from flask import Flask, request, jsonify
import requests
import json

app = Flask(__name__)

SPLUNK_HEC_TOKEN = '51791309-bfaf-4250-8145-0dfb5312376f'
SPLUNK_HEC_URL = 'https://172.31.1.245:8088/services/collector/event'

@app.route('/splunk', methods=['POST'])
def webhook():
    try:
        # Parse the incoming JSON payload
        payload = request.json
        
        # Filter and restructure the payload as needed for Splunk
        splunk_event = {
                    "sourcetype": "supernaZT",
                    "event": {
                        "user": payload.get("user"),
                        "state": payload.get("state"),
                        "userName": payload.get("userName"),
                        "protocol": payload.get("protocol"),
                        "eventSource": payload.get("eventSource"),
                        "numFiles": payload.get("numFiles"),
                        "nes": payload.get("nes"),
                        "detected": payload.get("detected"),
                        "clientIPs": payload.get("clientIPs"),
                        "shares": payload.get("shares"),
                        "files": payload.get("files"),
                        # Add other fields as required
                    }
                }
        
        # Send the event to Splunk
        headers = {
            'Authorization': f'Splunk {SPLUNK_HEC_TOKEN}',
            'Content-Type': 'application/json'
        }
        response = requests.post(SPLUNK_HEC_URL, headers=headers, data=json.dumps(splunk_event), verify=False)
        
        # Check for HTTP errors
        response.raise_for_status()
        
        return jsonify({"message": "Event sent to Splunk successfully"}), 200
    
    except requests.exceptions.HTTPError as err:
        return jsonify({"error": str(err)}), err.response.status_code

    except Exception as e:
        return jsonify({"error": str(e)}), 500

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000) # debug of flask app is enbled