lstash 0.0.9 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +8 -8
  2. data/CHANGELOG.md +7 -0
  3. data/lib/lstash/cli.rb +6 -3
  4. data/lib/lstash/client.rb +21 -15
  5. data/lib/lstash/query.rb +50 -33
  6. data/lib/lstash/version.rb +1 -1
  7. data/spec/lstash/cli_spec.rb +24 -33
  8. data/spec/lstash/client_spec.rb +24 -17
  9. data/spec/lstash/query_spec.rb +106 -45
  10. metadata +3 -3
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- NTgxYmI5NWQ2ZmE3OGY1NDE0ZGNjN2M1ZGQ2ZWYxNGI5ODY0MGY1NQ==
4
+ N2RmOWQ3YWIxZjRiZTk5MTc3ZTI5MGJlMDEwZTNmNThjMmY3OTJkMg==
5
5
  data.tar.gz: !binary |-
6
- ZTgzZmQ0YTU3MTAwZDA1MWI1MjNmMjM0M2M5NWY1Mjk5NWRmMTM4OA==
6
+ NTUzMzJkZGI4NmEyZDUwZGRkZWI0YTI2OTlhNDU3ODdkNmQwOWM5NA==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- YThlNDM0OTNjZTNhYWI3ODc4MDc5ZjUyOGJhMTBmZTc4YjI3Nzc2YTZiMjFl
10
- ZDk0YTQ3NGNkZDNmMThhN2Y2ODVmOWY5NTliYzQ3MTZmNzc2YzEzZTNmZjU4
11
- YjAzMTMxNzEwZDgzNDdjMTM2ZTRlYjZjNjZmM2VlMzJkMTE0NDY=
9
+ YWJhYjJjM2Y5ZDAzYmE3ODY5ZTYxNTMyNGY4ODZiN2M4MTg3YmI2MDk5YmJm
10
+ NTY0MWJhMzBlOTU2MWUwZWM5NWU3MDllNTk3MTMwNzg3ODlhMjI1ZmNmYTc1
11
+ ZWI3YzBkZTg1YzA3MDg0YWNjNWJjZmQyZDMxMDc1NjY5YTBhMWM=
12
12
  data.tar.gz: !binary |-
13
- N2Y5NWI5ZDdiNGNjOTFhMTJkMjJjMzVmZmExZTQ1NjFhZjMzNGU3MDdjMDFi
14
- ZDE4Y2U5MGUyYzY3NTI5N2MyMDE5MDY2NjVhYWVhZTY2Mzk5YmFmNmVkM2Rm
15
- ZjI2ZmYwOTE5NWMxNmI5YTlmYTdjMjRkY2QxZDRlOWNmMjAzNDU=
13
+ MWUyMzNiMjU3ODM0ZTYzZWM3OGM3OGUyMDM3OGEyMDFiMTE4MjNiOWIzNmU4
14
+ ZDYzMDI0MzlhMGJmMTVhNWQ4OGU5ODcyZjQ4ZDE2NWJkYTVhMGM2NmEzOGQ4
15
+ NjhkOGVhYWEwNjcxZjU5OTMzNjcxMjRiOGIzNmUzODg4OWRiYzE=
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ### 0.1.1 / 2014-10-13
2
+
3
+ Enhancements
4
+
5
+ * Refactor to iterate over hour periods instead of full indices. This improves the performance a lot.
6
+ * Increase timeout to prevent Faraday::TimeoutError exceptions.
7
+
1
8
  ### 0.0.9 / 2014-09-22
2
9
 
3
10
  Enhancements
data/lib/lstash/cli.rb CHANGED
@@ -9,6 +9,8 @@ require 'lstash/client'
9
9
 
10
10
  module Lstash
11
11
 
12
+ TRANSPORT_REQUEST_TIMEOUT = 60.freeze # 1 minute request timeout
13
+
12
14
  class CLI < Thor
13
15
 
14
16
  class_option :from, :banner => 'start of time range', :aliases => '-f', :desc => "date/time, 'now', 'today', 'yesterday', or 'firstday'"
@@ -45,7 +47,7 @@ module Lstash
45
47
  desc "count QUERY", "count number of log messages matching the QUERY"
46
48
  def count(query_string)
47
49
  run_command(query_string) do |es_client, query|
48
- count = Lstash::Client.new(es_client, options).count(query)
50
+ count = Lstash::Client.new(es_client, options).count(query)
49
51
  puts count
50
52
  end
51
53
  end
@@ -55,14 +57,15 @@ module Lstash
55
57
  def run_command(query_string)
56
58
  es_client = ::Elasticsearch::Client.new(
57
59
  url: options[:es_url] || ENV['ES_URL'] || 'localhost',
58
- log: !!ENV['DEBUG']
60
+ log: !!ENV['DEBUG'],
61
+ transport_options: { request: { timeout: TRANSPORT_REQUEST_TIMEOUT } }
59
62
  )
60
63
  query = Lstash::Query.new(query_string, options)
61
64
 
62
65
  yield es_client, query
63
66
 
64
67
  rescue Exception => e
65
- raise Thor::Error.new(e.message)
68
+ options[:debug] ? raise(e) : raise(Thor::Error.new(e.message))
66
69
  end
67
70
 
68
71
  protected
data/lib/lstash/client.rb CHANGED
@@ -13,7 +13,7 @@ module Lstash
13
13
 
14
14
  class ConnectionError < StandardError; end
15
15
 
16
- PER_PAGE = 5000 # best time, lowest resource usage
16
+ PER_PAGE = 5000.freeze # best time, lowest resource usage
17
17
 
18
18
  def initialize(es_client, options = {})
19
19
  raise ConnectionError, "No elasticsearch client specified" if es_client.nil?
@@ -23,24 +23,29 @@ module Lstash
23
23
  end
24
24
 
25
25
  def count(query)
26
- @logger.debug "time range: [%s..%s]" % [query.time_range.from, query.time_range.to]
26
+ @logger.debug "count from=#{query.from} to=#{query.to}"
27
27
 
28
28
  count = 0
29
- query.indices.each do |index|
30
- count += count_messages(index, query)
29
+ query.each_hour do |index, hour_query|
30
+ count += count_messages(index, hour_query)
31
31
  end
32
-
32
+ @logger.debug "total count=#{count}"
33
33
  count
34
34
  end
35
35
 
36
36
  def grep(query)
37
- @logger.debug "time range: [%s..%s]" % [query.time_range.from, query.time_range.to]
37
+ @logger.debug "grep from=#{query.from} to=#{query.to}"
38
38
 
39
- query.indices.each do |index|
40
- grep_messages(index, query) do |message|
39
+ count = 0
40
+ query.each_hour do |index, hour_query|
41
+ grep_messages(index, hour_query) do |message|
42
+ count += 1
41
43
  yield message if block_given?
42
44
  end
43
45
  end
46
+
47
+ @logger.debug "total count=#{count}"
48
+ count
44
49
  end
45
50
 
46
51
  private
@@ -48,9 +53,9 @@ module Lstash
48
53
  def count_messages(index, query)
49
54
  result = Hashie::Mash.new @es_client.send(:count,
50
55
  index: index,
51
- body: query.body[:query]
56
+ body: query.filter
52
57
  )
53
- @logger.debug "count #{index}: #{result['count']} "
58
+ @logger.debug "count index=#{index} from=#{query.from} to=#{query.to} count=#{result['count']}"
54
59
  result['count']
55
60
  end
56
61
 
@@ -61,9 +66,9 @@ module Lstash
61
66
  method = :search
62
67
  while (messages.nil? || messages.count > 0) do
63
68
  result = Hashie::Mash.new @es_client.send(method, {
64
- index: index,
65
- scroll: '10m',
66
- body: query.body.merge(from: offset, size: PER_PAGE),
69
+ index: index,
70
+ scroll: '1m',
71
+ body: query.search(offset, PER_PAGE),
67
72
  }.merge(scroll_params))
68
73
 
69
74
  messages = result.hits.hits
@@ -72,19 +77,20 @@ module Lstash
72
77
  scroll_params = {scroll_id: result._scroll_id}
73
78
 
74
79
  messages.each do |h|
80
+ next if h.fields.nil?
75
81
  yield h.fields.message if block_given?
76
82
  end
77
83
 
78
84
  method = :scroll
79
85
  end
80
- @logger.debug "grep #{index}: #{offset}"
86
+ @logger.debug "grep index=#{index} from=#{query.from} to=#{query.to} count=#{offset}"
81
87
  Hashie::Mash.new @es_client.clear_scroll(scroll_params)
82
88
  end
83
89
 
84
90
  def debug_logger
85
91
  logger = Logger.new(STDERR)
86
92
  logger.formatter = proc do |severity, datetime, progname, msg|
87
- "#{msg}\n"
93
+ "#{datetime} #{msg}\n"
88
94
  end
89
95
  logger
90
96
  end
data/lib/lstash/query.rb CHANGED
@@ -9,11 +9,14 @@ module Lstash
9
9
  class FormatError < StandardError; end
10
10
  class QueryMissing < StandardError; end
11
11
 
12
- LOGSTASH_PREFIX = 'logstash-'
13
- WILDCARD_QUERY = '*'
12
+ LOGSTASH_PREFIX = 'logstash-'.freeze
13
+ WILDCARD_QUERY = '*'.freeze
14
+ HOUR_IN_SECONDS = 3600.freeze
14
15
 
15
- def initialize(query = nil, arguments = {})
16
- @query = query
16
+ attr_accessor :from, :to
17
+
18
+ def initialize(query_string = nil, arguments = {})
19
+ @query_string = query_string
17
20
 
18
21
  @anchor = time_parse(arguments[:anchor], 'today')
19
22
  @from = time_parse(arguments[:from], 'today')
@@ -22,38 +25,51 @@ module Lstash
22
25
  @to = Time.now if @to > Time.now # prevent accessing non-existing times / indices
23
26
  end
24
27
 
25
- def time_range
26
- OpenStruct.new(from: @from, to: @to)
27
- end
28
-
29
- def date_range
30
- (@from.utc.to_date .. @to.utc.to_date)
28
+ def index_name(date)
29
+ "#{LOGSTASH_PREFIX}#{date.strftime('%Y.%m.%d')}"
31
30
  end
32
31
 
33
- def indices
34
- date_range.map { |d| "#{LOGSTASH_PREFIX}#{d.strftime('%Y.%m.%d')}" }
35
- end
36
-
37
- def body
32
+ def search(from, size)
38
33
  {
39
- sort: sort_order,
40
-
34
+ sort: sort_order,
41
35
  fields: %w(message),
36
+ query: filter,
37
+ from: from,
38
+ size: size
39
+ }
40
+ end
42
41
 
43
- # return in order of ascending timestamp
44
- query: {
45
- filtered: {
46
- query: es_query,
47
- filter: es_filter
48
- }
42
+ def filter
43
+ {
44
+ filtered: {
45
+ query: es_query,
46
+ filter: es_filter
49
47
  }
50
48
  }
51
49
  end
52
50
 
51
+ def each_hour(&block)
52
+ # iterate over the whole range in blocks of one hour
53
+ time_iterate(@from.utc, @to.utc - 1, HOUR_IN_SECONDS) do |hour|
54
+ yield index_name(hour.to_date),
55
+ Query.new(@query_string,
56
+ anchor: @anchor,
57
+ from: hour,
58
+ to: hour + HOUR_IN_SECONDS)
59
+ end
60
+ end
61
+
53
62
  private
54
63
 
55
- def time_parse(time_string, default)
56
- time_string = time_string.strip rescue nil
64
+ def time_iterate(start_time, end_time, step, &block)
65
+ begin
66
+ yield(start_time)
67
+ end while (start_time += step) < end_time
68
+ end
69
+
70
+ def time_parse(time_or_string, default)
71
+ return time_or_string if time_or_string.is_a? Time
72
+ time_string = time_or_string.strip rescue nil
57
73
  time_string ||= default
58
74
  case time_string
59
75
  when 'firstday'
@@ -71,13 +87,14 @@ module Lstash
71
87
  raise FormatError, "Invalid time format: #{time_string}"
72
88
  end
73
89
 
74
- def query
75
- q = @query.dup.strip rescue ''
90
+ def query_string
91
+ q = @query_string.dup.strip rescue ''
76
92
  q = WILDCARD_QUERY if q.empty?
77
93
  q
78
94
  end
79
95
 
80
96
  def sort_order
97
+ # return results in order of ascending timestamp
81
98
  [ { '@timestamp' => { order: 'asc' } } ]
82
99
  end
83
100
 
@@ -87,7 +104,7 @@ module Lstash
87
104
  should: [
88
105
  {
89
106
  query_string: {
90
- query: query
107
+ query: query_string
91
108
  }
92
109
  }
93
110
  ]
@@ -101,14 +118,14 @@ module Lstash
101
118
  must: [
102
119
  range: {
103
120
  '@timestamp' => {
104
- from: to_msec(time_range.from),
105
- to: to_msec(time_range.to)
121
+ gte: to_msec(from),
122
+ lt: to_msec(to)
106
123
  }
107
124
  },
108
125
  # fquery: {
109
126
  # query: {
110
127
  # query_string: {
111
- # query: query
128
+ # query: query_string
112
129
  # }
113
130
  # }
114
131
  # }
@@ -117,7 +134,7 @@ module Lstash
117
134
  # fquery: {
118
135
  # query: {
119
136
  # query_string: {
120
- # query: query
137
+ # query: query_string
121
138
  # }
122
139
  # }
123
140
  # }
@@ -126,7 +143,7 @@ module Lstash
126
143
  # fquery: {
127
144
  # query: {
128
145
  # query_string: {
129
- # query: query
146
+ # query: query_string
130
147
  # }
131
148
  # }
132
149
  # }
data/lib/lstash/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Lstash
2
- VERSION = "0.0.9"
2
+ VERSION = "0.1.1"
3
3
  end
data/spec/lstash/cli_spec.rb CHANGED
@@ -9,6 +9,13 @@ end
9
9
 
10
10
  describe Lstash::CLI do
11
11
 
12
+ before(:all) do
13
+ Timecop.freeze('2014-08-01 14:58')
14
+ end
15
+ after(:all) do
16
+ Timecop.return
17
+ end
18
+
12
19
  context "options" do
13
20
  subject { Lstash::CLI.options(args) }
14
21
 
@@ -25,9 +32,12 @@ describe Lstash::CLI do
25
32
  client = double('client')
26
33
 
27
34
  allow(Lstash::Client).to receive(:new).and_return(client)
28
- allow(client).to receive(:count).and_return(100)
35
+ allow(client).to receive(:count).and_return(1000)
29
36
 
30
- expect { Lstash::CLI.start(args) }.not_to raise_error
37
+ expect {
38
+ output = capture_stdout { Lstash::CLI.start(args) }
39
+ expect(output).to eq "1000\n"
40
+ }.not_to raise_error
31
41
  end
32
42
  end
33
43
 
@@ -68,52 +78,33 @@ describe Lstash::CLI do
68
78
  context "with anchor date" do
69
79
  let(:args) { %w(count program:haproxy --from firstday --to today --anchor yesterday) }
70
80
 
71
- it "should succeed" do
72
- Timecop.freeze('2014-08-01 14:58') do
73
- es_client = double('es_client')
81
+ it "should return correct count" do
82
+ es_client = double('es_client')
74
83
 
75
- allow(Elasticsearch::Client).to receive(:new) { es_client }
84
+ allow(Elasticsearch::Client).to receive(:new) { es_client }
76
85
 
77
- expect(es_client).to receive(:count).with(satisfy { |args|
78
- expect_time_range(args, [
79
- Time.parse('2014-07-01').to_i*1000,
80
- Time.parse('2014-08-01').to_i*1000
81
- ])
82
- }).exactly(32).times.and_return({count:1})
86
+ expect(es_client).to receive(:count).exactly(31 * 24).times.and_return(count:100)
83
87
 
84
- Lstash::CLI.start(args)
85
- end
88
+ output = capture_stdout { Lstash::CLI.start(args) }
89
+ expect(output).to match("#{31 * 24 * 100}")
86
90
  end
87
91
  end
88
92
 
89
93
  context "without anchor date" do
90
94
  let(:args) { %w(count program:haproxy --from yesterday --to today) }
91
95
 
92
- it "should succeed" do
93
- Timecop.freeze('2014-08-01 14:58') do
94
- es_client = double('es_client')
96
+ it "should return correct count" do
97
+ es_client = double('es_client')
95
98
 
96
- allow(Elasticsearch::Client).to receive(:new) { es_client }
99
+ allow(Elasticsearch::Client).to receive(:new) { es_client }
97
100
 
98
- expect(es_client).to receive(:count).with(satisfy { |args|
99
- expect_time_range(args, [
100
- Time.parse('2014-07-31').to_i*1000,
101
- Time.parse('2014-08-01').to_i*1000
102
- ])
103
- }).exactly(2).times.and_return({count:1})
101
+ expect(es_client).to receive(:count).exactly(24).times.and_return(count:100)
104
102
 
105
- Lstash::CLI.start(args)
106
- end
103
+ output = capture_stdout { Lstash::CLI.start(args) }
104
+ expect(output).to match("#{24 * 100}")
107
105
  end
108
106
  end
109
107
 
110
108
  end
111
109
 
112
- private
113
-
114
- def expect_time_range(args, time_range)
115
- expect(args[:body][:filtered][:filter][:bool][:must].first[:range]['@timestamp'][:from]).to eq time_range.first
116
- expect(args[:body][:filtered][:filter][:bool][:must].first[:range]['@timestamp'][:to]).to eq time_range.last
117
- end
118
-
119
110
  end
data/spec/lstash/client_spec.rb CHANGED
@@ -12,38 +12,45 @@ describe Lstash::Client do
12
12
 
13
13
  context "with query" do
14
14
 
15
- let(:query) { double('query', time_range: OpenStruct.new) }
16
-
17
15
  context "count" do
18
16
  it "should return number of messages matching query" do
19
- allow(query).to receive(:indices).and_return (['logstash-2014-08-01', 'logstash-2014-08-02'])
20
- allow(query).to receive(:body).and_return ({})
21
17
 
22
- allow(es_client).to receive(:count).and_return({'count' => 100},{'count' => 100})
18
+ query = Lstash::Query.new("*", from: Time.parse("2014-10-10 00:00"), to: Time.parse("2014-10-10 07:00"))
19
+
20
+ allow(es_client).to receive(:count).and_return(
21
+ { 'count' => 100 },
22
+ { 'count' => 200 },
23
+ { 'count' => 300 },
24
+ { 'count' => 400 },
25
+ { 'count' => 500 },
26
+ { 'count' => 600 },
27
+ { 'count' => 700 }
28
+ )
23
29
 
24
- expect(subject.count(query)).to eq 200
30
+ expect(subject.count(query)).to eq 2800
25
31
  end
26
32
  end
27
33
 
28
34
  context "grep" do
29
- let(:query) { double('query', time_range: OpenStruct.new) }
30
-
31
35
  it "should return the messages matching the query" do
32
- allow(query).to receive(:indices).and_return (['logstash-2014-08-01', 'logstash-2014-08-02'])
33
- allow(query).to receive(:body).and_return ({})
34
-
35
- allow(es_client).to receive(:search).and_return(
36
- hits([
37
- 'this is the first log line',
38
- 'this is the second log line'
39
- ])
36
+
37
+ query = Lstash::Query.new("*", from: Time.parse("2014-10-10 00:00"), to: Time.parse("2014-10-10 07:00"))
38
+
39
+ expect(es_client).to receive(:search).and_return(
40
+ hits(%w(1)),
41
+ hits(%w(2 2)),
42
+ hits(%w(3 3 3)),
43
+ hits(%w(4 4 4 4)),
44
+ hits(%w(5 5 5 5 5)),
45
+ hits(%w(6 6 6 6 6 6)),
46
+ hits(%w(7 7 7 7 7 7 7))
40
47
  )
41
48
 
42
49
  allow(es_client).to receive(:scroll).and_return(hits([]))
43
50
 
44
51
  allow(es_client).to receive(:clear_scroll)
45
52
 
46
- subject.grep(query)
53
+ expect(subject.grep(query)).to eq 28
47
54
  end
48
55
  end
49
56
 
data/spec/lstash/query_spec.rb CHANGED
@@ -5,10 +5,10 @@ describe Lstash::Query do
5
5
 
6
6
  context "running on 2014-08-03" do
7
7
  let(:time) { '2014-08-03 15:54:33' }
8
- let(:query) { nil }
8
+ let(:query_string) { nil }
9
9
  let(:options) { {} }
10
10
 
11
- subject { Lstash::Query.new(query, options) }
11
+ subject { Lstash::Query.new(query_string, options) }
12
12
 
13
13
  before { Timecop.freeze(Time.parse(time)) }
14
14
  after { Timecop.return }
@@ -18,110 +18,171 @@ describe Lstash::Query do
18
18
  # expect(subject).not_to be nil
19
19
  # end
20
20
 
21
- its('time_range.from') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
22
- its('time_range.to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
21
+ its('from') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
22
+ its('to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
23
23
 
24
- its(:date_range) { should eq (Date.parse('2014-08-02')..Date.parse('2014-08-03')) }
24
+ # its(:date_range) { should eq (Date.parse('2014-08-02')..Date.parse('2014-08-03')) }
25
25
 
26
- its(:indices) { should eq [ "logstash-2014.08.02", "logstash-2014.08.03" ] }
26
+ # its(:indices) { should eq [ "logstash-2014.08.02", "logstash-2014.08.03" ] }
27
27
 
28
28
  context "with specific query" do
29
- let(:query) { 'program:haproxy' }
30
- its(:query) { should eq query }
29
+ let(:query_string) { 'program:haproxy' }
30
+ its(:query_string) { should eq query_string }
31
31
  end
32
32
 
33
33
  context "without query" do
34
- let(:query) { nil }
35
- its(:query) { should eql '*' }
34
+ let(:query_string) { nil }
35
+ its(:query_string) { should eql '*' }
36
36
  end
37
37
 
38
38
  context "from 'yesterday'" do
39
39
  let(:options) { { from: 'yesterday' }}
40
- its('time_range.from') { should eq Time.parse('2014-08-02 00:00:00.000000000 +0200') }
40
+ its('from') { should eq Time.parse('2014-08-02 00:00:00.000000000 +0200') }
41
41
  end
42
42
 
43
43
  context "from 'today'" do
44
44
  let(:options) { { from: 'today' }}
45
- its('time_range.from') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
45
+ its('from') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
46
46
  end
47
47
 
48
48
  context "from 'now'" do
49
49
  let(:options) { { from: 'now' }}
50
- its('time_range.from') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
50
+ its('from') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
51
51
  end
52
52
 
53
53
  context "to 'yesterday'" do
54
54
  let(:options) { { to: 'yesterday' }}
55
- its('time_range.to') { should eq Time.parse('2014-08-02 00:00:00.000000000 +0200') }
55
+ its('to') { should eq Time.parse('2014-08-02 00:00:00.000000000 +0200') }
56
56
  end
57
57
 
58
58
  context "to 'today'" do
59
59
  let(:options) { { to: 'today' }}
60
- its('time_range.to') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
60
+ its('to') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
61
61
  end
62
62
 
63
63
  context "to 'now'" do
64
64
  let(:options) { { to: 'now' }}
65
- its('time_range.to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
65
+ its('to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
66
66
  end
67
67
 
68
68
  context "from 'firstday'" do
69
69
 
70
70
  let(:options) { { from: 'firstday' } }
71
- its('time_range.from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
71
+ its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
72
72
 
73
73
  context "anchor 'yesterday'" do
74
74
  let(:anchor) { 'yesterday' }
75
- its('time_range.from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
75
+ its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
76
76
  end
77
77
 
78
78
  context "anchor 'today'" do
79
79
  let(:anchor) { 'today' }
80
- its('time_range.from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
80
+ its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
81
81
  end
82
82
 
83
83
  context "anchor '2014-07-17'" do
84
84
  let(:options) { { from: 'firstday', anchor: '2014-07-17' } }
85
- its('time_range.from') { should eq Time.parse('2014-07-01 00:00:00.000000000 +0200') }
85
+ its('from') { should eq Time.parse('2014-07-01 00:00:00.000000000 +0200') }
86
86
  end
87
87
 
88
88
  context "date range" do
89
89
  let(:options) { { from: 'firstday', anchor: 'yesterday' } }
90
- its(:date_range) { should eq (Date.parse('2014-07-31')..Date.parse('2014-08-03')) }
90
+ its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
91
+ its('to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
91
92
  end
92
93
 
93
- context "indices" do
94
- let(:options) { { from: 'firstday', anchor: 'yesterday' } }
95
- its(:indices) {
96
- should eq [
97
- "logstash-2014.07.31",
98
- "logstash-2014.08.01",
99
- "logstash-2014.08.02",
100
- "logstash-2014.08.03",
101
- ]
102
- }
94
+ context "each_hour" do
95
+ let(:options) { { from: 'firstday', anchor: 'yesterday', to: 'today' } }
96
+ it "should iterate over range by hour" do
97
+ indices = []
98
+ queries = []
99
+ subject.each_hour do |index, query|
100
+ indices << index
101
+ queries << query
102
+ end
103
+ expect(indices.count).to eq ((subject.to - subject.from)/3600).round
104
+ expect(indices.uniq).to eq %w(
105
+ logstash-2014.07.31
106
+ logstash-2014.08.01
107
+ logstash-2014.08.02
108
+ )
109
+ expect(queries.map(&:from).map(&:to_s)).to eq ([
110
+ "2014-07-31 22:00:00 UTC",
111
+ "2014-07-31 23:00:00 UTC",
112
+ "2014-08-01 00:00:00 UTC",
113
+ "2014-08-01 01:00:00 UTC",
114
+ "2014-08-01 02:00:00 UTC",
115
+ "2014-08-01 03:00:00 UTC",
116
+ "2014-08-01 04:00:00 UTC",
117
+ "2014-08-01 05:00:00 UTC",
118
+ "2014-08-01 06:00:00 UTC",
119
+ "2014-08-01 07:00:00 UTC",
120
+ "2014-08-01 08:00:00 UTC",
121
+ "2014-08-01 09:00:00 UTC",
122
+ "2014-08-01 10:00:00 UTC",
123
+ "2014-08-01 11:00:00 UTC",
124
+ "2014-08-01 12:00:00 UTC",
125
+ "2014-08-01 13:00:00 UTC",
126
+ "2014-08-01 14:00:00 UTC",
127
+ "2014-08-01 15:00:00 UTC",
128
+ "2014-08-01 16:00:00 UTC",
129
+ "2014-08-01 17:00:00 UTC",
130
+ "2014-08-01 18:00:00 UTC",
131
+ "2014-08-01 19:00:00 UTC",
132
+ "2014-08-01 20:00:00 UTC",
133
+ "2014-08-01 21:00:00 UTC",
134
+ "2014-08-01 22:00:00 UTC",
135
+ "2014-08-01 23:00:00 UTC",
136
+ "2014-08-02 00:00:00 UTC",
137
+ "2014-08-02 01:00:00 UTC",
138
+ "2014-08-02 02:00:00 UTC",
139
+ "2014-08-02 03:00:00 UTC",
140
+ "2014-08-02 04:00:00 UTC",
141
+ "2014-08-02 05:00:00 UTC",
142
+ "2014-08-02 06:00:00 UTC",
143
+ "2014-08-02 07:00:00 UTC",
144
+ "2014-08-02 08:00:00 UTC",
145
+ "2014-08-02 09:00:00 UTC",
146
+ "2014-08-02 10:00:00 UTC",
147
+ "2014-08-02 11:00:00 UTC",
148
+ "2014-08-02 12:00:00 UTC",
149
+ "2014-08-02 13:00:00 UTC",
150
+ "2014-08-02 14:00:00 UTC",
151
+ "2014-08-02 15:00:00 UTC",
152
+ "2014-08-02 16:00:00 UTC",
153
+ "2014-08-02 17:00:00 UTC",
154
+ "2014-08-02 18:00:00 UTC",
155
+ "2014-08-02 19:00:00 UTC",
156
+ "2014-08-02 20:00:00 UTC",
157
+ "2014-08-02 21:00:00 UTC"
158
+ ])
159
+ end
103
160
  end
104
161
 
105
162
  end
106
163
 
107
- context "body" do
108
- its(:body) { should eq ({
109
- :sort => [{"@timestamp"=>{:order=>"asc"}}],
110
- :fields => %w(message),
111
- :query => {:filtered=>{
112
- :query => { :bool => { :should => [ { :query_string => { :query=>"*" }}]}},
113
- :filter=> { :bool => { :must => [ { :range => { "@timestamp" => { :from => 1407016800000, :to => 1407074073000}}}]}}}}
114
- })}
164
+ context "search" do
165
+ it "should produce the correct elasticsearch search request attributes" do
166
+ expect(subject.search(0, 10)).to eq ({
167
+ :sort => [{"@timestamp"=>{:order=>"asc"}}],
168
+ :fields => %w(message),
169
+ :query => {:filtered=>{
170
+ :query => { :bool => { :should => [ { :query_string => { :query=>"*" }}]}},
171
+ :filter=> { :bool => { :must => [ { :range => { "@timestamp" => { :gte => 1407016800000, :lt => 1407074073000}}}]}}}},
172
+ :from => 0,
173
+ :size => 10
174
+ })
175
+ end
115
176
  end
116
177
 
117
178
  end
118
179
 
119
180
  context "running on 2014-08-01" do
120
181
  let(:time) { '2014-08-01 12:53:03' }
121
- let(:query) { nil }
182
+ let(:query_string) { nil }
122
183
  let(:options) { {} }
123
184
 
124
- subject { Lstash::Query.new(query, options) }
185
+ subject { Lstash::Query.new(query_string, options) }
125
186
 
126
187
  before { Timecop.freeze(Time.parse(time)) }
127
188
  after { Timecop.return }
@@ -129,15 +190,15 @@ describe Lstash::Query do
129
190
  context "from 'firstday' with 'yesterday' anchor" do
130
191
  let(:options) { { anchor: 'yesterday', from: 'firstday' } }
131
192
 
132
- its('time_range.from') { should eq Time.parse('2014-07-01 00:00:00.000000000 +0200') }
133
- its('time_range.to') { should eq Time.parse('2014-08-01 12:53:03.000000000 +0200') }
193
+ its('from') { should eq Time.parse('2014-07-01 00:00:00.000000000 +0200') }
194
+ its('to') { should eq Time.parse('2014-08-01 12:53:03.000000000 +0200') }
134
195
  end
135
196
 
136
197
  context "from 'firstday' with default 'today' anchor" do
137
198
  let(:options) { { from: 'firstday', to: 'now' } }
138
199
 
139
- its('time_range.from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
140
- its('time_range.to') { should eq Time.parse('2014-08-01 12:53:03.000000000 +0200') }
200
+ its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
201
+ its('to') { should eq Time.parse('2014-08-01 12:53:03.000000000 +0200') }
141
202
  end
142
203
 
143
204
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lstash
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.9
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Klaas Jan Wierenga
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-09-22 00:00:00.000000000 Z
11
+ date: 2014-10-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -233,7 +233,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
233
233
  version: '0'
234
234
  requirements: []
235
235
  rubyforge_project:
236
- rubygems_version: 2.4.1
236
+ rubygems_version: 2.4.2
237
237
  signing_key:
238
238
  specification_version: 4
239
239
  summary: The lstash gem allows you to count or grep log messages in a specific time