lstash 0.0.9 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/CHANGELOG.md +7 -0
- data/lib/lstash/cli.rb +6 -3
- data/lib/lstash/client.rb +21 -15
- data/lib/lstash/query.rb +50 -33
- data/lib/lstash/version.rb +1 -1
- data/spec/lstash/cli_spec.rb +24 -33
- data/spec/lstash/client_spec.rb +24 -17
- data/spec/lstash/query_spec.rb +106 -45
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
N2RmOWQ3YWIxZjRiZTk5MTc3ZTI5MGJlMDEwZTNmNThjMmY3OTJkMg==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
NTUzMzJkZGI4NmEyZDUwZGRkZWI0YTI2OTlhNDU3ODdkNmQwOWM5NA==
|
7
7
|
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
YWJhYjJjM2Y5ZDAzYmE3ODY5ZTYxNTMyNGY4ODZiN2M4MTg3YmI2MDk5YmJm
|
10
|
+
NTY0MWJhMzBlOTU2MWUwZWM5NWU3MDllNTk3MTMwNzg3ODlhMjI1ZmNmYTc1
|
11
|
+
ZWI3YzBkZTg1YzA3MDg0YWNjNWJjZmQyZDMxMDc1NjY5YTBhMWM=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
MWUyMzNiMjU3ODM0ZTYzZWM3OGM3OGUyMDM3OGEyMDFiMTE4MjNiOWIzNmU4
|
14
|
+
ZDYzMDI0MzlhMGJmMTVhNWQ4OGU5ODcyZjQ4ZDE2NWJkYTVhMGM2NmEzOGQ4
|
15
|
+
NjhkOGVhYWEwNjcxZjU5OTMzNjcxMjRiOGIzNmUzODg4OWRiYzE=
|
data/CHANGELOG.md
CHANGED
data/lib/lstash/cli.rb
CHANGED
@@ -9,6 +9,8 @@ require 'lstash/client'
|
|
9
9
|
|
10
10
|
module Lstash
|
11
11
|
|
12
|
+
TRANSPORT_REQUEST_TIMEOUT = 60.freeze # 1 minute request timeout
|
13
|
+
|
12
14
|
class CLI < Thor
|
13
15
|
|
14
16
|
class_option :from, :banner => 'start of time range', :aliases => '-f', :desc => "date/time, 'now', 'today', 'yesterday', or 'firstday'"
|
@@ -45,7 +47,7 @@ module Lstash
|
|
45
47
|
desc "count QUERY", "count number of log messages matching the QUERY"
|
46
48
|
def count(query_string)
|
47
49
|
run_command(query_string) do |es_client, query|
|
48
|
-
count
|
50
|
+
count = Lstash::Client.new(es_client, options).count(query)
|
49
51
|
puts count
|
50
52
|
end
|
51
53
|
end
|
@@ -55,14 +57,15 @@ module Lstash
|
|
55
57
|
def run_command(query_string)
|
56
58
|
es_client = ::Elasticsearch::Client.new(
|
57
59
|
url: options[:es_url] || ENV['ES_URL'] || 'localhost',
|
58
|
-
log: !!ENV['DEBUG']
|
60
|
+
log: !!ENV['DEBUG'],
|
61
|
+
transport_options: { request: { timeout: TRANSPORT_REQUEST_TIMEOUT } }
|
59
62
|
)
|
60
63
|
query = Lstash::Query.new(query_string, options)
|
61
64
|
|
62
65
|
yield es_client, query
|
63
66
|
|
64
67
|
rescue Exception => e
|
65
|
-
raise Thor::Error.new(e.message)
|
68
|
+
options[:debug] ? raise(e) : raise(Thor::Error.new(e.message))
|
66
69
|
end
|
67
70
|
|
68
71
|
protected
|
data/lib/lstash/client.rb
CHANGED
@@ -13,7 +13,7 @@ module Lstash
|
|
13
13
|
|
14
14
|
class ConnectionError < StandardError; end
|
15
15
|
|
16
|
-
PER_PAGE = 5000 # best time, lowest resource usage
|
16
|
+
PER_PAGE = 5000.freeze # best time, lowest resource usage
|
17
17
|
|
18
18
|
def initialize(es_client, options = {})
|
19
19
|
raise ConnectionError, "No elasticsearch client specified" if es_client.nil?
|
@@ -23,24 +23,29 @@ module Lstash
|
|
23
23
|
end
|
24
24
|
|
25
25
|
def count(query)
|
26
|
-
@logger.debug "
|
26
|
+
@logger.debug "count from=#{query.from} to=#{query.to}"
|
27
27
|
|
28
28
|
count = 0
|
29
|
-
query.
|
30
|
-
count += count_messages(index,
|
29
|
+
query.each_hour do |index, hour_query|
|
30
|
+
count += count_messages(index, hour_query)
|
31
31
|
end
|
32
|
-
|
32
|
+
@logger.debug "total count=#{count}"
|
33
33
|
count
|
34
34
|
end
|
35
35
|
|
36
36
|
def grep(query)
|
37
|
-
@logger.debug "
|
37
|
+
@logger.debug "grep from=#{query.from} to=#{query.to}"
|
38
38
|
|
39
|
-
|
40
|
-
|
39
|
+
count = 0
|
40
|
+
query.each_hour do |index, hour_query|
|
41
|
+
grep_messages(index, hour_query) do |message|
|
42
|
+
count += 1
|
41
43
|
yield message if block_given?
|
42
44
|
end
|
43
45
|
end
|
46
|
+
|
47
|
+
@logger.debug "total count=#{count}"
|
48
|
+
count
|
44
49
|
end
|
45
50
|
|
46
51
|
private
|
@@ -48,9 +53,9 @@ module Lstash
|
|
48
53
|
def count_messages(index, query)
|
49
54
|
result = Hashie::Mash.new @es_client.send(:count,
|
50
55
|
index: index,
|
51
|
-
body: query.
|
56
|
+
body: query.filter
|
52
57
|
)
|
53
|
-
@logger.debug "count
|
58
|
+
@logger.debug "count index=#{index} from=#{query.from} to=#{query.to} count=#{result['count']}"
|
54
59
|
result['count']
|
55
60
|
end
|
56
61
|
|
@@ -61,9 +66,9 @@ module Lstash
|
|
61
66
|
method = :search
|
62
67
|
while (messages.nil? || messages.count > 0) do
|
63
68
|
result = Hashie::Mash.new @es_client.send(method, {
|
64
|
-
index:
|
65
|
-
scroll: '
|
66
|
-
body:
|
69
|
+
index: index,
|
70
|
+
scroll: '1m',
|
71
|
+
body: query.search(offset, PER_PAGE),
|
67
72
|
}.merge(scroll_params))
|
68
73
|
|
69
74
|
messages = result.hits.hits
|
@@ -72,19 +77,20 @@ module Lstash
|
|
72
77
|
scroll_params = {scroll_id: result._scroll_id}
|
73
78
|
|
74
79
|
messages.each do |h|
|
80
|
+
next if h.fields.nil?
|
75
81
|
yield h.fields.message if block_given?
|
76
82
|
end
|
77
83
|
|
78
84
|
method = :scroll
|
79
85
|
end
|
80
|
-
@logger.debug "grep
|
86
|
+
@logger.debug "grep index=#{index} from=#{query.from} to=#{query.to} count=#{offset}"
|
81
87
|
Hashie::Mash.new @es_client.clear_scroll(scroll_params)
|
82
88
|
end
|
83
89
|
|
84
90
|
def debug_logger
|
85
91
|
logger = Logger.new(STDERR)
|
86
92
|
logger.formatter = proc do |severity, datetime, progname, msg|
|
87
|
-
"#{msg}\n"
|
93
|
+
"#{datetime} #{msg}\n"
|
88
94
|
end
|
89
95
|
logger
|
90
96
|
end
|
data/lib/lstash/query.rb
CHANGED
@@ -9,11 +9,14 @@ module Lstash
|
|
9
9
|
class FormatError < StandardError; end
|
10
10
|
class QueryMissing < StandardError; end
|
11
11
|
|
12
|
-
LOGSTASH_PREFIX = 'logstash-'
|
13
|
-
WILDCARD_QUERY
|
12
|
+
LOGSTASH_PREFIX = 'logstash-'.freeze
|
13
|
+
WILDCARD_QUERY = '*'.freeze
|
14
|
+
HOUR_IN_SECONDS = 3600.freeze
|
14
15
|
|
15
|
-
|
16
|
-
|
16
|
+
attr_accessor :from, :to
|
17
|
+
|
18
|
+
def initialize(query_string = nil, arguments = {})
|
19
|
+
@query_string = query_string
|
17
20
|
|
18
21
|
@anchor = time_parse(arguments[:anchor], 'today')
|
19
22
|
@from = time_parse(arguments[:from], 'today')
|
@@ -22,38 +25,51 @@ module Lstash
|
|
22
25
|
@to = Time.now if @to > Time.now # prevent accessing non-existing times / indices
|
23
26
|
end
|
24
27
|
|
25
|
-
def
|
26
|
-
|
27
|
-
end
|
28
|
-
|
29
|
-
def date_range
|
30
|
-
(@from.utc.to_date .. @to.utc.to_date)
|
28
|
+
def index_name(date)
|
29
|
+
"#{LOGSTASH_PREFIX}#{date.strftime('%Y.%m.%d')}"
|
31
30
|
end
|
32
31
|
|
33
|
-
def
|
34
|
-
date_range.map { |d| "#{LOGSTASH_PREFIX}#{d.strftime('%Y.%m.%d')}" }
|
35
|
-
end
|
36
|
-
|
37
|
-
def body
|
32
|
+
def search(from, size)
|
38
33
|
{
|
39
|
-
sort:
|
40
|
-
|
34
|
+
sort: sort_order,
|
41
35
|
fields: %w(message),
|
36
|
+
query: filter,
|
37
|
+
from: from,
|
38
|
+
size: size
|
39
|
+
}
|
40
|
+
end
|
42
41
|
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
}
|
42
|
+
def filter
|
43
|
+
{
|
44
|
+
filtered: {
|
45
|
+
query: es_query,
|
46
|
+
filter: es_filter
|
49
47
|
}
|
50
48
|
}
|
51
49
|
end
|
52
50
|
|
51
|
+
def each_hour(&block)
|
52
|
+
# iterate over the whole range in blocks of one hour
|
53
|
+
time_iterate(@from.utc, @to.utc - 1, HOUR_IN_SECONDS) do |hour|
|
54
|
+
yield index_name(hour.to_date),
|
55
|
+
Query.new(@query_string,
|
56
|
+
anchor: @anchor,
|
57
|
+
from: hour,
|
58
|
+
to: hour + HOUR_IN_SECONDS)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
53
62
|
private
|
54
63
|
|
55
|
-
def
|
56
|
-
|
64
|
+
def time_iterate(start_time, end_time, step, &block)
|
65
|
+
begin
|
66
|
+
yield(start_time)
|
67
|
+
end while (start_time += step) < end_time
|
68
|
+
end
|
69
|
+
|
70
|
+
def time_parse(time_or_string, default)
|
71
|
+
return time_or_string if time_or_string.is_a? Time
|
72
|
+
time_string = time_or_string.strip rescue nil
|
57
73
|
time_string ||= default
|
58
74
|
case time_string
|
59
75
|
when 'firstday'
|
@@ -71,13 +87,14 @@ module Lstash
|
|
71
87
|
raise FormatError, "Invalid time format: #{time_string}"
|
72
88
|
end
|
73
89
|
|
74
|
-
def
|
75
|
-
q = @
|
90
|
+
def query_string
|
91
|
+
q = @query_string.dup.strip rescue ''
|
76
92
|
q = WILDCARD_QUERY if q.empty?
|
77
93
|
q
|
78
94
|
end
|
79
95
|
|
80
96
|
def sort_order
|
97
|
+
# return results in order of ascending timestamp
|
81
98
|
[ { '@timestamp' => { order: 'asc' } } ]
|
82
99
|
end
|
83
100
|
|
@@ -87,7 +104,7 @@ module Lstash
|
|
87
104
|
should: [
|
88
105
|
{
|
89
106
|
query_string: {
|
90
|
-
query:
|
107
|
+
query: query_string
|
91
108
|
}
|
92
109
|
}
|
93
110
|
]
|
@@ -101,14 +118,14 @@ module Lstash
|
|
101
118
|
must: [
|
102
119
|
range: {
|
103
120
|
'@timestamp' => {
|
104
|
-
|
105
|
-
|
121
|
+
gte: to_msec(from),
|
122
|
+
lt: to_msec(to)
|
106
123
|
}
|
107
124
|
},
|
108
125
|
# fquery: {
|
109
126
|
# query: {
|
110
127
|
# query_string: {
|
111
|
-
# query:
|
128
|
+
# query: query_string
|
112
129
|
# }
|
113
130
|
# }
|
114
131
|
# }
|
@@ -117,7 +134,7 @@ module Lstash
|
|
117
134
|
# fquery: {
|
118
135
|
# query: {
|
119
136
|
# query_string: {
|
120
|
-
# query:
|
137
|
+
# query: query_string
|
121
138
|
# }
|
122
139
|
# }
|
123
140
|
# }
|
@@ -126,7 +143,7 @@ module Lstash
|
|
126
143
|
# fquery: {
|
127
144
|
# query: {
|
128
145
|
# query_string: {
|
129
|
-
# query:
|
146
|
+
# query: query_string
|
130
147
|
# }
|
131
148
|
# }
|
132
149
|
# }
|
data/lib/lstash/version.rb
CHANGED
data/spec/lstash/cli_spec.rb
CHANGED
@@ -9,6 +9,13 @@ end
|
|
9
9
|
|
10
10
|
describe Lstash::CLI do
|
11
11
|
|
12
|
+
before(:all) do
|
13
|
+
Timecop.freeze('2014-08-01 14:58')
|
14
|
+
end
|
15
|
+
after(:all) do
|
16
|
+
Timecop.return
|
17
|
+
end
|
18
|
+
|
12
19
|
context "options" do
|
13
20
|
subject { Lstash::CLI.options(args) }
|
14
21
|
|
@@ -25,9 +32,12 @@ describe Lstash::CLI do
|
|
25
32
|
client = double('client')
|
26
33
|
|
27
34
|
allow(Lstash::Client).to receive(:new).and_return(client)
|
28
|
-
allow(client).to receive(:count).and_return(
|
35
|
+
allow(client).to receive(:count).and_return(1000)
|
29
36
|
|
30
|
-
expect {
|
37
|
+
expect {
|
38
|
+
output = capture_stdout { Lstash::CLI.start(args) }
|
39
|
+
expect(output).to eq "1000\n"
|
40
|
+
}.not_to raise_error
|
31
41
|
end
|
32
42
|
end
|
33
43
|
|
@@ -68,52 +78,33 @@ describe Lstash::CLI do
|
|
68
78
|
context "with anchor date" do
|
69
79
|
let(:args) { %w(count program:haproxy --from firstday --to today --anchor yesterday) }
|
70
80
|
|
71
|
-
it "should
|
72
|
-
|
73
|
-
es_client = double('es_client')
|
81
|
+
it "should return correct count" do
|
82
|
+
es_client = double('es_client')
|
74
83
|
|
75
|
-
|
84
|
+
allow(Elasticsearch::Client).to receive(:new) { es_client }
|
76
85
|
|
77
|
-
|
78
|
-
expect_time_range(args, [
|
79
|
-
Time.parse('2014-07-01').to_i*1000,
|
80
|
-
Time.parse('2014-08-01').to_i*1000
|
81
|
-
])
|
82
|
-
}).exactly(32).times.and_return({count:1})
|
86
|
+
expect(es_client).to receive(:count).exactly(31 * 24).times.and_return(count:100)
|
83
87
|
|
84
|
-
|
85
|
-
|
88
|
+
output = capture_stdout { Lstash::CLI.start(args) }
|
89
|
+
expect(output).to match("#{31 * 24 * 100}")
|
86
90
|
end
|
87
91
|
end
|
88
92
|
|
89
93
|
context "without anchor date" do
|
90
94
|
let(:args) { %w(count program:haproxy --from yesterday --to today) }
|
91
95
|
|
92
|
-
it "should
|
93
|
-
|
94
|
-
es_client = double('es_client')
|
96
|
+
it "should return correct count" do
|
97
|
+
es_client = double('es_client')
|
95
98
|
|
96
|
-
|
99
|
+
allow(Elasticsearch::Client).to receive(:new) { es_client }
|
97
100
|
|
98
|
-
|
99
|
-
expect_time_range(args, [
|
100
|
-
Time.parse('2014-07-31').to_i*1000,
|
101
|
-
Time.parse('2014-08-01').to_i*1000
|
102
|
-
])
|
103
|
-
}).exactly(2).times.and_return({count:1})
|
101
|
+
expect(es_client).to receive(:count).exactly(24).times.and_return(count:100)
|
104
102
|
|
105
|
-
|
106
|
-
|
103
|
+
output = capture_stdout { Lstash::CLI.start(args) }
|
104
|
+
expect(output).to match("#{24 * 100}")
|
107
105
|
end
|
108
106
|
end
|
109
107
|
|
110
108
|
end
|
111
109
|
|
112
|
-
private
|
113
|
-
|
114
|
-
def expect_time_range(args, time_range)
|
115
|
-
expect(args[:body][:filtered][:filter][:bool][:must].first[:range]['@timestamp'][:from]).to eq time_range.first
|
116
|
-
expect(args[:body][:filtered][:filter][:bool][:must].first[:range]['@timestamp'][:to]).to eq time_range.last
|
117
|
-
end
|
118
|
-
|
119
110
|
end
|
data/spec/lstash/client_spec.rb
CHANGED
@@ -12,38 +12,45 @@ describe Lstash::Client do
|
|
12
12
|
|
13
13
|
context "with query" do
|
14
14
|
|
15
|
-
let(:query) { double('query', time_range: OpenStruct.new) }
|
16
|
-
|
17
15
|
context "count" do
|
18
16
|
it "should return number of messages matching query" do
|
19
|
-
allow(query).to receive(:indices).and_return (['logstash-2014-08-01', 'logstash-2014-08-02'])
|
20
|
-
allow(query).to receive(:body).and_return ({})
|
21
17
|
|
22
|
-
|
18
|
+
query = Lstash::Query.new("*", from: Time.parse("2014-10-10 00:00"), to: Time.parse("2014-10-10 07:00"))
|
19
|
+
|
20
|
+
allow(es_client).to receive(:count).and_return(
|
21
|
+
{ 'count' => 100 },
|
22
|
+
{ 'count' => 200 },
|
23
|
+
{ 'count' => 300 },
|
24
|
+
{ 'count' => 400 },
|
25
|
+
{ 'count' => 500 },
|
26
|
+
{ 'count' => 600 },
|
27
|
+
{ 'count' => 700 }
|
28
|
+
)
|
23
29
|
|
24
|
-
expect(subject.count(query)).to eq
|
30
|
+
expect(subject.count(query)).to eq 2800
|
25
31
|
end
|
26
32
|
end
|
27
33
|
|
28
34
|
context "grep" do
|
29
|
-
let(:query) { double('query', time_range: OpenStruct.new) }
|
30
|
-
|
31
35
|
it "should return the messages matching the query" do
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
hits(
|
37
|
-
|
38
|
-
|
39
|
-
|
36
|
+
|
37
|
+
query = Lstash::Query.new("*", from: Time.parse("2014-10-10 00:00"), to: Time.parse("2014-10-10 07:00"))
|
38
|
+
|
39
|
+
expect(es_client).to receive(:search).and_return(
|
40
|
+
hits(%w(1)),
|
41
|
+
hits(%w(2 2)),
|
42
|
+
hits(%w(3 3 3)),
|
43
|
+
hits(%w(4 4 4 4)),
|
44
|
+
hits(%w(5 5 5 5 5)),
|
45
|
+
hits(%w(6 6 6 6 6 6)),
|
46
|
+
hits(%w(7 7 7 7 7 7 7))
|
40
47
|
)
|
41
48
|
|
42
49
|
allow(es_client).to receive(:scroll).and_return(hits([]))
|
43
50
|
|
44
51
|
allow(es_client).to receive(:clear_scroll)
|
45
52
|
|
46
|
-
subject.grep(query)
|
53
|
+
expect(subject.grep(query)).to eq 28
|
47
54
|
end
|
48
55
|
end
|
49
56
|
|
data/spec/lstash/query_spec.rb
CHANGED
@@ -5,10 +5,10 @@ describe Lstash::Query do
|
|
5
5
|
|
6
6
|
context "running on 2014-08-03" do
|
7
7
|
let(:time) { '2014-08-03 15:54:33' }
|
8
|
-
let(:
|
8
|
+
let(:query_string) { nil }
|
9
9
|
let(:options) { {} }
|
10
10
|
|
11
|
-
subject { Lstash::Query.new(
|
11
|
+
subject { Lstash::Query.new(query_string, options) }
|
12
12
|
|
13
13
|
before { Timecop.freeze(Time.parse(time)) }
|
14
14
|
after { Timecop.return }
|
@@ -18,110 +18,171 @@ describe Lstash::Query do
|
|
18
18
|
# expect(subject).not_to be nil
|
19
19
|
# end
|
20
20
|
|
21
|
-
its('
|
22
|
-
its('
|
21
|
+
its('from') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
|
22
|
+
its('to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
|
23
23
|
|
24
|
-
its(:date_range) { should eq (Date.parse('2014-08-02')..Date.parse('2014-08-03')) }
|
24
|
+
# its(:date_range) { should eq (Date.parse('2014-08-02')..Date.parse('2014-08-03')) }
|
25
25
|
|
26
|
-
its(:indices) { should eq [ "logstash-2014.08.02", "logstash-2014.08.03" ] }
|
26
|
+
# its(:indices) { should eq [ "logstash-2014.08.02", "logstash-2014.08.03" ] }
|
27
27
|
|
28
28
|
context "with specific query" do
|
29
|
-
let(:
|
30
|
-
its(:
|
29
|
+
let(:query_string) { 'program:haproxy' }
|
30
|
+
its(:query_string) { should eq query_string }
|
31
31
|
end
|
32
32
|
|
33
33
|
context "without query" do
|
34
|
-
let(:
|
35
|
-
its(:
|
34
|
+
let(:query_string) { nil }
|
35
|
+
its(:query_string) { should eql '*' }
|
36
36
|
end
|
37
37
|
|
38
38
|
context "from 'yesterday'" do
|
39
39
|
let(:options) { { from: 'yesterday' }}
|
40
|
-
its('
|
40
|
+
its('from') { should eq Time.parse('2014-08-02 00:00:00.000000000 +0200') }
|
41
41
|
end
|
42
42
|
|
43
43
|
context "from 'today'" do
|
44
44
|
let(:options) { { from: 'today' }}
|
45
|
-
its('
|
45
|
+
its('from') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
|
46
46
|
end
|
47
47
|
|
48
48
|
context "from 'now'" do
|
49
49
|
let(:options) { { from: 'now' }}
|
50
|
-
its('
|
50
|
+
its('from') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
|
51
51
|
end
|
52
52
|
|
53
53
|
context "to 'yesterday'" do
|
54
54
|
let(:options) { { to: 'yesterday' }}
|
55
|
-
its('
|
55
|
+
its('to') { should eq Time.parse('2014-08-02 00:00:00.000000000 +0200') }
|
56
56
|
end
|
57
57
|
|
58
58
|
context "to 'today'" do
|
59
59
|
let(:options) { { to: 'today' }}
|
60
|
-
its('
|
60
|
+
its('to') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
|
61
61
|
end
|
62
62
|
|
63
63
|
context "to 'now'" do
|
64
64
|
let(:options) { { to: 'now' }}
|
65
|
-
its('
|
65
|
+
its('to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
|
66
66
|
end
|
67
67
|
|
68
68
|
context "from 'firstday'" do
|
69
69
|
|
70
70
|
let(:options) { { from: 'firstday' } }
|
71
|
-
its('
|
71
|
+
its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
|
72
72
|
|
73
73
|
context "anchor 'yesterday'" do
|
74
74
|
let(:anchor) { 'yesterday' }
|
75
|
-
its('
|
75
|
+
its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
|
76
76
|
end
|
77
77
|
|
78
78
|
context "anchor 'today'" do
|
79
79
|
let(:anchor) { 'today' }
|
80
|
-
its('
|
80
|
+
its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
|
81
81
|
end
|
82
82
|
|
83
83
|
context "anchor '2014-07-17'" do
|
84
84
|
let(:options) { { from: 'firstday', anchor: '2014-07-17' } }
|
85
|
-
its('
|
85
|
+
its('from') { should eq Time.parse('2014-07-01 00:00:00.000000000 +0200') }
|
86
86
|
end
|
87
87
|
|
88
88
|
context "date range" do
|
89
89
|
let(:options) { { from: 'firstday', anchor: 'yesterday' } }
|
90
|
-
its(
|
90
|
+
its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
|
91
|
+
its('to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
|
91
92
|
end
|
92
93
|
|
93
|
-
context "
|
94
|
-
let(:options) { { from: 'firstday', anchor: 'yesterday' } }
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
94
|
+
context "each_hour" do
|
95
|
+
let(:options) { { from: 'firstday', anchor: 'yesterday', to: 'today' } }
|
96
|
+
it "should iterate over range by hour" do
|
97
|
+
indices = []
|
98
|
+
queries = []
|
99
|
+
subject.each_hour do |index, query|
|
100
|
+
indices << index
|
101
|
+
queries << query
|
102
|
+
end
|
103
|
+
expect(indices.count).to eq ((subject.to - subject.from)/3600).round
|
104
|
+
expect(indices.uniq).to eq %w(
|
105
|
+
logstash-2014.07.31
|
106
|
+
logstash-2014.08.01
|
107
|
+
logstash-2014.08.02
|
108
|
+
)
|
109
|
+
expect(queries.map(&:from).map(&:to_s)).to eq ([
|
110
|
+
"2014-07-31 22:00:00 UTC",
|
111
|
+
"2014-07-31 23:00:00 UTC",
|
112
|
+
"2014-08-01 00:00:00 UTC",
|
113
|
+
"2014-08-01 01:00:00 UTC",
|
114
|
+
"2014-08-01 02:00:00 UTC",
|
115
|
+
"2014-08-01 03:00:00 UTC",
|
116
|
+
"2014-08-01 04:00:00 UTC",
|
117
|
+
"2014-08-01 05:00:00 UTC",
|
118
|
+
"2014-08-01 06:00:00 UTC",
|
119
|
+
"2014-08-01 07:00:00 UTC",
|
120
|
+
"2014-08-01 08:00:00 UTC",
|
121
|
+
"2014-08-01 09:00:00 UTC",
|
122
|
+
"2014-08-01 10:00:00 UTC",
|
123
|
+
"2014-08-01 11:00:00 UTC",
|
124
|
+
"2014-08-01 12:00:00 UTC",
|
125
|
+
"2014-08-01 13:00:00 UTC",
|
126
|
+
"2014-08-01 14:00:00 UTC",
|
127
|
+
"2014-08-01 15:00:00 UTC",
|
128
|
+
"2014-08-01 16:00:00 UTC",
|
129
|
+
"2014-08-01 17:00:00 UTC",
|
130
|
+
"2014-08-01 18:00:00 UTC",
|
131
|
+
"2014-08-01 19:00:00 UTC",
|
132
|
+
"2014-08-01 20:00:00 UTC",
|
133
|
+
"2014-08-01 21:00:00 UTC",
|
134
|
+
"2014-08-01 22:00:00 UTC",
|
135
|
+
"2014-08-01 23:00:00 UTC",
|
136
|
+
"2014-08-02 00:00:00 UTC",
|
137
|
+
"2014-08-02 01:00:00 UTC",
|
138
|
+
"2014-08-02 02:00:00 UTC",
|
139
|
+
"2014-08-02 03:00:00 UTC",
|
140
|
+
"2014-08-02 04:00:00 UTC",
|
141
|
+
"2014-08-02 05:00:00 UTC",
|
142
|
+
"2014-08-02 06:00:00 UTC",
|
143
|
+
"2014-08-02 07:00:00 UTC",
|
144
|
+
"2014-08-02 08:00:00 UTC",
|
145
|
+
"2014-08-02 09:00:00 UTC",
|
146
|
+
"2014-08-02 10:00:00 UTC",
|
147
|
+
"2014-08-02 11:00:00 UTC",
|
148
|
+
"2014-08-02 12:00:00 UTC",
|
149
|
+
"2014-08-02 13:00:00 UTC",
|
150
|
+
"2014-08-02 14:00:00 UTC",
|
151
|
+
"2014-08-02 15:00:00 UTC",
|
152
|
+
"2014-08-02 16:00:00 UTC",
|
153
|
+
"2014-08-02 17:00:00 UTC",
|
154
|
+
"2014-08-02 18:00:00 UTC",
|
155
|
+
"2014-08-02 19:00:00 UTC",
|
156
|
+
"2014-08-02 20:00:00 UTC",
|
157
|
+
"2014-08-02 21:00:00 UTC"
|
158
|
+
])
|
159
|
+
end
|
103
160
|
end
|
104
161
|
|
105
162
|
end
|
106
163
|
|
107
|
-
context "
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
:query => {
|
113
|
-
|
114
|
-
|
164
|
+
context "search" do
|
165
|
+
it "should produce the correct elasticsearch search request attributes" do
|
166
|
+
expect(subject.search(0, 10)).to eq ({
|
167
|
+
:sort => [{"@timestamp"=>{:order=>"asc"}}],
|
168
|
+
:fields => %w(message),
|
169
|
+
:query => {:filtered=>{
|
170
|
+
:query => { :bool => { :should => [ { :query_string => { :query=>"*" }}]}},
|
171
|
+
:filter=> { :bool => { :must => [ { :range => { "@timestamp" => { :gte => 1407016800000, :lt => 1407074073000}}}]}}}},
|
172
|
+
:from => 0,
|
173
|
+
:size => 10
|
174
|
+
})
|
175
|
+
end
|
115
176
|
end
|
116
177
|
|
117
178
|
end
|
118
179
|
|
119
180
|
context "running on 2014-08-01" do
|
120
181
|
let(:time) { '2014-08-01 12:53:03' }
|
121
|
-
let(:
|
182
|
+
let(:query_string) { nil }
|
122
183
|
let(:options) { {} }
|
123
184
|
|
124
|
-
subject { Lstash::Query.new(
|
185
|
+
subject { Lstash::Query.new(query_string, options) }
|
125
186
|
|
126
187
|
before { Timecop.freeze(Time.parse(time)) }
|
127
188
|
after { Timecop.return }
|
@@ -129,15 +190,15 @@ describe Lstash::Query do
|
|
129
190
|
context "from 'firstday' with 'yesterday' anchor" do
|
130
191
|
let(:options) { { anchor: 'yesterday', from: 'firstday' } }
|
131
192
|
|
132
|
-
its('
|
133
|
-
its('
|
193
|
+
its('from') { should eq Time.parse('2014-07-01 00:00:00.000000000 +0200') }
|
194
|
+
its('to') { should eq Time.parse('2014-08-01 12:53:03.000000000 +0200') }
|
134
195
|
end
|
135
196
|
|
136
197
|
context "from 'firstday' with default 'today' anchor" do
|
137
198
|
let(:options) { { from: 'firstday', to: 'now' } }
|
138
199
|
|
139
|
-
its('
|
140
|
-
its('
|
200
|
+
its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
|
201
|
+
its('to') { should eq Time.parse('2014-08-01 12:53:03.000000000 +0200') }
|
141
202
|
end
|
142
203
|
|
143
204
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lstash
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Klaas Jan Wierenga
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-10-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -233,7 +233,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
233
233
|
version: '0'
|
234
234
|
requirements: []
|
235
235
|
rubyforge_project:
|
236
|
-
rubygems_version: 2.4.
|
236
|
+
rubygems_version: 2.4.2
|
237
237
|
signing_key:
|
238
238
|
specification_version: 4
|
239
239
|
summary: The lstash gem allows you to count or grep log messages in a specific time
|