RubyGems - es-grep - Versions diffs - 0.0.2 → 0.0.3 - Mend

es-grep 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.0.2
1	+ 0.0.3

data/bin/esgrep CHANGED Viewed

@@ -20,6 +20,26 @@ Main {
     description 'Send a raw ElasticSearch REST query.'
   }
+  option('dump', 'd'){
+    description 'Print the ElasticSearch query used to perform the search.'
+  }
+  option('field', 'f'){
+    description 'Search by field.'
+    argument :optional
+    defaults '_all'
+  }
+  option('app', 'a'){
+    description 'Filter the search by app name.'
+    argument :optional
+  }
+  option('host', 's'){
+    description 'Filter by the source\'s hostname'
+    argument :optional
+  }
   option('limit', 'l'){
     description 'The maximum number of results to return.'
     argument :optional
@@ -36,13 +56,19 @@ Main {
   }
   def run
-    results = query_clusters(params[:query].value, params[:clusters].values)
+    total, results = query_clusters(params[:query].value, params[:clusters].values)
     if params[:json].given?
       print_json(results, params[:pretty].given?)
     else
-      print(results, params[:pretty].given?)
+      print(total, results, params[:pretty].given?)
     end
+    if params[:dump].given?
+      puts ""
+      puts "Query: #{query_string(params[:query].value)}"
+    end
   end
   def print_json(results, pretty)
@@ -53,7 +79,10 @@ Main {
     end
   end
-  def print(results, pretty)
+  def print(total, results, pretty)
+    puts "Results Found: #{total}"
+    puts "Results Displayed: #{results.size}"
     rows = results.map{ |r|
       f = {}
       r["_source"]["@fields"].each { |k,v| f[k] = extract(v) }
@@ -108,28 +137,68 @@ Main {
   end
   def query_clusters(query, clusters)
-    results = clusters.map{ |c| query_cluster(query, c) }.flatten
+    total = 0
+    results = []
+    clusters.each do |c|
+      response = query_cluster(query, c)
+      total += response["hits"]["total"]
+      results << response["hits"]["hits"]
+    end
+    results.flatten!
     results.sort_by { |r| -r["_score"].to_i } .take(params[:limit].value)
+    [total, results]
   end
   def query_cluster(query, cluster)
     http = Net::HTTP.new(cluster)
     response = http.post('/_search', query_string(query))
-    JSON.parse(response.body)["hits"]["hits"]
+    JSON.parse(response.body)
   end
   def query_string(query)
     if params[:raw].given?
       query.to_json
     else
-      {
+      q = {
         "from" => 0, "size" => params[:limit].value,
         "query" => {
-          "query_string" => {
-            "query" => query
+            "query_string" => {
+              "query" => query,
+              "default_field" => params[:field].value
+            }
           }
         }
-      }.to_json
+      if params[:app].given? or params[:host].given?
+        q["filter"] = {}
+        q["filter"]["and"] = []
+      end
+      if params[:app].given?
+        q["filter"]["and"] <<
+          {
+            "term" => {
+              "appname" => params[:app].value,
+            }
+          }
+      end
+      if params[:host].given?
+        q["filter"]["and"] <<
+          {
+            "term" => {
+              "hostname" => params[:host].value
+            }
+          }
+      end
+      q.to_json
     end
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: es-grep
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease:
 platform: ruby
 authors: