Merge pull request #204 from guilhemmarchand/testing

Version 1.2.18

Author: guilhemmarchand

docs/elastic_sources_unit_tests.csv

@@ -3,8 +3,15 @@ Order,Item,LastTested,Type,Instructions
 2,Create tstats based Elastic Source Dedicated,,UI,"Via the UI, create a new dedicated Elastic source: tstats based Elastic source *** constraint: index=* sourcetype=pan:traffic | name: Elastic:tstats:shared | index: network | sourcetype: pan:traffic ***. Creation needs to be successful and a new data source created in the UI"
 3,Create raw based Elastic Source Shared,,UI,"Via the UI, create a new shared Elastic source: raw based Elastic source *** constraint: index=* sourcetype=pan:traffic | name: Elastic:raw:shared | index: network | sourcetype: pan:traffic ***. Creation needs to be successful and a new data source created in the UI"
 4,Create raw based Elastic Source Dedicated,,UI,"Via the UI, create a new dedicated Elastic source: raw based Elastic source *** constraint: index=* sourcetype=pan:traffic | name: Elastic:raw:shared | index: network | sourcetype: pan:traffic ***. Creation needs to be successful and a new data source created in the UI"
-5,Create from based Elastic Source Shared,,UI,"Via the UI, create a new shared Elastic source: from based Elastic source *** constraint: datamodel:Authentication | search user=* | name: Elastic:from:shared | index: security | sourcetype: authentication ***. Creation needs to be successful and a new data source created in the UI"
-6,Create from based Elastic Source Shared,,UI,"Via the UI, create a new shared Elastic source: from based Elastic source *** constraint: datamodel:Authentication | search user=* | name: Elastic:from:shared | index: security | sourcetype: authentication ***. Creation needs to be successful and a new data source created in the UI"
-7,Create mstats based Elastic Source Shared,,UI,"Via the UI, create a new shared Elastic source: mstats based Elastic source *** constraint: index=telegraf metric_category=docker | name: Elastic:mstats:shared | index: telegraf | sourcetype: metrics ***. Creation needs to be successful and a new data source created in the UI"
-8,Create mstats based Elastic Source Dedicated,,UI,"Via the UI, create a new dedicated Elastic source: mstats based Elastic source *** constraint: index=telegraf metric_category=docker | name: Elastic:mstats:shared | index: telegraf | sourcetype: metrics ***. Creation needs to be successful and a new data source created in the UI"
-9,Verify Search feature,,UI,"For Elastic Sources, the Search btn when hit generates a Splunk SPL search that is dynamicall built, for each of the Elastic Sources previously created, make sure the search works as expected"
+5,Create from datamodel based Elastic Source Shared,,UI,"Via the UI, create a new shared Elastic source: from based Elastic source *** constraint: datamodel:Authentication | search user=* | name: Elastic:from:shared | index: security | sourcetype: authentication ***. Creation needs to be successful and a new data source created in the UI"
+6,Create from datamodel based Elastic Source Dedicated,,UI,"Via the UI, create a new dedicated Elastic source: from based Elastic source *** constraint: datamodel:Authentication | search user=* | name: Elastic:from:shared | index: security | sourcetype: authentication ***. Creation needs to be successful and a new data source created in the UI"
+7,Create from lookup based Elastic Source Shared,,UI,"Create a lookup with a time concept, via the UI Via the UI, create a new shared Elastic source: from based Elastic source *** constraint: lookup:acme_cmdb_lookup.csv | eval _time=strftime(lookupLastUpdated, ""%s"") | name: Elastic:from:lookup:shared | index: security | sourcetype: authentication ***. Creation needs to be successful and a new data source created in the UI"
+8,Create from lookup based Elastic Source Dedicated,,UI,"Create a lookup with a time concept, via the UI Via the UI, create a new shared Elastic source: from based Elastic source *** constraint: lookup:acme_cmdb_lookup.csv | eval _time=strftime(lookupLastUpdated, ""%s"") | name: Elastic:from:lookup:dedicated | index: security | sourcetype: authentication ***. Creation needs to be successful and a new data source created in the UI"
+9,Create mstats based Elastic Source Shared,,UI,"Via the UI, create a new shared Elastic source: mstats based Elastic source *** constraint: index=telegraf metric_category=docker | name: Elastic:mstats:shared | index: telegraf | sourcetype: metrics ***. Creation needs to be successful and a new data source created in the UI"
+10,Create mstats based Elastic Source Dedicated,,UI,"Via the UI, create a new dedicated Elastic source: mstats based Elastic source *** constraint: index=telegraf metric_category=docker | name: Elastic:mstats:shared | index: telegraf | sourcetype: metrics ***. Creation needs to be successful and a new data source created in the UI"
+11,Create rest tstats based Elastic Source,,UI,"Via the UI, create a new shared Elastic source: rest tstats based Elastic source *** constraint: index=* sourcetype=pan:traffic | name: Elastic:rest:tstats:shared | index: network | sourcetype: pan:traffic ***. Creation needs to be successful and a new data source created in the UI"
+12,Create rest raw based Elastic Source,,UI,"Via the UI, create a new shared Elastic source: rest raw based Elastic source *** constraint: index=* sourcetype=pan:traffic | name: Elastic:rest:raw:shared | index: network | sourcetype: pan:traffic ***. Creation needs to be successful and a new data source created in the UI"
+13,Create rest from datamodel based Elastic Source,,UI,"Via the UI, create a new shared Elastic source: rest from based Elastic source *** constraint: datamodel:Authentication | search user=* | name: Elastic:rest:from:shared | index: security | sourcetype: authentication ***. Creation needs to be successful and a new data source created in the UI"
+13,Create rest from lookup based Elastic Source,,UI,"Create a lookup with a time concept, via the UI Via the UI, create a new shared Elastic source: from based Elastic source *** constraint: lookup:acme_cmdb_lookup.csv | eval _time=strftime(lookupLastUpdated, ""%s"") | name: Elastic:rest:from:lookup:dedicated | index: security | sourcetype: authentication ***. Creation needs to be successful and a new data source created in the UI"
+14,Create rest mstats based Elastic Source,,UI,"Via the UI, create a new shared Elastic source: rest mstats based Elastic source *** constraint: index=telegraf metric_category=docker | name: Elastic:rest:mstats:shared | index: telegraf | sourcetype: metrics ***. Creation needs to be successful and a new data source created in the UI"
+15,Verify Search feature,,UI,"For Elastic Sources, the Search btn when hit generates a Splunk SPL search that is dynamicall built, for each of the Elastic Sources previously created, make sure the search works as expected"

docs/img/ack4.png

@@ -1,6 +1,25 @@
 Release notes
 #############
 
+Version 1.2.28
+==============
+
+**CAUTION:**
+
+This is a new main release branch, TrackMe 1.2.x requires the deployment of the following dependencies:
+
+- Semicircle Donut Chart Viz, Splunk Base: https://splunkbase.splunk.com/app/4378
+- Splunk Machine Learning Toolkit, Splunk Base: https://splunkbase.splunk.com/app/2890
+- Splunk Timeline - Custom Visualization, Splunk Base: https://splunkbase.splunk.com/app/3120
+
+TrackMe requires a summary index (defaults to trackme_summary) and a metric index (defaults to trackme_metrics):
+https://trackme.readthedocs.io/en/latest/configuration.html
+
+- Feature Issue #201 - Elastic Sources - Support for lookup tracking with from commands
+- Feature Issue #202 - Elastic Sources - Support for remote searches using rest
+- Fix Issue #203 - Provides a macro based definition for first level span of Metrics trackers
+- Change: Upgrade of splunklib Python SDK to latest release 1.6.14
+
 Version 1.2.27
 ==============