Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PAPP-34684] Splunk: Feature - Added 'splunk_job_timeout' parameter to asset config #51

Merged
merged 10 commits into from
Sep 25, 2024
Merged

[PAPP-34684] Splunk: Feature - Added 'splunk_job_timeout' parameter to asset config #51

merged 10 commits into from
Sep 25, 2024

Conversation

bbielinski-splunk
Copy link
Contributor

@bbielinski-splunk bbielinski-splunk commented Sep 10, 2024
edited
Loading

Please ensure your pull request (PR) adheres to the following guidelines:

  • Please refer to our contributing documentation for any questions on submitting a pull request, link: Contribution Guide

Pull Request Checklist

Please check if your PR fulfills the following requirements:

  • Testing of all the changes has been performed (for bug fixes / features)
  • The manual_readme_content.md has been reviewed and added / updated if needed (for bug fixes / features)
  • Use the following format for the PR description: <App Name>: <PR Type> - <PR Description>
  • Provide release notes as part of the PR submission which describe high level points about the changes for the upcoming GA release.
  • Verify all checks are passing.
  • Do NOT use the next branch of the forked repo. Create separate feature branch for raising the PR.
  • Do NOT submit updates to dependencies unless it fixes an issue.

Pull Request Type

Please check the type of change your PR introduces:

  • New App
  • Bugfix
  • Feature
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes, no api changes)
  • Documentation
  • Other (please describe):

Security Considerations (REQUIRED)

  • If you are exposing any endpoints using a REST handler,
    please document them in the manual_readme_content.md.
  • If this is a new connector or you are adding new actions
    • Please document in the manual_readme_content.md all methods (eg, OAuth) used to authenticate
      with the service that the connector is integrating with.
    • If any actions are unable to run on SOAR Cloud, please document this in the manual_readme_content.md.
  • Are you introducing any new cryptography modules? If yes, please elaborate their purpose:
  • Are you are accessing the file system? If yes, please verify that you are only accessing paths returned through
    the Vault API.
  • Are you are marking code to be ignored by Semgrep with nosemgrep?
    If yes, please provide justification in an additional comment next to the ignored code.

Release Notes (REQUIRED)

Changelog:

  • Added 'splunk_job_timeout' parameter to asset config
  • Bumped splunk-sdk to 2.0.1 (in 2.x, a lot of legacy Python2 code was removed and newer http libraries are used, which should make the sdk more robust)

What is the current behavior? (OPTIONAL)

The splunk connector doesn't track the amount of time it waits for the splunk job to finish so if job is stuck in "QUEUED" state (see related PAPP), the action will run indefinitely.

What is the new behavior? (OPTIONAL)

The splunk connector will track the amount of time it waits for the splunk job to finish and will time out this job if it exceeds set limit

Other information (OPTIONAL)

See screenshots

Pay close attention to (OPTIONAL)

n/a

Screenshots (if relevant)

New parameter "The duration in seconds to wait before a scheduled Splunk job times out" in asset settings:

Screenshot 2024-09-11 at 11 08 14

Error message, when the job has timed out:
Screenshot 2024-09-10 at 13 51 32

Thanks for contributing!

@bbielinski-splunk bbielinski-splunk marked this pull request as ready for review September 11, 2024 09:09
mposluszny-splunk
mposluszny-splunk reviewed Sep 18, 2024
View reviewed changes
@bbielinski-splunk bbielinski-splunk merged commit 82021c9 into next Sep 25, 2024
9 checks passed
@bbielinski-splunk bbielinski-splunk deleted the bbielinski/papp-34684 branch September 25, 2024 10:19
bbielinski-splunk added a commit that referenced this pull request Sep 25, 2024
@splunk-soar-connectors-bot @bbielinski-splunk
Merging next to main for release 2.17.0 (#53)
7212fee 
* [PAPP-34684] Splunk: Feature - Added 'splunk_job_timeout' parameter to asset config (#51)

* Adding TODO

* Bumping splunk-sdk to 2.0.1

* PAPP-34684: Added 'splunk_job_timeout' parameter to asset config.

* Update README.md

* PAPP-34684: Bumping pre-commit hooks and cleaning up wheels

* PAPP-34684: Updated manual_readme_content.md

* Update README.md

* PAPP-34684: Removing unnecessary pass

* Applying suggestion from review and linting

* Updating pre-commit hooks

---------

Co-authored-by: splunk-soar-connectors-admin <admin@splunksoar>

* Release notes for version 2.17.0

---------

Co-authored-by: Bartosz Bieliński <[email protected]>
Co-authored-by: splunk-soar-connectors-admin <admin@splunksoar>
Co-authored-by: root <root@splunksoar>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mposluszny-splunk mposluszny-splunk mposluszny-splunk approved these changes

@gbanas-splunk gbanas-splunk gbanas-splunk approved these changes

@alexa-phantom alexa-phantom Awaiting requested review from alexa-phantom

@bb-splunk bb-splunk Awaiting requested review from bb-splunk

Assignees
No one assigned
Labels
splunk-supported
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bbielinski-splunk @mposluszny-splunk @gbanas-splunk @splunk-soar-connectors-bot