errors.New("Not logged in") ErrEmptyUserAgent error = errors.New("UserAgent cannot be empty") )
var ( ErrInvalidLogLevel = errors.New("Invalid logging level") Version = VersionStruct{ Major: 0, Minor: 1, Revision: 1, } )
var ( ErrNotAuthed = errors.New("Not Authed") ErrNotFound = errors.New("Not Found") )
var (
ErrInvalidKitSize = errors.New("Kit is too small to upload")
)
var (
ErrInvalidUserFileSize = errors.New("UserFile is too large to upload")
)
var (
ErrMaxBodyDrained = errors.New("too many response bytes in body, closing")
)
var (
ErrNotAdmin = errors.New("You are not an admin")
)
var (
ErrSearchNotAttached = errors.New("search not attached")
)
Functions ¶
This section is empty.
Types ¶
type ActiveSession ¶
The ActiveSession structure represents a login session on the server. The JWT field contains a negotiated authentication token (with expiration).
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client handles interaction with the server's REST APIs and websockets.
func New ¶ added in v3.8.19
New connects to the specified server and returns a new Client object. The useHttps parameter enables or disables SSL. Setting enforceCertificate to false will disable SSL certificate validation, allowing self-signed certs.
func NewClient
deprecated
func NewClient(server string, enforceCertificate, useHttps bool, objLogger objlog.ObjLog) (*Client, error)
NewClient connects to the specified server and returns a new Client object. The useHttps parameter enables or disables SSL. Setting enforceCertificate to false will disable SSL certificate validation, allowing self-signed certs.
Deprecated: Use New() or NewOpts() instead
func (*Client) AccessLogF ¶
AccessLogF submits a log message to the webserver at the Access log level.
func (*Client) AddDashboard ¶
AddDashboard creates a new dashboard and returns the ID. The obj parameter will be stored as the Data field of the dashboard.
func (*Client) AddExtraction ¶
func (c *Client) AddExtraction(d types.AXDefinition) (id uuid.UUID, wrs []types.WarnResp, err error)
AddExtraction installs an autoextractor definition, returning the UUID of the new extraction or an error if it is invalid.
func (*Client) AddGroup ¶
AddGroup (admin-only) creates a new group with the given name and description.
func (*Client) AddIndexer ¶
AddIndexer (admin-only) tells the webserver to connect to a new indexer. The indexer will be added to the list of indexers in the webserver's config file and persist in the future.
func (*Client) AddMacro ¶
func (c *Client) AddMacro(m types.SearchMacro) (id uint64, err error)
AddMacro creates a new macro with the specified name and expansion, returning the ID of the newly-created macro.
func (*Client) AddPlaybook ¶
AddPlaybook creates a new playbook with the specified name, description, and body, returning the UUID of the new playbook. Note that the UUID and GUID fields will be automatically chosen, but the GUID field may be updated later.
func (*Client) AddSelfTargetedNotification ¶
func (c *Client) AddSelfTargetedNotification(notifType uint32, msg, link string, expiration time.Time) error
AddSelfTargetedNotification creates a new notification with the given type, message, link, and expiration. If expiration time is invalid, the webserver will instead set a default expiration.
func (*Client) AddUser ¶
AddUser (admin-only) creates a new user. The user and pass parameters specify login information. The name parameter is the user's real name and the email parameter is the user's email address. If 'admin' is set to true, the user will be flagged as an administrator.
func (*Client) AddUserFile ¶
AddUserFile creates a new user file with the specified name and description. pth should point to a valid file on the local system.
func (*Client) AddUserFileDetails ¶
func (c *Client) AddUserFileDetails(meta types.UserFileDetails, pth string) (guid uuid.UUID, err error)
AddUserFileDetails creates a new user file (uploaded from pth) with details set by the meta parameter.
func (*Client) AddUserToGroup ¶
AddUserToGroup adds a user to a group.
func (*Client) AdminChangePass ¶
AdminChangePass (admin-only) changes the specified user's password without requiring the current password.
func (*Client) AdminClearUserMFA ¶ added in v3.8.35
AdminClearUserMFA completely clears the specified user's MFA configuration. They will have to re-configure MFA on their next login.
func (*Client) AdminDeleteKit ¶
AdminDeleteKit is an admin-only function which can delete a kit owned by any user.
func (*Client) AdminListKits ¶
func (c *Client) AdminListKits() (pkgs []types.IdKitState, err error)
AdminListKits is an admin-only function which lists all kits on the system. Non-administrators will get the same list as returned by ListKits.
func (*Client) AdminMode ¶
AdminMode returns true if the ?admin=true parameter is set for API requests.
func (*Client) AllNotifications ¶ added in v3.8.37
func (c *Client) AllNotifications() (n types.NotificationSet, err error)
AllNotifications is an admin only API that retrieves all notifications for all users regardless of ownership and or ignored until status.
func (*Client) AllUserFiles ¶
func (c *Client) AllUserFiles() (ufds []types.UserFileDetails, err error)
AllUserFiles pulls the complete list of all user files for the entire system. Non-administrators will receive the same list as returned by UserFiles.
func (*Client) AttachSearch ¶
AttachSearch connects to an existing search (specified with the id parameter) and returns the associated Search object.
func (*Client) BackgroundSearch ¶
BackgroundSearch will request that a search is backgrounded by ID
func (*Client) Backup ¶
Backup generates a complete backup of all content on the Gravwell webserver and writes it out to the io.Writer provided. By default, scheduled searches / scheduled scripts are not included; set the 'includeSS' option to include them.
func (*Client) BackupWithConfig ¶ added in v3.8.18
func (*Client) BuildKit ¶
func (c *Client) BuildKit(pbr types.KitBuildRequest) (r types.KitBuildResponse, err error)
BuildKit builds a new kit. The parameter 'pbr' contains information about the kit to be built, including lists of objects to include. On success, the returned KitBuildResponse will contain a UUID which can be used to download the kit via the KitDownloadRequest function.
func (*Client) CapabilityList ¶
func (c *Client) CapabilityList() (cl []types.CapabilityDesc, err error)
CapabilityList returns a complete list of capabilities.
func (*Client) CapabilityTemplateList ¶
func (c *Client) CapabilityTemplateList() (cl []types.CapabilityTemplate, err error)
CapabilityTemplateList returns a list of CBAC templates defined on the system.
func (*Client) CheckApiVersion ¶
CheckApiVersion assert the REST API version of the webserver is compatible with the client.
func (*Client) ClearAdminMode ¶
func (c *Client) ClearAdminMode()
ClearAdminMode unsets the ?admin=true parameter for future API requests.
func (*Client) ClearAllMFA ¶ added in v3.8.35
ClearAllMFA completely clears the current user's MFA configuration, if allowed by site policy.
func (*Client) ClearFlowError ¶ added in v3.8.2
ClearFlowError clears the error field on the specified scheduled search.
func (*Client) ClearFlowState ¶ added in v3.8.2
ClearFlowState clears state variables on the specified scheduled search.
func (*Client) ClearScheduledSearchError ¶
ClearScheduledSearchError clears the error field on the specified scheduled search.
func (*Client) ClearScheduledSearchState ¶
ClearScheduledSearchState clears state variables on the specified scheduled search.
func (*Client) ClearUserScheduledSearches ¶
ClearUserScheduledSearches removes all scheduled searches belonging to the specified user
func (*Client) CloneDashboard ¶
CloneDashboard creates a copy of a dashboard and returns the ID of the new dashboard.
func (*Client) CloneResource ¶
CloneResource creates a copy of an existing resource (specified by GUID) with the Name field set to the newName parameter.
func (*Client) Close ¶
Close shuts down the client and cleans up connections. It does NOT terminate sessions.
func (*Client) ConfigureMail ¶
ConfigureMail sets up mail server options for the current user. The user, pass, server, and port parameters specify the mail server and authentication options for the server. The useTLS flag enables TLS for SMTP, and the noVerify flag disables checking of TLS certs.
func (*Client) CreateFlow ¶ added in v3.8.2
func (c *Client) CreateFlow(name, description, schedule, flow string, groups []int32) (int32, error)
CreateFlow makes a new flow and returns the ID. The parameters are:
- name: the flow name.
- description: the flow description.
- schedule: a cron-format schedule on which to execute the flow.
- flow: a valid JSON flow definition.
- groups: an optional array of groups which should be able to access this object.
func (*Client) CreateResource ¶
func (c *Client) CreateResource(name, description string, global bool, groups []int32) (*types.ResourceMetadata, error)
CreateResource makes a new resource. The resource name and description are specified at creation time, as are the Global flag and an optional list of groups with which to share it. The return value contains information about the newly-created resource.
func (*Client) CreateScheduledScript ¶
func (c *Client) CreateScheduledScript(name, description, schedule, script string, lang types.ScriptLang, groups []int32) (int32, error)
Create a scheduled search that executes a script instead of a search. The parameters are:
- name: the search name.
- description: the search description.
- schedule: a cron-format schedule on which to execute the search.
- script: a valid anko script.
- groups: an optional array of groups which should be able to access this object.
- lang: the language of scheduled script (anko, go)
func (*Client) CreateScheduledSearch ¶
func (c *Client) CreateScheduledSearch(name, description, schedule string, searchreference uuid.UUID, searchquery string, duration time.Duration, groups []int32) (int32, error)
CreateScheduledSearch makes a new scheduled search and returns the ID. The parameters are:
- name: the search name.
- description: the search description.
- schedule: a cron-format schedule on which to execute the search.
- searchreference: a reference to a query library item. Cannot be combined with searchquery.
- searchquery: a valid search query string. Cannot be combined with searchreference.
- duration: the amount of time over which the query should be run.
func (*Client) CreateScheduledSearchFromObject ¶ added in v3.8.35
func (c *Client) CreateScheduledSearchFromObject(s types.ScheduledSearch) (int32, error)
CreateScheduledSearchFromObject makes a new scheduled search and returns the ID. The parameters are:
- s: A scheduled search object.
func (*Client) CreateSecret ¶ added in v3.8.16
CreateSecret instantiates and returns a new Secret. The actual secret string will not be returned.
func (*Client) CreateToken ¶ added in v3.8.5
func (*Client) CurrentUserCapabilities ¶
func (c *Client) CurrentUserCapabilities() (set []types.CapabilityDesc, err error)
CurrentUserCapabilities returns the list of capabilities enabled for the current user.
func (*Client) CurrentUserCapabilityExplanations ¶ added in v3.8.21
func (c *Client) CurrentUserCapabilityExplanations() (set []types.CapabilityExplanation, err error)
CurrentUserCapabilityExplanations returns the list of capabilities, marked up to explain whether or not a user has the capability and why.
func (*Client) DebugAddHeaderValue ¶ added in v3.8.27
DebugAddHeaderValue can be used to inject header values into all requests; this function is primarily used for testing and forcing interactions with web application firewalls, security devices, and general testing. Key values must not be empty, empted values are allowed.
func (*Client) DebugAddQueryValue ¶ added in v3.8.27
DebugAddQueryValue can be used to URL parameters into all requests; this function is primarily used for testing and forcing interactions with web application firewalls, security devices, and general testing. Key values must not be empty, empted values are allowed.
func (*Client) DebugDeleteHeaderValue ¶ added in v3.8.27
DebugDeleteHeaderValue can be used to remove a previously injected header value. See DebugAddHeaderValue for more information
func (*Client) DebugDeleteQueryValue ¶ added in v3.8.27
DebugDeleteQueryValue can be used to remove a previously injected query value. See DebugAddQueryValue for more information
func (*Client) DeleteAlert ¶ added in v3.8.23
DeleteAlert deletes an alert. The id must be the ThingUUID, for precision.
func (*Client) DeleteBuildKit ¶
DeleteBuildKit removes a recently-built kit.
func (*Client) DeleteDashboard ¶
DeleteDashboard deletes the specified dashboard.
func (*Client) DeleteDashboardByGuid ¶
DeleteDashboardByGuid deletes a dashboard specified by GUID.
func (*Client) DeleteDefaultSearchGroup ¶ added in v3.8.9
DeleteDefaultSearchGroup removes the default search group for a specified user Admins can delete any user's default search group, but regular users can only delete their own.
func (*Client) DeleteExtraction ¶
DeleteExtraction deletes the specified autoextraction.
func (*Client) DeleteFlow ¶ added in v3.8.2
DeleteFlow removes the specified flow.
func (*Client) DeleteGroup ¶
DeleteGroup (admin-only) will delete a group.
func (*Client) DeleteKit ¶
DeleteKit uninstalls a kit (specified by UUID). Note that if kit items have been modified, DeleteKit will return an error; use ForceDeleteKit to remove the kit regardless.
func (*Client) DeleteKitBuildHistory ¶
DeleteKitBuildHistory deletes a build history entry for the given ID e.g. "io.gravwell.foo"
func (*Client) DeleteKitEx ¶ added in v3.8.0
func (c *Client) DeleteKitEx(id string) ([]types.SourcedKitItem, error)
DeleteKitEx attempts to uninstall a kit. If kit items have been modified, it will return an error and a list of modified items. If nothing has been changed, it returns an empty list and a nil error.
func (*Client) DeleteMacro ¶
DeleteMacro deletes a macro.
func (*Client) DeleteMailConfig ¶ added in v3.8.16
DeleteMailConfig removes a users mail configuration fom preferences this completely uninstalls any mail configs
func (*Client) DeleteNotification ¶ added in v3.8.10
DeleteNotification will delete a notification using a notification ID
func (*Client) DeletePivot ¶
DeletePivot deletes the pivot with the specified GUID
func (*Client) DeletePlaybook ¶
DeletePlaybook deletes the playbook with the specified UUID or GUID.
func (*Client) DeletePreferences ¶
DeletePreferences clear's the specified user's preferences.
func (*Client) DeleteResource ¶
DeleteResource removes a resource by GUID.
func (*Client) DeleteScheduledSearch ¶
DeleteScheduledSearch removes the specified scheduled search.
func (*Client) DeleteSearch ¶
DeleteSearch will request that a search is deleted by search ID
func (*Client) DeleteSearchLibrary ¶
DeleteSearchLibrary deletes a specific libary entry.
func (*Client) DeleteSecret ¶ added in v3.8.16
DeleteSecret deletes a Secret.
func (*Client) DeleteTemplate ¶
DeleteTemplate deletes the template with the specified GUID
func (*Client) DeleteUser ¶
DeleteUser (admin-only) deletes the specified user.
func (*Client) DeleteUserFile ¶
DeleteUserFile removes a user file by its GUID
func (*Client) DeleteUserFromGroup ¶
DeleteUserFromGroup removes a user from a group.
func (*Client) DeploymentInfo ¶
func (c *Client) DeploymentInfo() (di types.DeploymentInfo, err error)
DistributedWebservers queries to determine if the webserver is in distributed mode and therefore using the datastore. This means that certain resource changes may take some time to fully distribute. This is an admin-only function.
func (*Client) DetachSearch ¶
DetachSearch disconnects the client from a search. This may lead to the search being garbage collected.
func (*Client) DialWebsocket ¶
DialWebsocket uses the client's auth tokens to connect to a websocket on the server, returning the websocket connection.
func (*Client) DownloadRequest ¶
DownloadRequest performs an authenticated GET request on the specified URL and hands back the http.Response object for the request.
func (*Client) DownloadRequestWithContext ¶
func (c *Client) DownloadRequestWithContext(url string, ctx context.Context) (resp *http.Response, err error)
DownloadRequestWithContext performs an authenticated GET request on the specified URL and hands back the http.Response object for the request.
func (*Client) DownloadSearch ¶
func (c *Client) DownloadSearch(sid string, tr types.TimeRange, format string) (r io.ReadCloser, err error)
DownloadSearch returns an io.ReadCloser which can be used to download the results of the search with the specified search ID. The tr parameter is the time frame over which to download results, and the format parameter specifies the desired download format ("json", "csv", "text", "pcap", "lookupdata", "ipexist", "archive")
func (*Client) ExploreGenerate ¶
func (c *Client) ExploreGenerate(tag string, ents []types.SearchEntry) (mp map[string][]types.GenerateAXResponse, err error)
ExploreGenerate takes a tag name and an array of one or more SearchEntry objects as arguments. It has the webserver attempt various data exploration extractions and returns a map of the results. The map keys are extraction modules, e.g. "json" or "winlog". The map values are arrays of GenerateAXResponse structures, each representing one possible extraction of the data, including an AX definition which can be installed if the user deems the extraction appropriate.
func (*Client) ExportLoginToken ¶ added in v3.8.6
func (*Client) ExtractionSupportedEngines ¶
ExtractionSupportedEngines returns a list of valid engines for use in autoextraction definitions.
func (*Client) ForceDeleteKit ¶
ForceDeleteKit uninstalls a kit (specified by UUID) regardless of any changes made since installation.
func (*Client) ForgetIngester ¶ added in v3.8.20
func (*Client) GenerateRecoveryCodes ¶ added in v3.8.35
func (c *Client) GenerateRecoveryCodes(user, pass string, authtype types.AuthType, code string) (codes types.RecoveryCodes, err error)
GenerateRecoveryCodes regenerates the user's recovery codes.
func (*Client) GetAlert ¶ added in v3.8.23
GetAlert returns the definition for a specific alert. The id passed can be either a ThingUUID, which will always return a specific alert, or a GUID, in which case the webserver will attempt to resolve the "most appropriate" alert with that GUID.
func (*Client) GetAlertSampleEvent ¶ added in v3.8.23
GetAlertSampleEvent asks the webserver to generate a sample event for the given alert.
func (*Client) GetAlerts ¶ added in v3.8.23
func (c *Client) GetAlerts() (result []types.AlertDefinition, err error)
GetAlerts returns a list of alerts the user has access to. As admin, set the admin flag (c.SetAdminMode) to get a list of all alerts on the system.
func (*Client) GetAlertsByConsumer ¶ added in v3.8.30
func (c *Client) GetAlertsByConsumer(consumerID string, consumerType types.AlertConsumerType) (result []types.AlertDefinition, err error)
GetAlertsByConsumer returns a list of alerts who refer to the specified consumer. consumerID should be the *ID* of the a flow, not the *GUID*. Basically, this lets you ask: which alerts will launch *this specific flow*.
func (*Client) GetAlertsByDispatcher ¶ added in v3.8.30
func (c *Client) GetAlertsByDispatcher(dispatcherID string, dispatcherType types.AlertDispatcherType) (result []types.AlertDefinition, err error)
GetAlertsByDispatcher returns a list of alerts who refer to the specified dispatcher. dispatcherID should be the *ID* of the a scheduled search, not the *GUID*. Basically, this lets you ask: which alerts will be invoked by *this specific scheduled search*.
func (*Client) GetAllDashboards ¶
GetAllDashboards (admin-only) returns a list of all dashboards on the system.
func (*Client) GetAllMacros ¶
func (c *Client) GetAllMacros() ([]types.SearchMacro, error)
GetAllMacros (admin-only) returns all macros on the system.
func (*Client) GetAllPlaybooks ¶
GetAllPlaybooks (admin-only) returns all playbooks for all users. Non-administrators will receive the same list as returned by GetUserPlaybooks.
func (*Client) GetAllPreferences ¶
func (c *Client) GetAllPreferences() (types.UserPreferences, error)
GetAllPreferences (admin-only) fetches preferences for all users.
func (*Client) GetAllResourceList ¶
func (c *Client) GetAllResourceList() (rm []types.ResourceMetadata, err error)
GetAllResourceList is an admin-only API to pull back the entire resource list. Non-administrators will receive the same list as returned by GetResourceList.
func (*Client) GetAllScheduledSearches ¶
func (c *Client) GetAllScheduledSearches() ([]types.ScheduledSearch, error)
GetAllScheduledSearches (admin-only) returns all scheduled searches on the system.
func (*Client) GetAllUsers ¶
func (c *Client) GetAllUsers() ([]types.UserDetails, error)
GetAllUsers returns information about all users on the system.
func (*Client) GetApiVersion ¶ added in v3.8.1
GetApiVersion returns the REST API version of the webserver.
func (*Client) GetAttachSockets ¶
func (c *Client) GetAttachSockets() (*SearchSockets, error)
GetAttachSockets will hit the search routing websocket page and pull back only the attach socket.
func (*Client) GetAvailableEntryCount ¶
GetAvailableEntryCount returns the number of output entries for the specified search. The second return value is a boolean indicating if the search has finished or not.
func (*Client) GetCalendarStats ¶ added in v3.8.25
func (c *Client) GetCalendarStats(start, end time.Time, wells []string) ([]types.CalendarEntry, error)
GetCalendarStats gets day-by-day calendar statistics for the given wells.
func (*Client) GetChartResults ¶
GetChartResults queries a range of search results from the chart renderer. It returns a types.ChartResponse structure containing the results (see the Entries field).
func (*Client) GetChartTsRange ¶
func (c *Client) GetChartTsRange(s Search, start, end time.Time, first, last uint64) (types.ChartResponse, error)
GetChartTsRange queries search results for a time range from the chart renderer. It returns a types.ChartResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.
func (*Client) GetDashboard ¶
GetDashboard fetches a dashboard by numeric ID.
func (*Client) GetDashboardByGuid ¶
GetDashboardByGuid fetches a dashboard by GUID.
func (*Client) GetDefaultSearchGroup ¶ added in v3.8.9
GetDefaultSearchGroup returns the specified users default search group Admins can get any user's default search group, but regular users can only get their own.
func (*Client) GetEntries ¶
GetEntries fetches results from a search. These results have the Tag field represented as a string rather than the numeric representation used internally. Note that GetEntries is really only suitable for searches using the raw, text, or hex renderers. Results from the table renderer will also be restructured as entries, but other renderers are not supported.
func (*Client) GetExploreEntries ¶
func (c *Client) GetExploreEntries(s Search, start, end uint64) ([]types.SearchEntry, []types.ExploreResult, error)
GetExploreEntries takes the same arguments as GetEntries (a search + start and end indices), but in addition to the array of SearchEntries, it returns an array of ExploreResult objects. Each ExploreResult corresponds to the SearchEntry at the same index.
func (*Client) GetExtraction ¶ added in v3.8.21
func (c *Client) GetExtraction(uuid string) (d types.AXDefinition, err error)
GetExtraction returns a particular extraction by UUID
func (*Client) GetExtractions ¶
func (c *Client) GetExtractions() (dfs []types.AXDefinition, err error)
GetExtractions returns the list of autoextraction definitions available to the current user.
func (*Client) GetFdgResults ¶
GetFdgResults queries a range of search results from the FDG renderer. It returns a types.FdgResponse structure containing the results (see the Entries field).
func (*Client) GetFdgTsRange ¶
func (c *Client) GetFdgTsRange(s Search, start, end time.Time, first, last uint64) (types.FdgResponse, error)
GetFdgTsRange queries search results for a time range from the fdg renderer. It returns a types.FdgResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.
func (*Client) GetFlow ¶ added in v3.8.2
func (c *Client) GetFlow(id interface{}) (types.ScheduledSearch, error)
GetFlow returns the flow with the given ID. The ID is an interface{} to allow the user to specify either the flow's int32 "ID" or its UUID "GUID" field.
func (*Client) GetFlowList ¶ added in v3.8.2
func (c *Client) GetFlowList() ([]types.ScheduledSearch, error)
GetFlowhList returns flows the user has access to.
func (*Client) GetFullSecret ¶ added in v3.8.16
GetFullSecret fetches the entire Secret, including the value. This can only be used if you have authenticated using the searchagent token. The search agent knows how to set up the Client object correctly for this. If you are not writing something which acts like the search agent, you don't want this function, it won't work.
func (*Client) GetGaugeResults ¶
GetGaugeResults queries a range of search results from the gauge or numbercard renderers. It returns a types.GaugeResponse structure containing the results (see the Entries field).
func (*Client) GetGaugeTsRange ¶
func (c *Client) GetGaugeTsRange(s Search, start, end time.Time, first, last uint64) (types.GaugeResponse, error)
GetGaugeTsRange queries search results for a time range from the gauge renderer. It returns a types.GaugeResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.
func (*Client) GetGroup ¶
func (c *Client) GetGroup(id int32) (types.GroupDetails, error)
GetGroup returns information about the specified group.
func (*Client) GetGroupCapabilities ¶
func (c *Client) GetGroupCapabilities(gid int32) (cs types.CapabilityState, err error)
GetGroupCapabilities (admin-only) returns the list of capabilities enabled for a given group.
func (*Client) GetGroupDashboards ¶
GetGroupDashboards returns a list of all dashboards shared with the specified group. Only admins or members of the group may call this function.
func (*Client) GetGroupList ¶
func (c *Client) GetGroupList() ([]types.GroupDetails, error)
GetGroupList gets a listing of groups with basic info like GID, name, desc.
func (*Client) GetGroupMacros ¶
func (c *Client) GetGroupMacros(id int32) ([]types.SearchMacro, error)
GetGroupMacros returns macros shared with the specified group.
func (*Client) GetGroupMap ¶
GetGroupMap returns a map of GID to group name for every group on the system.
func (*Client) GetGroupTagAccess ¶
GetGroupTagAccess (admin-only) returns the tag access restrictions for the specified group.
func (*Client) GetGroupUsers ¶
func (c *Client) GetGroupUsers(gid int32) ([]types.UserDetails, error)
ListGroupUsers will return user details for all members of a group. Only administrators or members of the group may call this function.
func (*Client) GetGroups ¶
func (c *Client) GetGroups() ([]types.GroupDetails, error)
GetGroups returns information about all groups on the system.
func (*Client) GetGuiSettings ¶ added in v3.8.8
func (c *Client) GetGuiSettings() (types.GUISettings, error)
func (*Client) GetHeatmapResults ¶
func (c *Client) GetHeatmapResults(s Search, start, end uint64, fence types.Geofence) (types.HeatmapResponse, error)
GetHeatmapResults queries a range of search results from the heatmap renderer. It returns a types.HeatmapResponse structure containing the results (see the Entries field). The fence parameter is an option geofence to apply to the results.
func (*Client) GetHeatmapTsRange ¶
func (c *Client) GetHeatmapTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.HeatmapResponse, error)
GetHeatmapTsRange queries search results for a time range from the heatmap renderer. It returns a types.HeatmapResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified. The fence parameter is an option geofence to apply to the results.
func (*Client) GetHexResults ¶
GetHexResults queries a range of search results from the hex renderer. It returns a types.TextResponse structure containing the results (see the Entries field)
func (*Client) GetHexTsRange ¶
func (c *Client) GetHexTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)
GetHexTsRange queries search results for a time range from the hex renderer. It returns a types.TextResponse structure containing the results (see the Entries field). The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.
func (*Client) GetIndexStats ¶
GetIndexStats gets statistics for all the indexes on all connected indexers.
func (*Client) GetIndexerCalendarStats ¶ added in v3.8.25
func (c *Client) GetIndexerCalendarStats(indexer uuid.UUID, start, end time.Time, wells []string) ([]types.CalendarEntry, error)
GetIndexerCalendarStats gets day-by-day calendar statistics for a given indexer and given wells.
func (*Client) GetIndexerStorageStats ¶ added in v3.8.25
func (c *Client) GetIndexerStorageStats(indexer uuid.UUID) (map[string]types.PerWellStorageStats, error)
GetIndexerStorageStats gets storage statistics for the given indexer..
func (*Client) GetIngesterStats ¶
func (c *Client) GetIngesterStats() (map[string]types.IngestStats, error)
GetIngesterStats gets statistics for all ingesters tied to each indexer.
func (*Client) GetLibFile ¶
GetLibFile fetches the contents of a particular SOAR library file, as used in scheduled search scripts. The repo and commit arguments are optional. Examples:
c.GetLibFile("https://github.com/gravwell/libs", "cd9d6c5", "alerts/email.ank") c.GetLibFile("", "", "utils/links.ank")
func (*Client) GetLicenseDistributionState ¶
func (c *Client) GetLicenseDistributionState() (ds types.LicenseDistributionStatus, err error)
GetLicenseDistributionState checks the distribution status of a newly-uploaded license during the initial setup of a Gravwell cluster. This function MUST be called after calling InitLicense; when the status returned is "done", Gravwell is ready for use.
func (*Client) GetLicenseInfo ¶
func (c *Client) GetLicenseInfo() (li types.LicenseInfo, err error)
GetLicenseInfo returns information about the currently installed license.
func (*Client) GetLicenseSKU ¶
GetLicenseSKU returns the SKU for the license in use.
func (*Client) GetLicenseSerial ¶
GetLicenseSerial returns the serial number for the current license.
func (*Client) GetLogLevel ¶
GetLogLevel is an admin-only function which returns the webserver's enabled log level.
Valid levels: "Off", "Error", "Warn", "Info", "Web Access".
func (*Client) GetMFAInfo ¶ added in v3.8.35
GetMFAInfo returns information about the system's MFA policies and the user's MFA setup.
func (*Client) GetMacro ¶
func (c *Client) GetMacro(id uint64) (types.SearchMacro, error)
GetMacro returns detailed about a particular macro.
func (*Client) GetMyPreferences ¶
GetMyPreferences gets the current user's preferences into obj.
func (*Client) GetNumbercardResults ¶
GetNumbercardResults queries a range of search results from the gauge or numbercard renderers. It returns a types.GaugeResponse structure containing the results (see the Entries field).
func (*Client) GetNumbercardTsRange ¶
func (c *Client) GetNumbercardTsRange(s Search, start, end time.Time, first, last uint64) (types.GaugeResponse, error)
GetNumbercardTsRange queries search results for a time range from the gauge or numbercard renderers. It returns a types.GaugeResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.
func (*Client) GetP2PResults ¶
func (c *Client) GetP2PResults(s Search, start, end uint64, fence types.Geofence) (types.P2PResponse, error)
GetP2PResults queries a range of search results from the point2point renderer. It returns a types.P2PResponse structure containing the results (see the Entries field). The fence parameter is an option geofence to apply to the results.
func (*Client) GetP2PTsRange ¶
func (c *Client) GetP2PTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.P2PResponse, error)
GetP2PTsRange queries search results for a time range from the point2point renderer. It returns a types.P2PResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified. The fence parameter is an option geofence to apply to the results.
func (*Client) GetPcapResults ¶
GetPcapResults queries a range of search results from the pcap renderer. It returns a types.TextResponse structure containing the results (see the Entries field).
func (*Client) GetPcapTsRange ¶
func (c *Client) GetPcapTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)
GetPcapTsRange queries search results for a time range from the pcap renderer. It returns a types.TextResponse structure containing the results (see the Entries field). The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.
func (*Client) GetPingStates ¶
GetPingStates gets the connected/disconnected state of each indexer.
func (*Client) GetPivot ¶
GetPivot returns a types.WirePivot with the requested GUID. Because unique GUIDs are not enforced, the following precedence is used when selecting a pivot to return: 1. Pivots owned by the user always have highest priority 2. Pivots shared with a group to which the user belongs are next 3. Global pivots are the lowest priority
func (*Client) GetPlaybook ¶
GetPlaybook fetches the playbook with the specified UUID or GUID.
func (*Client) GetPointmapResults ¶
func (c *Client) GetPointmapResults(s Search, start, end uint64, fence types.Geofence) (types.PointmapResponse, error)
GetPointmapResults queries a range of search results from the pointmap renderer. It returns a types.PointmapResponse structure containing the results (see the Entries field). The fence parameter is an option geofence to apply to the results.
func (*Client) GetPointmapTsRange ¶
func (c *Client) GetPointmapTsRange(s Search, start, end time.Time, first, last uint64, fence types.Geofence) (types.PointmapResponse, error)
GetPointmapTsRange queries search results for a time range from the pointmap renderer. It returns a types.PointmapResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified. The fence parameter is an option geofence to apply to the results.
func (*Client) GetPreferences ¶
GetPreferences fetches the preferences structure for the user and unpacks them into obj.
func (*Client) GetRawResults ¶
GetRawResults queries a range of search results from the raw renderer. It returns a types.TextResponse structure containing the results (see the Entries field).
func (*Client) GetRawTsRange ¶
func (c *Client) GetRawTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)
GetRawTsRange queries search results for a time range from the raw renderer. It returns a types.TextResponse structure containing the results (see the Entries field). The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.
func (*Client) GetRefinedSearchHistory ¶
GetRefinedSearchHistory retrieves the current search history for the currently logged in user narrowed to searches containing the substring s. It only pulls back searches invoked by the individual user.
func (*Client) GetResource ¶
GetResource returns the contents of the resource with the specified name. The name can be either the user-friendly Name field, or a stringified GUID. Because resources can be shared, and resources are not required to have globally-unique names, the following precedence is used when selecting a resource by user-friendly name: 1. Resources owned by the user always have highest priority 2. Resources shared with a group to which the user belongs are next 3. Global resources are the lowest priority
func (*Client) GetResourceList ¶
func (c *Client) GetResourceList() (rm []types.ResourceMetadata, err error)
GetResourceList returns information about all resources the user can access.
func (*Client) GetResourceMetadata ¶ added in v3.8.14
func (c *Client) GetResourceMetadata(guid string) (*types.ResourceMetadata, error)
GetResourceMetadata gets the specified resource's metadata.
func (*Client) GetScheduledSearch ¶
func (c *Client) GetScheduledSearch(id interface{}) (types.ScheduledSearch, error)
GetScheduledSearch returns the scheduled search with the given ID. The ID is an interface{} to allow the user to specify either the int32 "ID" or the UUID "GUID" field.
func (*Client) GetScheduledSearchList ¶
func (c *Client) GetScheduledSearchList() ([]types.ScheduledSearch, error)
GetScheduledSearchList returns scheduled searches the user has access to.
func (*Client) GetSearchAgentCheckin ¶ added in v3.8.31
func (c *Client) GetSearchAgentCheckin() (ci types.SearchAgentCheckin, err error)
GetSearchAgentCheckin finds out when the most recent searchagent checkin was.
func (*Client) GetSearchHistory ¶
GetSearchHistory retrieves the current search history for the currently logged in user. It only pulls back searches invoked by the individual user.
func (*Client) GetSearchHistoryRange ¶
GetSearchHistoryRange retrieves paginated search history for the currently logged in user. The start and end parameters are indexes into the search history, with 0 representing the most recent search.
func (*Client) GetSearchLibrary ¶ added in v3.8.6
GetSearchLibrary returns a query which matches the UUID given. It first checks for a query with a matching ThingUUID. If that is not found, it looks for a query with a matching GUID, prioritizing queries belonging to the current user.
func (*Client) GetSearchMetadata ¶
func (c *Client) GetSearchMetadata(s Search) (sm types.SearchMetadata, err error)
GetSearchMetadata request the enumerated value metadata stats from a search. The metadata stats contain some basic survey info about enumerated values in the pipeline. The survey info may contain numerical info such as min and max for numbers and a sample of enumerated value values for non-numerical types.
func (*Client) GetSearchSockets ¶
func (c *Client) GetSearchSockets() (*SearchSockets, error)
GetSearchSockets will hit the search routing websocket page and pull back the parse, search, and attach subprotocols.
func (*Client) GetStackGraphResults ¶
func (c *Client) GetStackGraphResults(s Search, start, end uint64) (types.StackGraphResponse, error)
GetStackGraphResults queries a range of search results from the stackgraph renderer. It returns a types.StackGraphResponse structure containing the results (see the Entries field).
func (*Client) GetStackGraphTsRange ¶
func (c *Client) GetStackGraphTsRange(s Search, start, end time.Time, first, last uint64) (types.StackGraphResponse, error)
GetStackGraphTsRange queries search results for a time range from the stackgraph renderer. It returns a types.StackGraphResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.
func (*Client) GetStatSocket ¶
func (c *Client) GetStatSocket(subProto string) (*websocketRouter.SubProtoConn, *websocketRouter.SubProtoClient, error)
GetStatSocket will connect to the websocketRouter and get the subProto client for the stats socket only.
func (*Client) GetStorageStats ¶ added in v3.8.25
func (c *Client) GetStorageStats() (map[string]types.StorageStats, error)
GetStorageStats gets storage statistics for all indexers.
func (*Client) GetSystemDescriptions ¶
GetSystemDescriptions hits the static page to hand back system descriptions for all active indexers and the webserver.
func (*Client) GetSystemStats ¶
GetSystemStats gets the system statistics from each active indexer.
func (*Client) GetTOTPSetup ¶ added in v3.8.35
func (c *Client) GetTOTPSetup(user, pass string) (types.MFATOTPSetupResponse, error)
GetTOTPSetup requests the parameters necessary for configuring TOTP when the user does not have any MFA set up at all.
func (*Client) GetTOTPSetupEx ¶ added in v3.8.35
func (c *Client) GetTOTPSetupEx(user, pass string, authtype types.AuthType, code string) (types.MFATOTPSetupResponse, error)
GetTOTPSetupEx requests the parameters necessary for configuring TOTP. If any form of MFA is already configured for that account, a valid authtype and MFA code must be specified in addition to username and password. If MFA is not set up, "AUTH_TYPE_NONE" may be passed along with an empty code.
func (*Client) GetTableResults ¶
GetTableResults queries a range of search results from the table renderer. It returns a types.TableResponse structure containing the results (see the Entries field)
func (*Client) GetTableTsRange ¶
func (c *Client) GetTableTsRange(s Search, start, end time.Time, first, last uint64) (types.TableResponse, error)
GetTableTsRange queries search results for a time range from the table renderer. It returns a types.TableResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.
func (*Client) GetTags ¶
GetTags returns an array of strings representing the tags on the Gravwell system.
func (*Client) GetTemplate ¶
GetTemplate returns a types.WireUserTemplate with the requested GUID. Because unique GUIDs are not enforced, the following precedence is used when selecting a template to return: 1. Templates owned by the user always have highest priority 2. Templates shared with a group to which the user belongs are next 3. Global templates are the lowest priority
func (*Client) GetTextResults ¶
GetTextResults queries a range of search results from the text, hex, or raw renderers. It returns a types.TextResponse structure containing the results (see the Entries field)
func (*Client) GetTextTsRange ¶
func (c *Client) GetTextTsRange(s Search, start, end time.Time, first, last uint64) (types.TextResponse, error)
GetTextTsRange queries search results for a time range from the text, hex, or raw renderers. It returns a types.TextResponse structure containing the results (see the Entries field) The 'first' and 'last' parameters specify indexes of entries to fetch within the timespan specified.
func (*Client) GetUserCapabilities ¶
func (c *Client) GetUserCapabilities(uid int32) (cs types.CapabilityState, err error)
GetUserCapabilities (admin-only) returns the list of capabilities enabled for the specified user.
func (*Client) GetUserCapabilityExplanations ¶ added in v3.8.21
func (c *Client) GetUserCapabilityExplanations(uid int32) (cs []types.CapabilityExplanation, err error)
GetUserCapabilityExplanations (admin-only) returns the list of capabilities enabled for the specified user & why
func (*Client) GetUserDashboards ¶
GetUserDashboards returns a list of all dashboards belonging to the specified user. Only admins or the user in question may call this function.
func (*Client) GetUserFile ¶
GetUserFile downloads a file with the given GUID and hands back its contents
func (*Client) GetUserFileDetails ¶ added in v3.8.17
GetUserFileDetails fetches info about a particular file by GUID or ThingUUID.
func (*Client) GetUserGroups ¶
func (c *Client) GetUserGroups(uid int32) ([]types.GroupDetails, error)
ListGroups returns information about groups to which the user belongs.
func (*Client) GetUserGroupsDashboards ¶
GetUserGroupsDashboards returns a list of all dashboards the current user can view.
func (*Client) GetUserGroupsMacros ¶
func (c *Client) GetUserGroupsMacros() ([]types.SearchMacro, error)
GetUserGroupsMacros returns all macros accessible to the current user.
func (*Client) GetUserInfo ¶
func (c *Client) GetUserInfo(id int32) (types.UserDetails, error)
GetUserInfo (admin-only) gets information about a specific user.
func (*Client) GetUserList ¶
func (c *Client) GetUserList() ([]types.UserDetails, error)
GetUserList gets a listing of users with basic info like UID, name, email, etc.
func (*Client) GetUserMacros ¶
func (c *Client) GetUserMacros(id int32) ([]types.SearchMacro, error)
GetUserMacros returns macros belonging to the specified user.
func (*Client) GetUserMap ¶
GetUserMap returns a map of UID to username for every user on the system.
func (*Client) GetUserPlaybooks ¶
GetUserPlaybooks returns all playbooks accessible to the current user.
func (*Client) GetUserScheduledSearches ¶
func (c *Client) GetUserScheduledSearches(uid int32) ([]types.ScheduledSearch, error)
GetUserScheduledSearches returns all scheduled searches belonging to the specified user.
func (*Client) GetUserSearchHistory ¶
GetUserSearchHistory retrieves the current search history for the specified user. Only admins may request search history for users besides themselves.
func (*Client) GetUserTagAccess ¶
GetUserTagAccess (admin-only) returns the tag access restrictions for the specified user.
func (*Client) Groups ¶
func (c *Client) Groups() (gps []types.GroupDetails, err error)
Groups returns the current user's group memberships.
func (*Client) HasCapability ¶ added in v3.8.20
func (c *Client) HasCapability(cp types.Capability) bool
HasCapability checks if the client contains a given capability, if the capability list is not yet populated
func (*Client) Impersonate ¶
Impersonate is an admin-only function which can be used to execute commands as another user, similar to the `su` command on Unix. It returns a Client object which is authenticated as the specified user.
func (*Client) ImportLoginToken ¶
ImportLoginToken takes an existing JWT token and loads it into the client. The token is not validated by the client at this point; use the TestLogin function to verify that the token is valid. If you need to save and restore sessions, consider using the SessionData and InheritSession functions instead.
func (*Client) ImportSearch ¶
ImportSearch uploads an archived search to Gravwell. The gid parameter specifies a group to share with, if desired.
func (*Client) ImportSearchBatchInfo ¶ added in v3.7.1
ImportSearchBatchInfo uploads an archived search to Gravwell with optional batch information. The gid parameter specifies a group to share with, if desired. The name and info parameters are optional extended batch information
func (*Client) IngestEntries ¶
func (c *Client) IngestEntries(entries []types.StringTagEntry) error
IngestEntries takes an array of entries and uploads them to the webserver, which will then distribute them out to its indexers. Returns the number of ingested entries and any error.
func (*Client) IngestFile ¶
func (c *Client) IngestFile(file, tag, src string, ignoreTimestamp, assumeLocalTimezone bool) (resp types.IngestResponse, err error)
IngestFile uploads the contents of a file on disk and ingests them.
The 'file' argument should point at a valid file on disk containing line-delimited log entries, a pcap packet capture, or JSON as downloaded from Gravwell search results.
'tag' is the tag to use, and 'src' should be a string containing a valid IP address.
If 'ignoreTimestamp' is set, all entries will be tagged with the current time.
If 'assumeLocalTimezone' is set, any timezone information in the data will be ignored and timestamps will be assumed to be in the Gravwell server's local timezone.
func (*Client) IngestInternal ¶ added in v3.8.0
func (c *Client) IngestInternal(entries []types.StringTagEntry) error
IngestInternal is used to perform ingest on internal logs for external components. Things like the searchagent and other drone controllers can use this to get their internal logs into the the gravwell tag without an ingest connection. This API requires admin status.
func (*Client) InheritSession ¶
func (c *Client) InheritSession(sess *ActiveSession) (bool, error)
InheritSession loads an ActiveSession object into the client and verifies that the session data is still valid. Session objects may be retrieved using the SessionData function, serialized to a file, and later restored using InheritSession to implement basic persistent session functionality.
func (*Client) InitLicense ¶
InitLicense uploads the contents of a Gravwell license. It will return nil if the license is valid and accepted by Gravwell. After calling InitLicense, you MUST use GetLicenseDistributionState to verify that Gravwell has distributed the license to the indexers and is ready to use.
func (*Client) InstallKit ¶
InstallKit tells the webserver to install a staged kit. The id parameter is the UUID of the staged kit. The cfg parameter provides install-time options.
func (*Client) InstallTOTPSetup ¶ added in v3.8.35
func (c *Client) InstallTOTPSetup(user, pass, code string) (types.MFATOTPInstallResponse, error)
InstallTOTPSetup installs the parameters requested by GetTOTPSetup. The code parameter should be generated from the URL in the reponse.
func (*Client) KitDownloadRequest ¶
KitDownloadRequest initiates a download for the specified kit and returns the associated http.Response structure. The kit is available in the Body field of the response.
func (*Client) KitInfo ¶
KitInfo returns information about a particular installed/staged kit, specified by the kit's UUID.
func (*Client) KitStatuses ¶
func (c *Client) KitStatuses() (statuses []types.InstallStatus, err error)
KitStatuses returns the statuses of any ongoing or completed kit installations.
func (*Client) LicenseInitRequired ¶
LicenseInitRequired returns true if the Gravwell cluster requires a license. If true, use InitLicense to upload a valid license file.
func (*Client) ListAllPivots ¶
ListAllPivots returns the list of all pivots in the system Non-administrators will receive the same list as returned by ListPivots.
func (*Client) ListAllSearchLibrary ¶
func (c *Client) ListAllSearchLibrary() (wsl []types.WireSearchLibrary, err error)
ListAllSearchLibrary (admin-only) returns the list of all search library entries for all users. Non-administrators will receive the same list as returned by ListSearchLibrary.
func (*Client) ListAllSearchStatuses ¶
func (c *Client) ListAllSearchStatuses() ([]types.SearchCtrlStatus, error)
ListAllSearchStatuses returns a list of all searches on the system. Only admin users can use this function.
func (*Client) ListAllTemplates ¶
func (c *Client) ListAllTemplates() (templates []types.WireUserTemplate, err error)
ListAllTemplates returns the list of all templates in the system. Non-administrators will receive the same list as returned by ListTemplates.
func (*Client) ListKitBuildHistory ¶
func (c *Client) ListKitBuildHistory() (hist []types.KitBuildRequest, err error)
ListKitBuildHistory returns KitBuildRequests for all kits previously built by the user. Note that only the most recent build request is stored for each unique kit ID (e.g. "io.gravwell.foo").
func (*Client) ListKits ¶
func (c *Client) ListKits() (pkgs []types.IdKitState, err error)
ListKits returns a list of all installed and staged kits.
func (*Client) ListPivots ¶
ListPivots returns a list of pivots accessible to the current user.
func (*Client) ListRemoteKits ¶
func (c *Client) ListRemoteKits(all bool) (mds []types.KitMetadata, err error)
ListRemoteKits returns a list of kits available on the kit server.
func (*Client) ListSearchDetails ¶ added in v3.8.17
func (c *Client) ListSearchDetails() ([]types.SearchInfo, error)
ListSearchDetails returns details for all searches the current user has access to and their current status. If the admin flag is set (by calling SetAdminMode()) this will return info for all searches on the system.
func (*Client) ListSearchLibrary ¶
func (c *Client) ListSearchLibrary() (wsl []types.WireSearchLibrary, err error)
ListSearchLibrary returns the list of queries in the search library available to the user.
func (*Client) ListSearchStatuses ¶
func (c *Client) ListSearchStatuses() ([]types.SearchCtrlStatus, error)
ListSearchStatuses returns a list of all searches the current user has access to and their current status.
func (*Client) ListSecrets ¶ added in v3.8.16
ListSecrets returns a list of all Secret objects the user has access to. The actual secret string will not be returned.
func (*Client) ListTemplates ¶
func (c *Client) ListTemplates() (templates []types.WireUserTemplate, err error)
ListTemplates returns a list of templates accessible to the current user.
func (*Client) ListTokens ¶ added in v3.8.5
func (*Client) LockUserAccount ¶
LockUserAccount (admin-only) locks a user account. The user will be unable to log in until unlocked, and all existing sessions will be terminated.
func (*Client) Login ¶
Login authenticates the client to the webserver using the specified username and password.
func (*Client) LoginEx ¶ added in v3.8.35
func (c *Client) LoginEx(user, pass string) (types.LoginResponse, error)
LoginEx acts like Login but returns the LoginResponse received from the server. If login was successful, the client's JWT *will* be updated.
func (*Client) LoginWithAPIToken ¶ added in v3.8.30
func (*Client) LogoutAll ¶
LogoutAll asks the server to terminate the current session and every other session for our user.
func (*Client) LookupGroup ¶ added in v3.8.19
func (c *Client) LookupGroup(groupname string) (gd types.GroupDetails, err error)
LookupGroup looks up a GroupDetails object given a group name if the group name is not found, ErrNotFound is returned
func (*Client) LookupResourceGUID ¶
LookupResourceGUID attempts to resolve the GUID for a resource with the specified user-friendly name. It follows precedence as defined on the GetResource method.
func (*Client) LookupUser ¶ added in v3.8.19
func (c *Client) LookupUser(username string) (ud types.UserDetails, err error)
LookupUser looks up a UserDetails object given a username if the username is not found, ErrNotFound is returned
func (*Client) MailConfig ¶ added in v3.8.17
func (c *Client) MailConfig() (mc types.UserMailConfig, err error)
MailConfig retrieves the current mail config if no mail config is set an empty UserMailConfig is returned Even on a valid mail config the Password portion is not present in the response
func (*Client) ModifyKit ¶ added in v3.8.22
func (c *Client) ModifyKit(id string, cfg types.KitConfig) (report types.KitModifyReport, err error)
ModifyKit tells the webserver to change parameters on an installed kit. The id parameter is the UUID of the installed kit. The cfg parameter provides the desired changes, with the following fields being respected: Global, InstallationGroup, and Labels.
func (*Client) MyAdminStatus ¶
MyAdminStatus returns true if the current user is marked as an administrator.
func (*Client) MyInfo ¶
func (c *Client) MyInfo() (types.UserDetails, error)
MyInfo returns the current user's information.
func (*Client) MyNewNotificationCount ¶
MyNewNotificationCount returns the number of new notifications since the last read notification.
func (*Client) MyNewNotifications ¶
func (c *Client) MyNewNotifications() (types.NotificationSet, error)
MyNewNotifications returns notifications which have not been previously read. Calling MyNewNotifications updates the last-read notification.
func (*Client) MyNotificationCount ¶
MyNotificationCount returns the number of notifications for the current user.
func (*Client) MyNotifications ¶
func (c *Client) MyNotifications() (types.NotificationSet, error)
MyNotifications returns all notifications for the current user. Calling MyNotifications updates the last-read notification.
func (*Client) MySessions ¶
MySessions returns an array of the current user's sessions.
func (*Client) NewAlert ¶ added in v3.8.23
func (c *Client) NewAlert(def types.AlertDefinition) (result types.AlertDefinition, err error)
NewAlert creates a new alert.
func (*Client) NewPivot ¶
func (c *Client) NewPivot(guid uuid.UUID, name, description string, contents types.RawObject) (storedGuid uuid.UUID, err error)
NewPivot creates a new pivot with the given GUID, name, description, contents. If guid is set to uuid.Nil, a random GUID will be chosen automatically.
func (*Client) NewSearchLibrary ¶
func (c *Client) NewSearchLibrary(sl types.WireSearchLibrary) (wsl types.WireSearchLibrary, err error)
NewSearchLibrary creates a new search library entry for the current user.
func (*Client) NewTemplate ¶
func (c *Client) NewTemplate(guid uuid.UUID, name, description string, contents types.RawObject) (details types.WireUserTemplate, err error)
NewTemplate creates a new template with the given GUID, name, description, contents. If guid is set to uuid.Nil, a random GUID will be chosen automatically.
func (*Client) ParseFlow ¶ added in v3.8.2
ParseFlow asks the API to check a flow. If there is no error, outputPayloads will be a map containing the outputs of each node, keyed by the node ID.
func (*Client) ParseReactiveFlow ¶ added in v3.8.23
func (c *Client) ParseReactiveFlow(flow string, event types.Event) (outputPayloads map[int]map[string]interface{}, err error)
ParseReactiveFlow asks the API to check a flow as if triggered by an alert. The event parameter will be injected into the initial payload under the name `event`. If there is no error, outputPayloads will be a map containing the outputs of each node, keyed by the node ID.
func (*Client) ParseScheduledScript ¶
func (c *Client) ParseScheduledScript(data string, lang types.ScriptLang) (line, column int, err error)
ParseScheduledScript asks the API to parse a script given an ID if there is no error line and column will have a return value of 0 if there is an error, err will be populated and potentially a line and column if the error was in the script
func (*Client) ParseSearch ¶
ParseSearch validates a search query. Gravwell will return an error if the query is not valid.
func (*Client) ParseSearchWithResponse ¶
func (c *Client) ParseSearchWithResponse(query string, filters []types.FilterRequest) (psr types.ParseSearchResponse, err error)
ParseSearchWithResponse behaves as ParseSearch, but it returns the ParseSearchResponse which contains detailed information about how Gravwell parsed out the search.
func (*Client) PopulateResource ¶
PopulateResource updates the contents of the resource with the specified GUID.
func (*Client) PopulateResourceFromReader ¶
PopulateResourceFromReader updates the contents of the specified resource using data read from an io.Reader rather than a slice of bytes.
func (*Client) PullKit ¶
PullKit tells the webserver to stage the kit with the specified GUID for installation, pulling the kit from the kit server. A KitState object containing information about the kit is returned on success.
func (*Client) PurgeUser ¶ added in v3.8.6
PurgeUser will first enumerate every asset that is owned by the user and delete them then it will delete the user. This is an admin-only function.
func (*Client) PutMyPreferences ¶
PutMyPreferences updates the current user's preferences with obj.
func (*Client) PutPreferences ¶
PutPreferences updates the specified user's preferences with obj.
func (*Client) RefreshLoginToken ¶ added in v3.7.5
RefreshLoginToken will ask the webserver to refresh the login state this means we get a new JWT and cookie and discard the old one. The client must be logged in to use this API
func (*Client) RequestTimeout ¶
RequestTimeout returns the current client request timeout value.
func (*Client) Restore ¶
Restore reads a backup archive from rdr and unpacks it on the Gravwell server.
func (*Client) RestoreEncrypted ¶ added in v3.8.18
RestoreEncrypted reads a backup archive from rdr and unpacks it on the Gravwell server.
func (*Client) SaveSearch ¶
func (c *Client) SaveSearch(sid string, ssp ...types.SaveSearchPatch) error
SaveSearch will request that a search is saved by ID, an optional SaveSearchPatch can be sent to modify the expiration or search name and notes
func (*Client) ScheduledSearchCheckin ¶
func (c *Client) ScheduledSearchCheckin(cfg types.SearchAgentConfig) error
ScheduledSearchCheckin (admin-only) informs the webserver that the search agent is active.
func (*Client) SearchDownloadRequest ¶
func (c *Client) SearchDownloadRequest(id, format string, tr types.TimeRange) (resp *http.Response, err error)
SearchDownloadRequest initiates a download of search results. The id parameter specifies the search to download. The format should be a supported download format for the search's renderer ("json", "csv", "text", "pcap", "lookupdata", "ipexist", "archive"). The tr parameter is the time frame over which results should be downloaded.
func (*Client) SearchDownloadRequestWithContext ¶
func (c *Client) SearchDownloadRequestWithContext(id, format string, tr types.TimeRange, ctx context.Context) (resp *http.Response, err error)
SearchDownloadRequestWithContext initiates a download of search results. The id parameter specifies the search to download. The format should be a supported download format for the search's renderer ("json", "csv", "text", "pcap", "lookupdata", "ipexist", "archive"). The tr parameter is the time frame over which results should be downloaded.
func (*Client) SearchInfo ¶
func (c *Client) SearchInfo(sid string) (types.SearchInfo, error)
SearchInfo requests the search info for a given search ID
func (*Client) SearchStatus ¶ added in v3.8.21
func (c *Client) SearchStatus(sid string) (types.SearchCtrlStatus, error)
SearchStatus requests the status of a given search ID
func (*Client) SecretInfo ¶ added in v3.8.16
SecretInfo fetches information about a particular Secret. The actual secret string will not be returned.
func (*Client) SendMail ¶
func (c *Client) SendMail(from string, to []string, subject string, body string, attch []types.UserMailAttachment) error
SendMail sends an email with the specified parameters using the mail server configuration defined for the current user. Note that the email will be sent from the webserver, not the system running the client code.
func (*Client) SendPrebuiltMail ¶
SendPrebuiltMail operates as SendMail, but takes a pre-populated types.UserMail object as an argument instead of discrete arguments.
func (*Client) ServerIP ¶
ServerIP attempts to return an IP address for the webserver. If it cannot resolve the hostname, it will return an unspecified IP
func (Client) SessionData ¶
func (c Client) SessionData() (ActiveSession, error)
SessionData returns a structure containing auth tokens for the current login session.
func (*Client) SetAdmin ¶
SetAdmin (admin-only) changes the admin status for the user with the given ID.
func (*Client) SetAdminMode ¶
func (c *Client) SetAdminMode()
SetAdminMode sets the ?admin=true parameter on future API requests. Note that setting this parameter has no effect for non-admin users. Admin users should use this parameter carefully, as it gives access to objects belonging to other users and makes it easy to break things.
func (*Client) SetDefaultSearchGroup ¶
SetDefaultSearchGroup will set the specified user's default search group. Admins can set any user's default search group, but regular users can only set their own.
func (*Client) SetGlobal ¶ added in v3.8.43
SetGlobal is an admin-only function to toggle sharing of results with the entire system.
func (*Client) SetGroup ¶
SetGroup will set the GID of the group which can read the search. Setting it to 0 will disable group access. Deprecated: use SetGroups instead
func (*Client) SetGroupCapabilities ¶
func (c *Client) SetGroupCapabilities(gid int32, cs types.CapabilityState) (err error)
SetGroupCapabilities (admin-only) sets the capability list for a group.
func (*Client) SetGroupTagAccess ¶
SetGroupTagAccess (admin-only) sets the tag access rules for a group.
func (*Client) SetGroups ¶ added in v3.8.43
SetGroups sets the list of groups that can read the search
func (*Client) SetLogLevel ¶
SetLogLevel is an admin-only function which sets the webserver's logging level.
Valid levels: "Off", "Error", "Warn", "Info", "Web Access".
func (*Client) SetNoCache ¶ added in v3.8.27
SetNoCache enables or disables Cache-Control headers on requests
func (*Client) SetPivot ¶
func (c *Client) SetPivot(guid uuid.UUID, pivot types.WirePivot) (details types.WirePivot, err error)
SetPivot allows the owner of a pivot (or an admin) to update the contents of the pivot.
func (*Client) SetRequestTimeout ¶
SetRequestTimeout overrides the client request timeout value. The timeout defaults to a very high value because large downloads may take significant time.
func (*Client) SetTemplate ¶
func (c *Client) SetTemplate(guid uuid.UUID, template types.WireUserTemplate) (details types.WireUserTemplate, err error)
SetTemplate allows the owner of a template (or an admin) to update the contents of the template.
func (*Client) SetUserAgent ¶
SetUserAgent changes the User-Agent field the client sends with requests (default: “GravwellCLI”).
func (*Client) SetUserCapabilities ¶
func (c *Client) SetUserCapabilities(uid int32, cs types.CapabilityState) (err error)
SetUserCaapbilities (admin-only) sets a user's capabilities to the provided list.
func (*Client) SetUserTagAccess ¶
SetUserTagAccess (admin-only) sets the tag access rules for a user.
func (*Client) StartBackgroundSearch ¶
func (c *Client) StartBackgroundSearch(query string, start, end time.Time, nohistory bool) (s Search, err error)
StartBackgroundSearch launches a backgrounded search with the given query and the specified start and end times. If "nohistory" is set, the search will be hidden in the user's search history; if false, it will be visible.
func (*Client) StartFilteredSearch ¶
func (c *Client) StartFilteredSearch(query string, start, end time.Time, nohistory bool, filters []types.FilterRequest) (s Search, err error)
StartFilteredSearch launches a foregrounded search with the given query and start/end. The filters parameter is an array of filters; these will be automatically inserted into the query during the parse phase. If "nohistory" is set, the search will be hidden in the user's search history; if false, it will be visible.
func (*Client) StartSearch ¶
func (c *Client) StartSearch(query string, start, end time.Time, nohistory bool) (s Search, err error)
StartSearch launches a foregrounded search with the given query and start/end. If "nohistory" is set, the search will be hidden in the user's search history; if false, it will be visible.
func (*Client) StartSearchEx ¶ added in v3.7.1
func (c *Client) StartSearchEx(sr types.StartSearchRequest) (s Search, err error)
StartSearchExtended launches a search using a StartSearchRequest object This function grants the maximum amount of control over the search starting process
func (*Client) State ¶ added in v3.8.35
func (c *Client) State() ClientState
State returns the current, enumerated status of the client
func (*Client) StopSearch ¶
StopSearch asks the search to stop progressing through the underlying data. The renderer maintains any data it currently has and the query is entirely usable, The data feed is just stopped. Issuing a Stop command to a query that is done has no affect. Meaning that if you attached to an archived search and issue a stop nothing happens. Requests to stop queries that you don't own return an error unless the caller is an admin
func (*Client) Sync ¶
Sync fetches some useful information for local reference, such as user details. It is typically not necessary to call this function; in the past, you had to call Sync immediately after authenticating, but the Login function now fetches the same information automatically.
func (*Client) TOTPClear ¶ added in v3.8.35
TOTPClear deletes the user's TOTP setup. Note that this may return an error if another MFA method is not configured.
func (*Client) TOTPLogin ¶ added in v3.8.35
func (c *Client) TOTPLogin(user, pass, code string) (types.LoginResponse, error)
TOTPLogin does a login using TOTP as the second factor.
func (*Client) TestAddExtraction ¶
TestAddExtraction validates an autoextractor definition.
func (*Client) TestGet ¶
TestGet performs a GET request to the specified URL path, e.g. `/api/test`. It returns nil for response code 200 or an error otherwise.
func (*Client) TestIngest ¶ added in v3.8.6
TestIngest returns whether or not this client is allowed to ingest data if ingest is allowed err will be nil
func (*Client) TestLogin ¶
TestLogin checks if the client is successfully logged in, indicated by a nil return value.
func (*Client) TokenCapabilities ¶ added in v3.8.5
func (*Client) UnlockUserAccount ¶
LockUserAccount (admin-only) unlocks a user account.
func (*Client) UpdateAlert ¶ added in v3.8.23
func (c *Client) UpdateAlert(def types.AlertDefinition) (result types.AlertDefinition, err error)
UpdateAlert modifies an alert. Make sure to have ThingUUID set, as this is used to resolve the appropriate alert to modify.
func (*Client) UpdateDashboard ¶
UpdateDashboard takes a types.Dashboard as an argument and updates the corresponding dashboard on the server to match.
func (*Client) UpdateExtraction ¶
UpdateExtraction modifies an existing autoextractor. The UUID field of the definition passed in must match the UUID of an existing definition owned by the user.
func (*Client) UpdateFlow ¶ added in v3.8.2
func (c *Client) UpdateFlow(ss types.ScheduledSearch) error
UpdateFlow is used to modify an existing flow.
func (*Client) UpdateFlowResults ¶ added in v3.8.2
func (c *Client) UpdateFlowResults(ss types.ScheduledSearch) error
UpdateFlowResults is used to update the flow after it has been run. It only updates the LastRun, LastRunDuration, LastSearchIDs, and LastError fields.
func (*Client) UpdateGroup ¶
func (c *Client) UpdateGroup(gid int32, gdet types.GroupDetails) error
UpdateGroup (admin-only) will update the specified group's details.
func (*Client) UpdateMacro ¶
func (c *Client) UpdateMacro(m types.SearchMacro) error
UpdateMacro modifies an existing macro.
func (*Client) UpdateMetadata ¶
func (c *Client) UpdateMetadata(guid string, metadata types.ResourceMetadata) error
UpdateMetadata sets the specified resource's metadata.
func (*Client) UpdateNotification ¶ added in v3.8.10
func (c *Client) UpdateNotification(id uint64, n types.Notification) error
UpdateNotification will update a notification using a notification ID
func (*Client) UpdatePlaybook ¶
UpdatePlaybook modifies an existing playbook. The UUID or GUID field of the parameter must match an existing playbook on the system that the user has access to.
func (*Client) UpdateScheduledSearch ¶
func (c *Client) UpdateScheduledSearch(ss types.ScheduledSearch) error
UpdateScheduledSearch is used to modify an existing scheduled search.
func (*Client) UpdateScheduledSearchResults ¶
func (c *Client) UpdateScheduledSearchResults(ss types.ScheduledSearch) error
UpdateScheduledSearchResults is used to update the scheduled search after it has been run. It only updates the PersistentMaps, LastRun, LastRunDuration, LastSearchIDs, and LastError fields
func (*Client) UpdateSearchLibrary ¶
func (c *Client) UpdateSearchLibrary(sl types.WireSearchLibrary) (nsl types.WireSearchLibrary, err error)
UpdateSearchLibrary updates a specific search library entry.
func (*Client) UpdateSecret ¶ added in v3.8.16
UpdateSecret changes the value of a particular secret. The actual secret string will not be returned.
func (*Client) UpdateSecretDetails ¶ added in v3.8.17
func (c *Client) UpdateSecretDetails(id uuid.UUID, sc types.SecretCreate) (s types.Secret, err error)
UpdateSecretDetails changes the details (not the value) of a particular secret. The actual secret string will not be returned.
func (*Client) UpdateToken ¶ added in v3.8.5
func (*Client) UpdateUserFile ¶
UpdateUserFile will push a new user file with name and description to the given GUID
func (*Client) UpdateUserFileMetadata ¶
UpdateUserFileMetadata will change every field of the user file but not the actual contents of the file
func (*Client) UpdateUserInfo ¶
AdminUpdateInfo changes basic information about the specified user. Admins can set any user's info, but regular users can only set their own.
func (*Client) UploadExtraction ¶
UploadExtraction uploads a TOML-formatted byteslice containing one or more autoextractor definitions. Gravwell will parse these definitions and install or update autoextractors as appropriate.
func (*Client) UploadKit ¶
UploadKit stages a kit file for installation. The parameter 'p' should be the path of a kit file on disk. A KitState object containing information about the kit is returned on success.
func (*Client) UploadLicenseFile ¶
func (c *Client) UploadLicenseFile(f string) ([]types.LicenseUpdateError, error)
UploadLicenseFile is an admin-only function to upload a new license to the Gravwell system. It takes a path to a license file as the argument.
func (*Client) UserChangePass ¶
UserChangePass changes the given user's password. Any user may change their own password, but they must know the current password.
func (*Client) UserFiles ¶
func (c *Client) UserFiles() (ufds []types.UserFileDetails, err error)
UserFiles lists all the user files the logged in account has access to
func (*Client) ValidateAlertFlowConsumer ¶ added in v3.8.23
func (c *Client) ValidateAlertFlowConsumer(flowID uuid.UUID, alert types.AlertDefinition) (resp types.AlertConsumerValidateResponse, err error)
ValidateAlertFlowConsumer validates an existing flow against a given alert, making sure it does not consume any fields not provided by the schema.
func (*Client) ValidateAlertScheduledSearchDispatcher ¶ added in v3.8.23
func (c *Client) ValidateAlertScheduledSearchDispatcher(ssearchID uuid.UUID, schema types.AlertSchemas) (resp types.AlertDispatcherValidateResponse, err error)
ValidateAlertScheduledSearchDispatcher validates an existing scheduled search against a given schema.
func (*Client) WaitForSearch ¶
WaitForSearch sleeps until the given search is complete. If the search fails for some reason, WaitForSearch will return an error describing the reason for the failure.
type ClientError ¶ added in v3.8.23
func (*ClientError) Error ¶ added in v3.8.23
func (e *ClientError) Error() string
type ClientState ¶ added in v3.8.35
type ClientState uint16
const ( // Client states STATE_NEW ClientState = iota STATE_AUTHED ClientState = iota STATE_CLOSED ClientState = iota STATE_LOGGED_OFF ClientState = iota )
func (ClientState) String ¶ added in v3.8.35
func (cs ClientState) String() string
type Search ¶
type Search struct { ID string RenderMod string types.StartSearchRequest // contains filtered or unexported fields }
Search represents an search on the Gravwell system.
type SearchSockets ¶
type SearchSockets struct { Parse *websocketRouter.SubProtoConn Search *websocketRouter.SubProtoConn Attach *websocketRouter.SubProtoConn Pong *websocketRouter.SubProtoConn Client *websocketRouter.SubProtoClient }
SearchSockets wraps up several different websocket subprotocols. Depending on the function used to obtain the SearchSockets object, not all subprotocols may be populated--refer to the individual function's documentation.
type VersionStruct ¶
func (VersionStruct) String ¶
func (v VersionStruct) String() string
String returns the version in the format <Major>.<Minor>.<Revision>, e.g. "4.1.0".
Source Files ¶
- admin.go
- alerts.go
- cbac.go
- client.go
- explore.go
- flows.go
- info.go
- ingest.go
- kit.go
- library.go
- logging.go
- macros.go
- maps.go
- mfa.go
- notifications.go
- pivots.go
- playbooks.go
- resources.go
- routingSockets.go
- scheduledSearch.go
- searchCtrl.go
- secrets.go
- states.go
- staticActions.go
- templates.go
- tokens.go
- urls.go
- userfiles.go
- utils.go