es-grep 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/bin/esgrep +78 -9
- metadata +1 -1
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0.
|
1
|
+
0.0.3
|
data/bin/esgrep
CHANGED
@@ -20,6 +20,26 @@ Main {
|
|
20
20
|
description 'Send a raw ElasticSearch REST query.'
|
21
21
|
}
|
22
22
|
|
23
|
+
option('dump', 'd'){
|
24
|
+
description 'Print the ElasticSearch query used to perform the search.'
|
25
|
+
}
|
26
|
+
|
27
|
+
option('field', 'f'){
|
28
|
+
description 'Search by field.'
|
29
|
+
argument :optional
|
30
|
+
defaults '_all'
|
31
|
+
}
|
32
|
+
|
33
|
+
option('app', 'a'){
|
34
|
+
description 'Filter the search by app name.'
|
35
|
+
argument :optional
|
36
|
+
}
|
37
|
+
|
38
|
+
option('host', 's'){
|
39
|
+
description 'Filter by the source\'s hostname'
|
40
|
+
argument :optional
|
41
|
+
}
|
42
|
+
|
23
43
|
option('limit', 'l'){
|
24
44
|
description 'The maximum number of results to return.'
|
25
45
|
argument :optional
|
@@ -36,13 +56,19 @@ Main {
|
|
36
56
|
}
|
37
57
|
|
38
58
|
def run
|
39
|
-
results = query_clusters(params[:query].value, params[:clusters].values)
|
59
|
+
total, results = query_clusters(params[:query].value, params[:clusters].values)
|
40
60
|
|
41
61
|
if params[:json].given?
|
42
62
|
print_json(results, params[:pretty].given?)
|
43
63
|
else
|
44
|
-
print(results, params[:pretty].given?)
|
64
|
+
print(total, results, params[:pretty].given?)
|
45
65
|
end
|
66
|
+
|
67
|
+
if params[:dump].given?
|
68
|
+
puts ""
|
69
|
+
puts "Query: #{query_string(params[:query].value)}"
|
70
|
+
end
|
71
|
+
|
46
72
|
end
|
47
73
|
|
48
74
|
def print_json(results, pretty)
|
@@ -53,7 +79,10 @@ Main {
|
|
53
79
|
end
|
54
80
|
end
|
55
81
|
|
56
|
-
def print(results, pretty)
|
82
|
+
def print(total, results, pretty)
|
83
|
+
puts "Results Found: #{total}"
|
84
|
+
puts "Results Displayed: #{results.size}"
|
85
|
+
|
57
86
|
rows = results.map{ |r|
|
58
87
|
f = {}
|
59
88
|
r["_source"]["@fields"].each { |k,v| f[k] = extract(v) }
|
@@ -108,28 +137,68 @@ Main {
|
|
108
137
|
end
|
109
138
|
|
110
139
|
def query_clusters(query, clusters)
|
111
|
-
|
140
|
+
|
141
|
+
total = 0
|
142
|
+
results = []
|
143
|
+
|
144
|
+
clusters.each do |c|
|
145
|
+
response = query_cluster(query, c)
|
146
|
+
|
147
|
+
total += response["hits"]["total"]
|
148
|
+
results << response["hits"]["hits"]
|
149
|
+
end
|
150
|
+
|
151
|
+
results.flatten!
|
112
152
|
results.sort_by { |r| -r["_score"].to_i } .take(params[:limit].value)
|
153
|
+
|
154
|
+
[total, results]
|
113
155
|
end
|
114
156
|
|
115
157
|
def query_cluster(query, cluster)
|
116
158
|
http = Net::HTTP.new(cluster)
|
117
159
|
response = http.post('/_search', query_string(query))
|
118
|
-
JSON.parse(response.body)
|
160
|
+
JSON.parse(response.body)
|
119
161
|
end
|
120
162
|
|
121
163
|
def query_string(query)
|
122
164
|
if params[:raw].given?
|
123
165
|
query.to_json
|
124
166
|
else
|
125
|
-
{
|
167
|
+
q = {
|
126
168
|
"from" => 0, "size" => params[:limit].value,
|
169
|
+
|
127
170
|
"query" => {
|
128
|
-
|
129
|
-
|
171
|
+
"query_string" => {
|
172
|
+
"query" => query,
|
173
|
+
"default_field" => params[:field].value
|
174
|
+
}
|
130
175
|
}
|
131
176
|
}
|
132
|
-
|
177
|
+
|
178
|
+
if params[:app].given? or params[:host].given?
|
179
|
+
q["filter"] = {}
|
180
|
+
q["filter"]["and"] = []
|
181
|
+
end
|
182
|
+
|
183
|
+
if params[:app].given?
|
184
|
+
q["filter"]["and"] <<
|
185
|
+
{
|
186
|
+
"term" => {
|
187
|
+
"appname" => params[:app].value,
|
188
|
+
}
|
189
|
+
}
|
190
|
+
end
|
191
|
+
|
192
|
+
if params[:host].given?
|
193
|
+
q["filter"]["and"] <<
|
194
|
+
{
|
195
|
+
"term" => {
|
196
|
+
"hostname" => params[:host].value
|
197
|
+
}
|
198
|
+
}
|
199
|
+
end
|
200
|
+
|
201
|
+
q.to_json
|
133
202
|
end
|
134
203
|
end
|
135
204
|
|