[FEATURE] Add Splunk datasource plugin#543
Conversation
AntoineThebaud
changed the title
sharangokul28
force-pushed
the
feature/splunk-plugin
branch
from
d37ccf8 to
756a791
Compare
sharangokul28
requested review from
a team,
AntoineThebaud and
Nexucis
as code owners
splunk/cue.mod/module.cue
Outdated
| kind: "git" | ||
| } | ||
| deps: { | ||
| "github.com/perses/perses/cue@v0": { |
There was a problem hiding this comment.
This package was moved. Older package still works but it will be removed in the future
| "github.com/perses/perses/cue@v0": { | |
| "github.com/perses/shared/cue@v0": { |
splunk/cue.mod/module.cue
Outdated
| @@ -0,0 +1,13 @@ | |||
| module: "github.com/perses/plugins/splunk@v0" | |||
| language: { | |||
| version: "v0.14.0" | |||
There was a problem hiding this comment.
| version: "v0.14.0" | |
| version: "v0.15.1" |
splunk/cue.mod/module.cue
Outdated
| } | ||
| deps: { | ||
| "github.com/perses/perses/cue@v0": { | ||
| v: "v0.53.0-beta.3" |
There was a problem hiding this comment.
| v: "v0.53.0-beta.3" | |
| v: "v0.53.0-rc.1" |
| package model | ||
|
|
||
| import ( | ||
| "github.com/perses/perses/cue/common" |
There was a problem hiding this comment.
| "github.com/perses/perses/cue/common" | |
| "github.com/perses/shared/cue/common" |
|
|
||
| import ( | ||
| "github.com/perses/perses/cue/common" | ||
| commonProxy "github.com/perses/perses/cue/common/proxy" |
There was a problem hiding this comment.
| commonProxy "github.com/perses/perses/cue/common/proxy" | |
| commonProxy "github.com/perses/shared/cue/common/proxy" |
| "build-mf": "rsbuild build", | ||
| "build:cjs": "swc ./src -d dist/lib/cjs --strip-leading-paths --config-file ../.cjs.swcrc", | ||
| "build:esm": "swc ./src -d dist/lib --strip-leading-paths --config-file ../.swcrc", | ||
| "build:types": "tsc --project tsconfig.build.json", |
There was a problem hiding this comment.
The lint command is missing. This was added recently to the templates.
| "build:types": "tsc --project tsconfig.build.json", | |
| "build:types": "tsc --project tsconfig.build.json", | |
| "lint": "eslint src --ext .ts,.tsx", |
splunk/package.json
Outdated
| "@perses-dev/components": "^0.53.0-beta.3", | ||
| "@perses-dev/core": "^0.53.0-beta.3", | ||
| "@perses-dev/plugin-system": "^0.53.0-beta.3", |
There was a problem hiding this comment.
| "@perses-dev/components": "^0.53.0-beta.3", | |
| "@perses-dev/core": "^0.53.0-beta.3", | |
| "@perses-dev/plugin-system": "^0.53.0-beta.3", | |
| "@perses-dev/components": "^0.53.0-rc.1", | |
| "@perses-dev/core": "^0.53.0-rc.1", | |
| "@perses-dev/plugin-system": "^0.53.0-rc.1", |
splunk/go.mod
Outdated
|
|
||
| go 1.25.1 | ||
|
|
||
| require github.com/perses/perses v0.53.0-beta.3 |
There was a problem hiding this comment.
| require github.com/perses/perses v0.53.0-beta.3 | |
| require github.com/perses/perses v0.53.0-rc.0 |
sharangokul28
force-pushed
the
feature/splunk-plugin
branch
from
756a791 to
7997593
Compare
AntoineThebaud
left a comment
AntoineThebaud
left a comment
There was a problem hiding this comment.
CUE review following a change on main branch:
sharangokul28
force-pushed
the
feature/splunk-plugin
branch
from
37be2c4 to
2ec9a89
Compare
Signed-off-by: Sharan Gokul <sharangokul@gmail.com>
sharangokul28
force-pushed
the
feature/splunk-plugin
branch
from
2ec9a89 to
7b2c6f5
Compare
Gladorme
left a comment
Gladorme
left a comment
There was a problem hiding this comment.
Nice PR!
First review done, ping me if you have any questions :)
| } | ||
|
|
||
| const query = replaceVariables(spec.query, context.variableState); | ||
| const client = (await context.datasourceStore.getDatasourceClient<SplunkClient>( |
There was a problem hiding this comment.
const client: SplunkClient = await context.datasourceStore.getDatasourceClient<SplunkClient>(
spec.datasource ?? DEFAULT_DATASOURCE
);| )) as SplunkClient; | ||
|
|
||
| const datasourceSpec = await context.datasourceStore.getDatasource(spec.datasource ?? DEFAULT_DATASOURCE); | ||
| const allowedEndpoints = (datasourceSpec.plugin.spec as any)?.proxy?.spec?.allowedEndpoints || []; |
There was a problem hiding this comment.
No need to do endpoint checks on client, if datasource do not have the necessary endpoint, it will trigger an error from the back.
Looking the code after, I can understand why there is check on client side: Splunk has two way to retrieve logs? I think we should only stick with the recommended one.
| const earliest_time = Math.floor(start.getTime() / 1000).toString(); | ||
| const latest_time = Math.floor(end.getTime() / 1000).toString(); | ||
|
|
||
| let eventsResponse; |
There was a problem hiding this comment.
Perses is using TypeScript, for readibility and ease the maintenance for the future. Please provide typing for variables not initialized. It will be blocked by the linter in anycase. I saw some any too, except some cases, it should not be used
| const indexesResponse = await client.getIndexes(); | ||
| const entries = indexesResponse?.entry | ||
| ? indexesResponse.entry.map((index) => ({ | ||
| timestamp: new Date().getTime() / 1000, |
There was a problem hiding this comment.
Timestamp is not based on current timerange?
| ? indexesResponse.entry.map((index) => ({ | ||
| timestamp: new Date().getTime() / 1000, | ||
| line: index.name, | ||
| labels: Object.fromEntries( |
There was a problem hiding this comment.
A comment to explain would be welcomed here, because I don't understand what is done here ^^"
|
|
||
| return ( | ||
| <Stack spacing={1.5} paddingBottom={1}> | ||
| <div> |
There was a problem hiding this comment.
Replace <div> by <Box> (MUI div)
| } | ||
|
|
||
| const query = replaceVariables(spec.query, context.variableState); | ||
| const client = (await context.datasourceStore.getDatasourceClient<SplunkClient>( |
There was a problem hiding this comment.
Same comment as get-splunk-log-data.ts
| do { | ||
| await new Promise((resolve) => setTimeout(resolve, 500)); // Wait 500ms between polls | ||
| jobStatus = await client.getJobStatus(jobId); | ||
| } while (!jobStatus.entry?.[0]?.content?.isDone); |
There was a problem hiding this comment.
Same comment as get-splunk-log-data.ts
| const earliest_time = Math.floor(start.getTime() / 1000).toString(); | ||
| const latest_time = Math.floor(end.getTime() / 1000).toString(); | ||
|
|
||
| let resultsResponse; |
There was a problem hiding this comment.
Same comment as get-splunk-log-data.ts
| return { | ||
| series: convertedSeries, | ||
| timeRange: { start, end }, | ||
| stepMs: context.suggestedStepMs || 60000, |
| return response.json(); | ||
| } | ||
|
|
||
| export async function exportSearch( |
There was a problem hiding this comment.
This fetch looks like to be "streamed" when I look at the network inspect (result payload is displayed part by part), I wonder if we could use: https://tanstack.com/query/v5/docs/reference/streamedQuery 🤔
Never used it myself, but would ne nice if we don't have to wait full payload to display the content. Something that could be added in a future PR.
4 participants
Description
The Splunk plugin enables Perses to connect to Splunk instances and query data using Splunk Processing Language (SPL). It supports both time series visualizations and log queries.
Screenshots
Checklist
[<catalog_entry>] <commit message>naming convention using one of thefollowing
catalog_entryvalues:FEATURE,ENHANCEMENT,BUGFIX,BREAKINGCHANGE,DOC,IGNORE.UI Changes