indy 0.1.1 → 0.1.2

data/History.txt

@@ -1,3 +1,10 @@
+=== 0.1.2 / 2011-01-18
+
+* Predefined log formats for NCSA Common, NCSA Combined, and Log4r (default)
+* Source IO is explicitly closed after each #_search
+* Removed instance method #search; use #for.
+* Removed instance method #severity
+
 === 0.1.1 / 2011-01-13
 
 * Scope search by time (after, before, around, or within)

data/README.md

@@ -4,7 +4,7 @@ Indy: A Log Archaeology Tool
 Synopsis
 --------
 
-Log files are often searched for particular strings but it does not often treat the logs themselves as data structures.  Indy attempts to deliver logs with more powerful features by allowing the ability: to collect segments of a log from particular time; find a particular event; or monitor/reflect on a log to see if a particular event occurred (or not occurred).
+Log files are often searched for particular strings but it does not often treat the logs themselves as data structures.  Indy attempts to deliver logs with more powerful features by allowing the ability to collect segments of a log from particular time; find a particular event; or monitor/reflect on a log to see if a particular event occurred (or not occurred).
 
 Installation
 ------------
@@ -57,10 +57,22 @@ If the default pattern is obviously not strong enough for you, brew your own.
 To do so, specify a pattern and each of the match with their symbolic name.
 
     # HH:MM:SS SEVERITY APPLICATION#METHOD - MESSAGE
-    custom_pattern = "^(\d{2}:\d{2}:\d{2})\s*(INFO|DEBUG|WARN|ERROR)\s*([^#]+)#([^\s]+)\s*-\s*(.+)$"
+    custom_pattern = /^(\d{2}:\d{2}:\d{2})\s*(INFO|DEBUG|WARN|ERROR)\s*([^#]+)#([^\s]+)\s*-\s*(.+)$/
 
     Indy.search(source).with(custom_pattern,:time,:severity,:application,:method,:message).for(:severity => 'INFO', :method => 'allocate')
 
+### Predefined Log Patterns
+
+Several log formats have been predefined for ease of configuration. See indy/patterns.rb
+
+    # Indy::COMMON_LOG_PATTERN
+    # Indy::COMBINED_LOG_PATTERN
+    # Indy::LOG4R_DEFAULT_PATTERN
+    #
+    # Example (Log4r)
+    #  INFO mylog: This is a message with level INFO
+    Indy.new(:source => 'logfile.txt', :pattern => Indy::LOG4R_DEFAULT_PATTERN).for(:application => 'mylog')
+
 ### Explicit Time Format
 
 By default, Indy tries to guess your time format (courtesy of DateTime#parse). If you supply an explicit time format, it will use DateTime#strptime, as well as try to guess.
@@ -99,10 +111,15 @@ This is required when log data uses a non-standard date format, e.g.: U.S. forma
 
 ## Process the Results
 
+    A ResultSet (Array) is returned by #for, #like, #after, etc.
+
     entries = Indy.search(source).for(:message => 'Entering Application')
 
     Indy.search(source).for(:message => 'Entering Application').each do |entry|
-        puts entry
+
+      # each log line entry returned is an OpenStruct object
+      puts "[#{entry.time}] #{entry.message}: #{entry.application}"
+
     end
 
 LICENSE

data/Rakefile

@@ -17,6 +17,7 @@ end
 desc "Run performance specs"
 RSpec::Core::RakeTask.new(:perf) do |t|
   t.pattern = "./performance/**/*_spec.rb"
+  t.rspec_opts = ['-f d']
 end
 
 desc "Run features"

data/features/step_definitions/find_by.steps.rb

@@ -7,14 +7,6 @@ When /^searching the log for the log severity (\w+)$/ do |severity|
   @results = @indy.for(:severity => severity)
 end
 
-When /^searching the log for the log severity (\w+) and lower$/ do |severity|
-  @results = @indy.severity(severity,:equal_and_below)
-end
-
-When /^searching the log for the log severity (\w+) and higher$/ do |severity|
-  @results = @indy.severity(severity,:equal_and_above)
-end
-
 When /^searching the log for the exact match of the message "([^"]+)"$/ do |message|
   @results = @indy.for(:message => message)
 end
@@ -25,7 +17,7 @@ end
 
 When /^searching the log for:$/ do |fields|
   fields.map_headers! {|header| header.is_a?(Symbol) ? header : header.downcase.gsub(/\s/,'_').to_sym }
-  @results = @indy.search(fields.hashes.first)
+  @results = @indy.for(fields.hashes.first)
 end
 
 When /^searching the log for entries like:$/ do |fields|
@@ -34,7 +26,7 @@ When /^searching the log for entries like:$/ do |fields|
 end
 
 When /^searching the log for the exact match of custom field ([^"]+)\s*"([^"]+)"$/ do |field,value|
-  @results = @indy.search(field.strip.gsub(/\s/,'_').to_sym => value)
+  @results = @indy.for(field.strip.gsub(/\s/,'_').to_sym => value)
 end
 
 When /^searching the log for entries in the (\w+ \w+), by (.+)$/ do |portion, method|

data/indy.gemspec

@@ -30,7 +30,7 @@ Gem::Specification.new do |s|
   s.name        = 'indy'
   s.version     = ::Indy::VERSION
   s.authors     = ["Franklin Webber","Brandon Faloona"]
-  s.description = %{ Indy is a log archelogy tool that allows you to search through log files. }
+  s.description = %{ Indy is a log archelogy tool that allows you to interact with log data like an object while you search by fields and/or time.}
   s.summary     = "Log Search Tool"
   s.email       = 'franklin.webber@gmail.com'
   s.homepage    = "http://github.com/burtlo/Indy"
@@ -40,6 +40,13 @@ Gem::Specification.new do |s|
   s.required_ruby_version = '>= 1.8.7'
   s.add_dependency('activesupport', '>= 2.3.5')
 
+  s.add_development_dependency('cucumber', '>= 0.9.2')
+  s.add_development_dependency('rspec', '>= 2.4.0')
+  s.add_development_dependency('rspec-mocks', '>= 2.4.0')
+  s.add_development_dependency('rspec-prof', '>= 0.0.3')
+  s.add_development_dependency('rcov', '>= 0.9.9')
+  s.add_development_dependency('flog', '>= 2.5.0')
+
   changes = Indy.show_version_changes(::Indy::VERSION)
 
   s.post_install_message = %{

data/lib/indy.rb

@@ -2,4 +2,6 @@ $:.unshift(File.dirname(__FILE__)) unless
   $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
 
 require 'indy/indy'
-require 'indy/result_set'
+require 'indy/result_set'
+require 'indy/log_formats'
+require 'indy/patterns'

data/lib/indy/indy.rb

@@ -3,10 +3,10 @@ require 'active_support/core_ext'
 
 class Indy
 
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 
   #
-  # string, file, or command that provides the log
+  # hash with one key (:string, :file, or :cmd) set to the string that defines the log
   #
   attr_accessor :source
 
@@ -21,15 +21,6 @@ class Indy
   #
   attr_accessor :time_format
 
-  DATE_TIME = "\\d{4}.\\d{2}.\\d{2}\s+\\d{2}.\\d{2}.\\d{2}" #"%Y-%m-%d %H:%M:%S"
-  SEVERITY = [:trace,:debug,:info,:warn,:error,:fatal]
-  SEVERITY_PATTERN = "(?:#{SEVERITY.map{|s| s.to_s.upcase}.join("|")})"
-  APPLICATION = "\\w+"
-  MESSAGE = ".+"
-
-  DEFAULT_LOG_PATTERN = "^(#{DATE_TIME})\\s+(#{SEVERITY_PATTERN})\\s+(#{APPLICATION})\\s+-\\s+(#{MESSAGE})$"
-  DEFAULT_LOG_FIELDS = [:time,:severity,:application,:message]
-
   FOREVER_AGO = DateTime.now - 200_000
   FOREVER = DateTime.now + 200_000
 
@@ -47,13 +38,13 @@ class Indy
   #
   def initialize(args)
     @source = @pattern = nil
-    @source_info = Hash.new
+    @source = Hash.new
 
     while (arg = args.shift) do
       send("#{arg.first}=",arg.last)
     end
 
-    @pattern = @pattern || [DEFAULT_LOG_PATTERN,DEFAULT_LOG_FIELDS].flatten
+    @pattern = @pattern || DEFAULT_LOG_PATTERN
     @time_field = ( @pattern[1..-1].include?(:time) ? :time : nil )
 
   end
@@ -86,7 +77,7 @@ class Indy
       if params.respond_to?(:keys) && params[:source]
         Indy.new(params)
       else
-        Indy.new(:source => params, :pattern => [DEFAULT_LOG_PATTERN,DEFAULT_LOG_FIELDS].flatten)
+        Indy.new(:source => params, :pattern => DEFAULT_LOG_PATTERN)
       end
     end
 
@@ -104,10 +95,10 @@ class Indy
   #
   # @example Log formatted as - HH:MM:SS Message
   #
-  #  Indy.search(LOG_FILE).with("^(\\d{2}.\\d{2}.\\d{2})\s*(.+)$",:time,:message)
+  #  Indy.search(LOG_FILE).with(/^(\d{2}.\d{2}.\d{2})\s*(.+)$/,:time,:message)
   #
   def with(pattern_array = :default)
-    @pattern = pattern_array == :default ? [DEFAULT_LOG_PATTERN,DEFAULT_LOG_FIELDS].flatten : pattern_array
+    @pattern = pattern_array == :default ? DEFAULT_LOG_PATTERN : pattern_array
     @time_field = @pattern[1..-1].include?(:time) ? :time : nil
     self
   end
@@ -119,345 +110,311 @@ class Indy
   #        value to compare against the other log messages.  This function also
   #        supports symbol :all to return all messages
   #
-  def search(search_criteria)
+  def for(search_criteria)
     results = ResultSet.new
 
-    case
-    when search_criteria.is_a?(Enumerable)
+    case search_criteria
+    when Enumerable
       results += _search do |result|
         OpenStruct.new(result) if search_criteria.reject {|criteria,value| result[criteria] == value }.empty?
       end
-    when search_criteria == :all
+    when :all
       results += _search {|result| OpenStruct.new(result) }
     end
 
     results
   end
 
-  alias_method :for, :search
 
-  #
-  # Search the source and make a regular expression comparison
-  #
-  # @param [Hash] search_criteria the field to search for as the key and the
-  #        value to compare against the other log messages
-  #
-  # @example For all applications that end with Service
-  #
-  #  Indy.search(LOG_FILE).like(:application => '(.+)Service')
-  #
-  def like(search_criteria)
-    results = ResultSet.new
+    #
+    # Search the source and make a regular expression comparison
+    #
+    # @param [Hash] search_criteria the field to search for as the key and the
+    #        value to compare against the other log messages
+    #
+    # @example For all applications that end with Service
+    #
+    #  Indy.search(LOG_FILE).like(:application => '(.+)Service')
+    #
+    def like(search_criteria)
+      results = ResultSet.new
 
-    results += _search do |result|
-      OpenStruct.new(result) if search_criteria.reject {|criteria,value| result[criteria] =~ /#{value}/ }.empty?
-    end
+      results += _search do |result|
+        OpenStruct.new(result) if search_criteria.reject {|criteria,value| result[criteria] =~ /#{value}/ }.empty?
+      end
 
-    results
-  end
+      results
+    end
 
-  alias_method :matching, :like
+    alias_method :matching, :like
 
 
-  #
-  # After scopes the eventual search to all entries after to this point.
-  #
-  # @param [Hash] scope_criteria the field to scope for as the key and the
-  #        value to compare against the other log messages
-  #
-  # @example For all messages after specified date
-  #
-  #   Indy.search(LOG_FILE).after(:time => time).for(:all)
-  #
-  def after(scope_criteria)
-    if scope_criteria[:time]
-      time = parse_date(scope_criteria[:time])
-      @inclusive = scope_criteria[:inclusive] || false
-
-      if scope_criteria[:span]
-        span = (scope_criteria[:span].to_i * 60).seconds
-        within(:time => [time, time + span])
-      else
-        @start_time = time
+    #
+    # After scopes the eventual search to all entries after to this point.
+    #
+    # @param [Hash] scope_criteria the field to scope for as the key and the
+    #        value to compare against the other log messages
+    #
+    # @example For all messages after specified date
+    #
+    #   Indy.search(LOG_FILE).after(:time => time).for(:all)
+    #
+    def after(scope_criteria)
+      if scope_criteria[:time]
+        time = parse_date(scope_criteria[:time])
+        @inclusive = scope_criteria[:inclusive] || false
+
+        if scope_criteria[:span]
+          span = (scope_criteria[:span].to_i * 60).seconds
+          within(:time => [time, time + span])
+        else
+          @start_time = time
+        end
       end
-    end
 
-    self
-  end
+      self
+    end
 
-  #
-  # Before scopes the eventual search to all entries prior to this point.
-  #
-  # @param [Hash] scope_criteria the field to scope for as the key and the
-  #        value to compare against the other log messages
-  #
-  # @example For all messages before specified date
-  #
-  #   Indy.search(LOG_FILE).before(:time => time).for(:all)
-  #   Indy.search(LOG_FILE).before(:time => time, :span => 10).for(:all)
-  #
-  def before(scope_criteria)
-    if scope_criteria[:time]
-      time = parse_date(scope_criteria[:time])
-      @inclusive = scope_criteria[:inclusive] || false
-
-      if scope_criteria[:span]
-        span = (scope_criteria[:span].to_i * 60).seconds
-        within(:time => [time - span, time], :inclusive => scope_criteria[:inclusive])
-      else
-        @end_time = time
+    #
+    # Before scopes the eventual search to all entries prior to this point.
+    #
+    # @param [Hash] scope_criteria the field to scope for as the key and the
+    #        value to compare against the other log messages
+    #
+    # @example For all messages before specified date
+    #
+    #   Indy.search(LOG_FILE).before(:time => time).for(:all)
+    #   Indy.search(LOG_FILE).before(:time => time, :span => 10).for(:all)
+    #
+    def before(scope_criteria)
+      if scope_criteria[:time]
+        time = parse_date(scope_criteria[:time])
+        @inclusive = scope_criteria[:inclusive] || false
+
+        if scope_criteria[:span]
+          span = (scope_criteria[:span].to_i * 60).seconds
+          within(:time => [time - span, time], :inclusive => scope_criteria[:inclusive])
+        else
+          @end_time = time
+        end
       end
+
+      self
     end
 
-    self
-  end
+    def around(scope_criteria)
+      if scope_criteria[:time]
+        time = parse_date(scope_criteria[:time])
 
-  def around(scope_criteria)
-    if scope_criteria[:time]
-      time = parse_date(scope_criteria[:time])
+        # does @inclusive add any real value to the #around method?
+        @inclusive = scope_criteria[:inclusive] || false
 
-      # does @inclusive add any real value to the #around method?
-      @inclusive = scope_criteria[:inclusive] || false
+        half_span = ((scope_criteria[:span].to_i * 60)/2).seconds rescue 300.seconds
+        within(:time => [time - half_span, time + half_span])
+      end
 
-      half_span = ((scope_criteria[:span].to_i * 60)/2).seconds rescue 300.seconds
-      within(:time => [time - half_span, time + half_span])
+      self
     end
 
-    self
-  end
 
+    #
+    # Within scopes the eventual search to all entries between two points.
+    #
+    # @param [Hash] scope_criteria the field to scope for as the key and the
+    #        value to compare against the other log messages
+    #
+    # @example For all messages within the specified dates
+    #
+    #   Indy.search(LOG_FILE).within(:time => [start_time,stop_time]).for(:all)
+    #
+    def within(scope_criteria)
+      if scope_criteria[:time]
+        @start_time, @end_time = scope_criteria[:time]
+        @inclusive = scope_criteria[:inclusive] || false
+      end
 
-  #
-  # Within scopes the eventual search to all entries between two points.
-  #
-  # @param [Hash] scope_criteria the field to scope for as the key and the
-  #        value to compare against the other log messages
-  #
-  # @example For all messages within the specified dates
-  #
-  #   Indy.search(LOG_FILE).within(:time => [start_time,stop_time]).for(:all)
-  #
-  def within(scope_criteria)
-    if scope_criteria[:time]
-      @start_time, @end_time = scope_criteria[:time]
-      @inclusive = scope_criteria[:inclusive] || false
+      self
     end
 
-    self
-  end
 
+    private
 
-  #
-  # Search the source for the specific severity
-  #
-  # @param [String,Symbol] severity the severity of the log messages to search
-  #        for within the source
-  # @param [Symbol] direction by default search at the severity level, but you
-  #        can specify :equal, :equal_and_above, and :equal_and_below
-  #
-  # @example INFO and more severe
-  #
-  #  Indy.search(LOG_FILE).severity('INFO',:equal_and_above)
-  #
-  # @example Custom Level and Below
-  #
-  #  Indy.search(LOG_FILE).with([CUSTOM_PATTERN,time,severity,message]).severity(:yellow,:equal_and_below,[:green,:yellow,:orange,:red])
-  #  Indy.search(LOG_FILE).with([CUSTOM_PATTERN,time,severity,message]).matching(:severity => '(GREEN|YELLOW)')
-  #
-  def severity(severity,direction = :equal,scale = SEVERITY)
-    severity = severity.to_s.downcase.to_sym
-
-    case direction
-    when :equal
-      severity = [severity]
-    when :equal_and_above
-      severity = scale[scale.index(severity)..-1]
-    when :equal_and_below
-      severity = scale[0..scale.index(severity)]
-    end
+    #
+    # Sets the source for the Indy instance.
+    #
+    # @param [String,Hash] source A filename, or log content as a string. Use a Hash with :cmd key to specify a command string.
+    #
+    # @example
+    #
+    #   source("apache.log")
+    #   source(:cmd => "cat apache.log")
+    #   source("INFO 2000-09-07 MyApp - Entering APPLICATION.\nINFO 2000-09-07 MyApp - Entering APPLICATION.")
+    #
+    def source=(param)
 
-    ResultSet.new + _search {|result| OpenStruct.new(result) if severity.include?(result[:severity].downcase.to_sym) }
+      cmd = param[:cmd] rescue nil
+      @source[:cmd] = param[:cmd] if cmd
 
-  end
+      unless cmd
+        File.exist?(param) ? @source[:file] = param : @source[:string] = param
+      end
 
-  private
+    end
 
-  #
-  # Sets the source for the Indy instance.
-  #
-  # @param [String,Hash] source A filename or string. Use a Hash to specify a command string.
-  #
-  # @example
-  #
-  #   source("apache.log")
-  #   source(:cmd => "cat apache.log")
-  #   source("INFO 2000-09-07 MyApp - Entering APPLICATION.\nINFO 2000-09-07 MyApp - Entering APPLICATION.")
-  #
-  def source=(specified_source)
+    #
+    # Search the @source and yield to the block the line that was found
+    # with @pattern
+    #
+    # This method is supposed to be used internally.
+    #
+    def _search(&block)
+      time_search = use_time_criteria?
+      source_io = open_source
 
-    cmd = specified_source[:cmd] rescue nil
+      results = source_io.each.collect do |line|
 
-    if cmd
-      possible_source = try_as_command(cmd)
-      @source_info[:cmd] = specified_source[:cmd]
-    else
+        hash = parse_line(line, @pattern)
 
-      possible_source = try_as_file(specified_source) unless possible_source
+        if time_search
+          set_time(hash)
+          next unless inside_time_window?(hash)
+        end
+        next unless hash
+
+        block_given? ? block.call(hash) : nil
 
-      if possible_source
-        @source_info[:file] = specified_source
-      else
-        possible_source = StringIO.new(specified_source.to_s)
-        @source_info[:string] = specified_source
       end
+
+      source_io.close if @source[:file] || @source[:cmd]
+
+      results.compact
     end
 
-    @source = possible_source
-  end
 
-  #
-  # Search the specified source and yield to the block the line that was found
-  # with the given log pattern
-  #
-  # This method is supposed to be used internally.
-  # @param [IO] source is a Ruby IO object
-  #
-  def _search(source = @source,pattern_array = @pattern,&block)
+    #
+    # Return a log io object
+    #
+    def open_source
+      begin
 
-    if @start_time || @end_time
-      @start_time = @start_time || FOREVER_AGO
-      @end_time = @end_time || FOREVER
-    end
+        case @source.keys.first # and only
+        when :cmd
+          source_io = exec_command(@source[:cmd])
+          raise "Failed to execute command (#{@source[:cmd]})" if source_io.nil?
 
-    if @source_info[:cmd]
-      actual_source = try_as_command(@source_info[:cmd])
-    else
-      source.rewind
-      actual_source = source.dup
-    end
+        when :file
+          source_io = File.open(@source[:file], 'r')
+          raise "Filed to open file: #{@source[:file]}" if source_io.nil?
 
-    results = actual_source.each.collect do |line|
+        when :string
+          source_io = StringIO.new( @source[:string] )
 
-      hash = parse_line(line, pattern_array)
+        else
+          raise "Unsupported log source: #{@source.inspect}"
+        end
 
-      if @time_field && @start_time
-        set_time(hash)
-        next unless inside_time_window?(hash)
+      rescue Exception => e
+        raise "Unable to open log source. (#{e.message})"
       end
 
-      next unless hash
-
-      block_given? ? block.call(hash) : nil
+      source_io
     end
 
+    #
+    # Return a hash of field=>value pairs for the log line
+    #
+    # @param [String] line The log line
+    # @param [Array] pattern_array The match regexp string, followed by log fields
+    #   see Class method search
+    #
+    def parse_line( line, pattern_array = @pattern)
+      regexp, *fields = pattern_array
 
-    results.compact
-  end
+      if /#{regexp}/.match(line)
+        values = /#{regexp}/.match(line).captures
+        raise "Field mismatch between log pattern and log data. The data is: '#{values.join(':::')}'" unless values.length == fields.length
 
-  #
-  # Return a hash of field=>value pairs for the log line
-  #
-  # @param [String] line The log line
-  # @param [Array] pattern_array The match regexp string, followed by log fields
-  #   see Class method search
-  #
-  def parse_line( line, pattern_array = @pattern)
-    regexp, *fields = pattern_array
+        hash = Hash[ *fields.zip( values ).flatten ]
+        hash[:line] = line.strip
 
-    if /#{regexp}/.match(line)
-      values = /#{regexp}/.match(line).captures
-      raise "Field mismatch between log pattern and log data. The data is: '#{values.join(':::')}'" unless values.length == fields.length
+        hash
+      end
+    end
 
-      hash = Hash[ *fields.zip( values ).flatten ]
-      hash[:line] = line.strip
+    #
+    #  Return true if start or end time has been set, and a :time field exists
+    #
+    def use_time_criteria?
+      if @start_time || @end_time
+        # ensure both boundaries are set
+        @start_time = @start_time || FOREVER_AGO
+        @end_time = @end_time || FOREVER
+      end
 
-      hash
+      return (@time_field && @start_time && @end_time)
     end
-  end
-
-  #
-  # Set the :_time value in the hash
-  #
-  # @param [Hash] hash The log line hash to modify
-  #
-  def set_time(hash)
-    hash[:_time] = parse_date( hash ) if hash
-  end
 
-  #
-  # Evaluate if a log line satisfies the configured time conditions
-  #
-  # @param [Hash] line_hash The log line hash to be evaluated
-  #
-  def inside_time_window?( line_hash )
 
-    if line_hash && line_hash[:_time]
-      if @inclusive
-        true unless line_hash[:_time] > @end_time or line_hash[:_time] < @start_time
-      else
-        true unless line_hash[:_time] >= @end_time or line_hash[:_time] <= @start_time
-      end
+    #
+    # Set the :_time value in the hash
+    #
+    # @param [Hash] hash The log line hash to modify
+    #
+    def set_time(hash)
+      hash[:_time] = parse_date( hash ) if hash
     end
 
-  end
+    #
+    # Evaluate if a log line satisfies the configured time conditions
+    #
+    # @param [Hash] line_hash The log line hash to be evaluated
+    #
+    def inside_time_window?( line_hash )
 
-  #
-  # Return a valid DateTime object for the log line or string
-  #
-  # @param [String, Hash] param The log line hash, or string to be evaluated
-  #
-  def parse_date(param)
-    return nil unless @time_field
-
-    time_string = param[@time_field] ? param[@time_field] : param
-    
-    begin
-      # Attempt the appropriate parse method
-      date = @time_format ? DateTime.strptime(time_string, @time_format) : DateTime.parse(time_string)
-    rescue
-      begin
-        # If appropriate, fall back to simple parse method
-        if @time_format
-          date = DateTime.parse(time_string)
+      if line_hash && line_hash[:_time]
+        if @inclusive
+          true unless line_hash[:_time] > @end_time or line_hash[:_time] < @start_time
         else
-          date = @time_field = nil
+          true unless line_hash[:_time] >= @end_time or line_hash[:_time] <= @start_time
         end
-      rescue ArgumentError
-        date = @time_field = nil
       end
+
     end
-    date
-  end
 
-  #
-  # Try opening the string as a command string, returning an IO object
-  #
-  # @param [String] command_string string of command that will return log contents
-  #
-  def try_as_command(command_string)
+    #
+    # Return a valid DateTime object for the log line or string
+    #
+    # @param [String, Hash] param The log line hash, or string to be evaluated
+    #
+    def parse_date(param)
+      return nil unless @time_field
 
-    begin
-      io = IO.popen(command_string)
-      return nil if io.eof?
-    rescue
-      nil
+      time_string = param[@time_field] ? param[@time_field] : param
+
+      begin
+        # Attempt the appropriate parse method
+        @time_format ? DateTime.strptime(time_string, @time_format) : DateTime.parse(time_string)
+      rescue
+        # If appropriate, fall back to simple parse method
+        DateTime.parse(time_string) if @time_format rescue nil
+      end
     end
-    io
-  end
 
-  #
-  # Try opening the string as a file, returning an File IO Object
-  #
-  # @param [String] filename path to log file
-  #
-  def try_as_file(filename)
+    #
+    # Try opening the string as a command string, returning an IO object
+    #
+    # @param [String] command_string string of command that will return log contents
+    #
+    def exec_command(command_string)
 
-    begin
-      File.open(filename)
-    rescue
-      nil
+      begin
+        io = IO.popen(command_string)
+        return nil if io.eof?
+      rescue
+        nil
+      end
+      io
     end
 
-  end
 
-end
+  end