es-grep 0.0.2 → 0.0.3

data/VERSION

@@ -1 +1 @@
-0.0.2
+0.0.3

data/bin/esgrep

@@ -20,6 +20,26 @@ Main {
     description 'Send a raw ElasticSearch REST query.'
   }
 
+  option('dump', 'd'){
+    description 'Print the ElasticSearch query used to perform the search.'
+  }
+
+  option('field', 'f'){
+    description 'Search by field.'
+    argument :optional
+    defaults '_all'
+  }
+
+  option('app', 'a'){
+    description 'Filter the search by app name.'
+    argument :optional
+  }
+
+  option('host', 's'){
+    description 'Filter by the source\'s hostname'
+    argument :optional
+  }
+
   option('limit', 'l'){
     description 'The maximum number of results to return.'
     argument :optional
@@ -36,13 +56,19 @@ Main {
   }
 
   def run
-    results = query_clusters(params[:query].value, params[:clusters].values)
+    total, results = query_clusters(params[:query].value, params[:clusters].values)
 
     if params[:json].given?
       print_json(results, params[:pretty].given?)
     else
-      print(results, params[:pretty].given?)
+      print(total, results, params[:pretty].given?)
     end
+
+    if params[:dump].given?
+      puts ""
+      puts "Query: #{query_string(params[:query].value)}"
+    end
+    
   end
 
   def print_json(results, pretty)
@@ -53,7 +79,10 @@ Main {
     end
   end
 
-  def print(results, pretty)
+  def print(total, results, pretty)
+    puts "Results Found: #{total}"
+    puts "Results Displayed: #{results.size}"
+
     rows = results.map{ |r| 
       f = {}
       r["_source"]["@fields"].each { |k,v| f[k] = extract(v) }
@@ -108,28 +137,68 @@ Main {
   end
 
   def query_clusters(query, clusters)
-    results = clusters.map{ |c| query_cluster(query, c) }.flatten
+
+    total = 0
+    results = []
+
+    clusters.each do |c| 
+      response = query_cluster(query, c)
+
+      total += response["hits"]["total"]
+      results << response["hits"]["hits"]
+    end
+
+    results.flatten!
     results.sort_by { |r| -r["_score"].to_i } .take(params[:limit].value)
+
+    [total, results]
   end
 
   def query_cluster(query, cluster)
     http = Net::HTTP.new(cluster)
     response = http.post('/_search', query_string(query))
-    JSON.parse(response.body)["hits"]["hits"]
+    JSON.parse(response.body)
   end
 
   def query_string(query)
     if params[:raw].given?
       query.to_json
     else
-      {
+      q = {
         "from" => 0, "size" => params[:limit].value,
+
         "query" => {
-          "query_string" => {
-            "query" => query
+            "query_string" => {
+              "query" => query,
+              "default_field" => params[:field].value
+            }
           }
         }
-      }.to_json
+
+      if params[:app].given? or params[:host].given?
+        q["filter"] = {}
+        q["filter"]["and"] = []
+      end
+
+      if params[:app].given?
+        q["filter"]["and"] <<
+          { 
+            "term" => {
+              "appname" => params[:app].value,
+            }
+          }
+      end
+
+      if params[:host].given?
+        q["filter"]["and"] <<
+          {
+            "term" => {
+              "hostname" => params[:host].value
+            }
+          }
+      end
+
+      q.to_json
     end
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: es-grep
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease: 
 platform: ruby
 authors: