lstash 0.0.9 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +8 -8
  2. data/CHANGELOG.md +7 -0
  3. data/lib/lstash/cli.rb +6 -3
  4. data/lib/lstash/client.rb +21 -15
  5. data/lib/lstash/query.rb +50 -33
  6. data/lib/lstash/version.rb +1 -1
  7. data/spec/lstash/cli_spec.rb +24 -33
  8. data/spec/lstash/client_spec.rb +24 -17
  9. data/spec/lstash/query_spec.rb +106 -45
  10. metadata +3 -3
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- NTgxYmI5NWQ2ZmE3OGY1NDE0ZGNjN2M1ZGQ2ZWYxNGI5ODY0MGY1NQ==
4
+ N2RmOWQ3YWIxZjRiZTk5MTc3ZTI5MGJlMDEwZTNmNThjMmY3OTJkMg==
5
5
  data.tar.gz: !binary |-
6
- ZTgzZmQ0YTU3MTAwZDA1MWI1MjNmMjM0M2M5NWY1Mjk5NWRmMTM4OA==
6
+ NTUzMzJkZGI4NmEyZDUwZGRkZWI0YTI2OTlhNDU3ODdkNmQwOWM5NA==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- YThlNDM0OTNjZTNhYWI3ODc4MDc5ZjUyOGJhMTBmZTc4YjI3Nzc2YTZiMjFl
10
- ZDk0YTQ3NGNkZDNmMThhN2Y2ODVmOWY5NTliYzQ3MTZmNzc2YzEzZTNmZjU4
11
- YjAzMTMxNzEwZDgzNDdjMTM2ZTRlYjZjNjZmM2VlMzJkMTE0NDY=
9
+ YWJhYjJjM2Y5ZDAzYmE3ODY5ZTYxNTMyNGY4ODZiN2M4MTg3YmI2MDk5YmJm
10
+ NTY0MWJhMzBlOTU2MWUwZWM5NWU3MDllNTk3MTMwNzg3ODlhMjI1ZmNmYTc1
11
+ ZWI3YzBkZTg1YzA3MDg0YWNjNWJjZmQyZDMxMDc1NjY5YTBhMWM=
12
12
  data.tar.gz: !binary |-
13
- N2Y5NWI5ZDdiNGNjOTFhMTJkMjJjMzVmZmExZTQ1NjFhZjMzNGU3MDdjMDFi
14
- ZDE4Y2U5MGUyYzY3NTI5N2MyMDE5MDY2NjVhYWVhZTY2Mzk5YmFmNmVkM2Rm
15
- ZjI2ZmYwOTE5NWMxNmI5YTlmYTdjMjRkY2QxZDRlOWNmMjAzNDU=
13
+ MWUyMzNiMjU3ODM0ZTYzZWM3OGM3OGUyMDM3OGEyMDFiMTE4MjNiOWIzNmU4
14
+ ZDYzMDI0MzlhMGJmMTVhNWQ4OGU5ODcyZjQ4ZDE2NWJkYTVhMGM2NmEzOGQ4
15
+ NjhkOGVhYWEwNjcxZjU5OTMzNjcxMjRiOGIzNmUzODg4OWRiYzE=
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ### 0.1.1 / 2014-10-13
2
+
3
+ Enhancements
4
+
5
+ * Refactor to iterate over hour periods instead of full indices. This improves the performance a lot.
6
+ * Increase timeout to prevent Faraday::TimeoutError exceptions.
7
+
1
8
  ### 0.0.9 / 2014-09-22
2
9
 
3
10
  Enhancements
data/lib/lstash/cli.rb CHANGED
@@ -9,6 +9,8 @@ require 'lstash/client'
9
9
 
10
10
  module Lstash
11
11
 
12
+ TRANSPORT_REQUEST_TIMEOUT = 60.freeze # 1 minute request timeout
13
+
12
14
  class CLI < Thor
13
15
 
14
16
  class_option :from, :banner => 'start of time range', :aliases => '-f', :desc => "date/time, 'now', 'today', 'yesterday', or 'firstday'"
@@ -45,7 +47,7 @@ module Lstash
45
47
  desc "count QUERY", "count number of log messages matching the QUERY"
46
48
  def count(query_string)
47
49
  run_command(query_string) do |es_client, query|
48
- count = Lstash::Client.new(es_client, options).count(query)
50
+ count = Lstash::Client.new(es_client, options).count(query)
49
51
  puts count
50
52
  end
51
53
  end
@@ -55,14 +57,15 @@ module Lstash
55
57
  def run_command(query_string)
56
58
  es_client = ::Elasticsearch::Client.new(
57
59
  url: options[:es_url] || ENV['ES_URL'] || 'localhost',
58
- log: !!ENV['DEBUG']
60
+ log: !!ENV['DEBUG'],
61
+ transport_options: { request: { timeout: TRANSPORT_REQUEST_TIMEOUT } }
59
62
  )
60
63
  query = Lstash::Query.new(query_string, options)
61
64
 
62
65
  yield es_client, query
63
66
 
64
67
  rescue Exception => e
65
- raise Thor::Error.new(e.message)
68
+ options[:debug] ? raise(e) : raise(Thor::Error.new(e.message))
66
69
  end
67
70
 
68
71
  protected
data/lib/lstash/client.rb CHANGED
@@ -13,7 +13,7 @@ module Lstash
13
13
 
14
14
  class ConnectionError < StandardError; end
15
15
 
16
- PER_PAGE = 5000 # best time, lowest resource usage
16
+ PER_PAGE = 5000.freeze # best time, lowest resource usage
17
17
 
18
18
  def initialize(es_client, options = {})
19
19
  raise ConnectionError, "No elasticsearch client specified" if es_client.nil?
@@ -23,24 +23,29 @@ module Lstash
23
23
  end
24
24
 
25
25
  def count(query)
26
- @logger.debug "time range: [%s..%s]" % [query.time_range.from, query.time_range.to]
26
+ @logger.debug "count from=#{query.from} to=#{query.to}"
27
27
 
28
28
  count = 0
29
- query.indices.each do |index|
30
- count += count_messages(index, query)
29
+ query.each_hour do |index, hour_query|
30
+ count += count_messages(index, hour_query)
31
31
  end
32
-
32
+ @logger.debug "total count=#{count}"
33
33
  count
34
34
  end
35
35
 
36
36
  def grep(query)
37
- @logger.debug "time range: [%s..%s]" % [query.time_range.from, query.time_range.to]
37
+ @logger.debug "grep from=#{query.from} to=#{query.to}"
38
38
 
39
- query.indices.each do |index|
40
- grep_messages(index, query) do |message|
39
+ count = 0
40
+ query.each_hour do |index, hour_query|
41
+ grep_messages(index, hour_query) do |message|
42
+ count += 1
41
43
  yield message if block_given?
42
44
  end
43
45
  end
46
+
47
+ @logger.debug "total count=#{count}"
48
+ count
44
49
  end
45
50
 
46
51
  private
@@ -48,9 +53,9 @@ module Lstash
48
53
  def count_messages(index, query)
49
54
  result = Hashie::Mash.new @es_client.send(:count,
50
55
  index: index,
51
- body: query.body[:query]
56
+ body: query.filter
52
57
  )
53
- @logger.debug "count #{index}: #{result['count']} "
58
+ @logger.debug "count index=#{index} from=#{query.from} to=#{query.to} count=#{result['count']}"
54
59
  result['count']
55
60
  end
56
61
 
@@ -61,9 +66,9 @@ module Lstash
61
66
  method = :search
62
67
  while (messages.nil? || messages.count > 0) do
63
68
  result = Hashie::Mash.new @es_client.send(method, {
64
- index: index,
65
- scroll: '10m',
66
- body: query.body.merge(from: offset, size: PER_PAGE),
69
+ index: index,
70
+ scroll: '1m',
71
+ body: query.search(offset, PER_PAGE),
67
72
  }.merge(scroll_params))
68
73
 
69
74
  messages = result.hits.hits
@@ -72,19 +77,20 @@ module Lstash
72
77
  scroll_params = {scroll_id: result._scroll_id}
73
78
 
74
79
  messages.each do |h|
80
+ next if h.fields.nil?
75
81
  yield h.fields.message if block_given?
76
82
  end
77
83
 
78
84
  method = :scroll
79
85
  end
80
- @logger.debug "grep #{index}: #{offset}"
86
+ @logger.debug "grep index=#{index} from=#{query.from} to=#{query.to} count=#{offset}"
81
87
  Hashie::Mash.new @es_client.clear_scroll(scroll_params)
82
88
  end
83
89
 
84
90
  def debug_logger
85
91
  logger = Logger.new(STDERR)
86
92
  logger.formatter = proc do |severity, datetime, progname, msg|
87
- "#{msg}\n"
93
+ "#{datetime} #{msg}\n"
88
94
  end
89
95
  logger
90
96
  end
data/lib/lstash/query.rb CHANGED
@@ -9,11 +9,14 @@ module Lstash
9
9
  class FormatError < StandardError; end
10
10
  class QueryMissing < StandardError; end
11
11
 
12
- LOGSTASH_PREFIX = 'logstash-'
13
- WILDCARD_QUERY = '*'
12
+ LOGSTASH_PREFIX = 'logstash-'.freeze
13
+ WILDCARD_QUERY = '*'.freeze
14
+ HOUR_IN_SECONDS = 3600.freeze
14
15
 
15
- def initialize(query = nil, arguments = {})
16
- @query = query
16
+ attr_accessor :from, :to
17
+
18
+ def initialize(query_string = nil, arguments = {})
19
+ @query_string = query_string
17
20
 
18
21
  @anchor = time_parse(arguments[:anchor], 'today')
19
22
  @from = time_parse(arguments[:from], 'today')
@@ -22,38 +25,51 @@ module Lstash
22
25
  @to = Time.now if @to > Time.now # prevent accessing non-existing times / indices
23
26
  end
24
27
 
25
- def time_range
26
- OpenStruct.new(from: @from, to: @to)
27
- end
28
-
29
- def date_range
30
- (@from.utc.to_date .. @to.utc.to_date)
28
+ def index_name(date)
29
+ "#{LOGSTASH_PREFIX}#{date.strftime('%Y.%m.%d')}"
31
30
  end
32
31
 
33
- def indices
34
- date_range.map { |d| "#{LOGSTASH_PREFIX}#{d.strftime('%Y.%m.%d')}" }
35
- end
36
-
37
- def body
32
+ def search(from, size)
38
33
  {
39
- sort: sort_order,
40
-
34
+ sort: sort_order,
41
35
  fields: %w(message),
36
+ query: filter,
37
+ from: from,
38
+ size: size
39
+ }
40
+ end
42
41
 
43
- # return in order of ascending timestamp
44
- query: {
45
- filtered: {
46
- query: es_query,
47
- filter: es_filter
48
- }
42
+ def filter
43
+ {
44
+ filtered: {
45
+ query: es_query,
46
+ filter: es_filter
49
47
  }
50
48
  }
51
49
  end
52
50
 
51
+ def each_hour(&block)
52
+ # iterate over the whole range in blocks of one hour
53
+ time_iterate(@from.utc, @to.utc - 1, HOUR_IN_SECONDS) do |hour|
54
+ yield index_name(hour.to_date),
55
+ Query.new(@query_string,
56
+ anchor: @anchor,
57
+ from: hour,
58
+ to: hour + HOUR_IN_SECONDS)
59
+ end
60
+ end
61
+
53
62
  private
54
63
 
55
- def time_parse(time_string, default)
56
- time_string = time_string.strip rescue nil
64
+ def time_iterate(start_time, end_time, step, &block)
65
+ begin
66
+ yield(start_time)
67
+ end while (start_time += step) < end_time
68
+ end
69
+
70
+ def time_parse(time_or_string, default)
71
+ return time_or_string if time_or_string.is_a? Time
72
+ time_string = time_or_string.strip rescue nil
57
73
  time_string ||= default
58
74
  case time_string
59
75
  when 'firstday'
@@ -71,13 +87,14 @@ module Lstash
71
87
  raise FormatError, "Invalid time format: #{time_string}"
72
88
  end
73
89
 
74
- def query
75
- q = @query.dup.strip rescue ''
90
+ def query_string
91
+ q = @query_string.dup.strip rescue ''
76
92
  q = WILDCARD_QUERY if q.empty?
77
93
  q
78
94
  end
79
95
 
80
96
  def sort_order
97
+ # return results in order of ascending timestamp
81
98
  [ { '@timestamp' => { order: 'asc' } } ]
82
99
  end
83
100
 
@@ -87,7 +104,7 @@ module Lstash
87
104
  should: [
88
105
  {
89
106
  query_string: {
90
- query: query
107
+ query: query_string
91
108
  }
92
109
  }
93
110
  ]
@@ -101,14 +118,14 @@ module Lstash
101
118
  must: [
102
119
  range: {
103
120
  '@timestamp' => {
104
- from: to_msec(time_range.from),
105
- to: to_msec(time_range.to)
121
+ gte: to_msec(from),
122
+ lt: to_msec(to)
106
123
  }
107
124
  },
108
125
  # fquery: {
109
126
  # query: {
110
127
  # query_string: {
111
- # query: query
128
+ # query: query_string
112
129
  # }
113
130
  # }
114
131
  # }
@@ -117,7 +134,7 @@ module Lstash
117
134
  # fquery: {
118
135
  # query: {
119
136
  # query_string: {
120
- # query: query
137
+ # query: query_string
121
138
  # }
122
139
  # }
123
140
  # }
@@ -126,7 +143,7 @@ module Lstash
126
143
  # fquery: {
127
144
  # query: {
128
145
  # query_string: {
129
- # query: query
146
+ # query: query_string
130
147
  # }
131
148
  # }
132
149
  # }
data/lib/lstash/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Lstash
2
- VERSION = "0.0.9"
2
+ VERSION = "0.1.1"
3
3
  end
data/spec/lstash/cli_spec.rb CHANGED
@@ -9,6 +9,13 @@ end
9
9
 
10
10
  describe Lstash::CLI do
11
11
 
12
+ before(:all) do
13
+ Timecop.freeze('2014-08-01 14:58')
14
+ end
15
+ after(:all) do
16
+ Timecop.return
17
+ end
18
+
12
19
  context "options" do
13
20
  subject { Lstash::CLI.options(args) }
14
21
 
@@ -25,9 +32,12 @@ describe Lstash::CLI do
25
32
  client = double('client')
26
33
 
27
34
  allow(Lstash::Client).to receive(:new).and_return(client)
28
- allow(client).to receive(:count).and_return(100)
35
+ allow(client).to receive(:count).and_return(1000)
29
36
 
30
- expect { Lstash::CLI.start(args) }.not_to raise_error
37
+ expect {
38
+ output = capture_stdout { Lstash::CLI.start(args) }
39
+ expect(output).to eq "1000\n"
40
+ }.not_to raise_error
31
41
  end
32
42
  end
33
43
 
@@ -68,52 +78,33 @@ describe Lstash::CLI do
68
78
  context "with anchor date" do
69
79
  let(:args) { %w(count program:haproxy --from firstday --to today --anchor yesterday) }
70
80
 
71
- it "should succeed" do
72
- Timecop.freeze('2014-08-01 14:58') do
73
- es_client = double('es_client')
81
+ it "should return correct count" do
82
+ es_client = double('es_client')
74
83
 
75
- allow(Elasticsearch::Client).to receive(:new) { es_client }
84
+ allow(Elasticsearch::Client).to receive(:new) { es_client }
76
85
 
77
- expect(es_client).to receive(:count).with(satisfy { |args|
78
- expect_time_range(args, [
79
- Time.parse('2014-07-01').to_i*1000,
80
- Time.parse('2014-08-01').to_i*1000
81
- ])
82
- }).exactly(32).times.and_return({count:1})
86
+ expect(es_client).to receive(:count).exactly(31 * 24).times.and_return(count:100)
83
87
 
84
- Lstash::CLI.start(args)
85
- end
88
+ output = capture_stdout { Lstash::CLI.start(args) }
89
+ expect(output).to match("#{31 * 24 * 100}")
86
90
  end
87
91
  end
88
92
 
89
93
  context "without anchor date" do
90
94
  let(:args) { %w(count program:haproxy --from yesterday --to today) }
91
95
 
92
- it "should succeed" do
93
- Timecop.freeze('2014-08-01 14:58') do
94
- es_client = double('es_client')
96
+ it "should return correct count" do
97
+ es_client = double('es_client')
95
98
 
96
- allow(Elasticsearch::Client).to receive(:new) { es_client }
99
+ allow(Elasticsearch::Client).to receive(:new) { es_client }
97
100
 
98
- expect(es_client).to receive(:count).with(satisfy { |args|
99
- expect_time_range(args, [
100
- Time.parse('2014-07-31').to_i*1000,
101
- Time.parse('2014-08-01').to_i*1000
102
- ])
103
- }).exactly(2).times.and_return({count:1})
101
+ expect(es_client).to receive(:count).exactly(24).times.and_return(count:100)
104
102
 
105
- Lstash::CLI.start(args)
106
- end
103
+ output = capture_stdout { Lstash::CLI.start(args) }
104
+ expect(output).to match("#{24 * 100}")
107
105
  end
108
106
  end
109
107
 
110
108
  end
111
109
 
112
- private
113
-
114
- def expect_time_range(args, time_range)
115
- expect(args[:body][:filtered][:filter][:bool][:must].first[:range]['@timestamp'][:from]).to eq time_range.first
116
- expect(args[:body][:filtered][:filter][:bool][:must].first[:range]['@timestamp'][:to]).to eq time_range.last
117
- end
118
-
119
110
  end
data/spec/lstash/client_spec.rb CHANGED
@@ -12,38 +12,45 @@ describe Lstash::Client do
12
12
 
13
13
  context "with query" do
14
14
 
15
- let(:query) { double('query', time_range: OpenStruct.new) }
16
-
17
15
  context "count" do
18
16
  it "should return number of messages matching query" do
19
- allow(query).to receive(:indices).and_return (['logstash-2014-08-01', 'logstash-2014-08-02'])
20
- allow(query).to receive(:body).and_return ({})
21
17
 
22
- allow(es_client).to receive(:count).and_return({'count' => 100},{'count' => 100})
18
+ query = Lstash::Query.new("*", from: Time.parse("2014-10-10 00:00"), to: Time.parse("2014-10-10 07:00"))
19
+
20
+ allow(es_client).to receive(:count).and_return(
21
+ { 'count' => 100 },
22
+ { 'count' => 200 },
23
+ { 'count' => 300 },
24
+ { 'count' => 400 },
25
+ { 'count' => 500 },
26
+ { 'count' => 600 },
27
+ { 'count' => 700 }
28
+ )
23
29
 
24
- expect(subject.count(query)).to eq 200
30
+ expect(subject.count(query)).to eq 2800
25
31
  end
26
32
  end
27
33
 
28
34
  context "grep" do
29
- let(:query) { double('query', time_range: OpenStruct.new) }
30
-
31
35
  it "should return the messages matching the query" do
32
- allow(query).to receive(:indices).and_return (['logstash-2014-08-01', 'logstash-2014-08-02'])
33
- allow(query).to receive(:body).and_return ({})
34
-
35
- allow(es_client).to receive(:search).and_return(
36
- hits([
37
- 'this is the first log line',
38
- 'this is the second log line'
39
- ])
36
+
37
+ query = Lstash::Query.new("*", from: Time.parse("2014-10-10 00:00"), to: Time.parse("2014-10-10 07:00"))
38
+
39
+ expect(es_client).to receive(:search).and_return(
40
+ hits(%w(1)),
41
+ hits(%w(2 2)),
42
+ hits(%w(3 3 3)),
43
+ hits(%w(4 4 4 4)),
44
+ hits(%w(5 5 5 5 5)),
45
+ hits(%w(6 6 6 6 6 6)),
46
+ hits(%w(7 7 7 7 7 7 7))
40
47
  )
41
48
 
42
49
  allow(es_client).to receive(:scroll).and_return(hits([]))
43
50
 
44
51
  allow(es_client).to receive(:clear_scroll)
45
52
 
46
- subject.grep(query)
53
+ expect(subject.grep(query)).to eq 28
47
54
  end
48
55
  end
49
56
 
data/spec/lstash/query_spec.rb CHANGED
@@ -5,10 +5,10 @@ describe Lstash::Query do
5
5
 
6
6
  context "running on 2014-08-03" do
7
7
  let(:time) { '2014-08-03 15:54:33' }
8
- let(:query) { nil }
8
+ let(:query_string) { nil }
9
9
  let(:options) { {} }
10
10
 
11
- subject { Lstash::Query.new(query, options) }
11
+ subject { Lstash::Query.new(query_string, options) }
12
12
 
13
13
  before { Timecop.freeze(Time.parse(time)) }
14
14
  after { Timecop.return }
@@ -18,110 +18,171 @@ describe Lstash::Query do
18
18
  # expect(subject).not_to be nil
19
19
  # end
20
20
 
21
- its('time_range.from') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
22
- its('time_range.to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
21
+ its('from') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
22
+ its('to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
23
23
 
24
- its(:date_range) { should eq (Date.parse('2014-08-02')..Date.parse('2014-08-03')) }
24
+ # its(:date_range) { should eq (Date.parse('2014-08-02')..Date.parse('2014-08-03')) }
25
25
 
26
- its(:indices) { should eq [ "logstash-2014.08.02", "logstash-2014.08.03" ] }
26
+ # its(:indices) { should eq [ "logstash-2014.08.02", "logstash-2014.08.03" ] }
27
27
 
28
28
  context "with specific query" do
29
- let(:query) { 'program:haproxy' }
30
- its(:query) { should eq query }
29
+ let(:query_string) { 'program:haproxy' }
30
+ its(:query_string) { should eq query_string }
31
31
  end
32
32
 
33
33
  context "without query" do
34
- let(:query) { nil }
35
- its(:query) { should eql '*' }
34
+ let(:query_string) { nil }
35
+ its(:query_string) { should eql '*' }
36
36
  end
37
37
 
38
38
  context "from 'yesterday'" do
39
39
  let(:options) { { from: 'yesterday' }}
40
- its('time_range.from') { should eq Time.parse('2014-08-02 00:00:00.000000000 +0200') }
40
+ its('from') { should eq Time.parse('2014-08-02 00:00:00.000000000 +0200') }
41
41
  end
42
42
 
43
43
  context "from 'today'" do
44
44
  let(:options) { { from: 'today' }}
45
- its('time_range.from') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
45
+ its('from') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
46
46
  end
47
47
 
48
48
  context "from 'now'" do
49
49
  let(:options) { { from: 'now' }}
50
- its('time_range.from') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
50
+ its('from') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
51
51
  end
52
52
 
53
53
  context "to 'yesterday'" do
54
54
  let(:options) { { to: 'yesterday' }}
55
- its('time_range.to') { should eq Time.parse('2014-08-02 00:00:00.000000000 +0200') }
55
+ its('to') { should eq Time.parse('2014-08-02 00:00:00.000000000 +0200') }
56
56
  end
57
57
 
58
58
  context "to 'today'" do
59
59
  let(:options) { { to: 'today' }}
60
- its('time_range.to') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
60
+ its('to') { should eq Time.parse('2014-08-03 00:00:00.000000000 +0200') }
61
61
  end
62
62
 
63
63
  context "to 'now'" do
64
64
  let(:options) { { to: 'now' }}
65
- its('time_range.to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
65
+ its('to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
66
66
  end
67
67
 
68
68
  context "from 'firstday'" do
69
69
 
70
70
  let(:options) { { from: 'firstday' } }
71
- its('time_range.from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
71
+ its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
72
72
 
73
73
  context "anchor 'yesterday'" do
74
74
  let(:anchor) { 'yesterday' }
75
- its('time_range.from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
75
+ its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
76
76
  end
77
77
 
78
78
  context "anchor 'today'" do
79
79
  let(:anchor) { 'today' }
80
- its('time_range.from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
80
+ its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
81
81
  end
82
82
 
83
83
  context "anchor '2014-07-17'" do
84
84
  let(:options) { { from: 'firstday', anchor: '2014-07-17' } }
85
- its('time_range.from') { should eq Time.parse('2014-07-01 00:00:00.000000000 +0200') }
85
+ its('from') { should eq Time.parse('2014-07-01 00:00:00.000000000 +0200') }
86
86
  end
87
87
 
88
88
  context "date range" do
89
89
  let(:options) { { from: 'firstday', anchor: 'yesterday' } }
90
- its(:date_range) { should eq (Date.parse('2014-07-31')..Date.parse('2014-08-03')) }
90
+ its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
91
+ its('to') { should eq Time.parse('2014-08-03 15:54:33.000000000 +0200') }
91
92
  end
92
93
 
93
- context "indices" do
94
- let(:options) { { from: 'firstday', anchor: 'yesterday' } }
95
- its(:indices) {
96
- should eq [
97
- "logstash-2014.07.31",
98
- "logstash-2014.08.01",
99
- "logstash-2014.08.02",
100
- "logstash-2014.08.03",
101
- ]
102
- }
94
+ context "each_hour" do
95
+ let(:options) { { from: 'firstday', anchor: 'yesterday', to: 'today' } }
96
+ it "should iterate over range by hour" do
97
+ indices = []
98
+ queries = []
99
+ subject.each_hour do |index, query|
100
+ indices << index
101
+ queries << query
102
+ end
103
+ expect(indices.count).to eq ((subject.to - subject.from)/3600).round
104
+ expect(indices.uniq).to eq %w(
105
+ logstash-2014.07.31
106
+ logstash-2014.08.01
107
+ logstash-2014.08.02
108
+ )
109
+ expect(queries.map(&:from).map(&:to_s)).to eq ([
110
+ "2014-07-31 22:00:00 UTC",
111
+ "2014-07-31 23:00:00 UTC",
112
+ "2014-08-01 00:00:00 UTC",
113
+ "2014-08-01 01:00:00 UTC",
114
+ "2014-08-01 02:00:00 UTC",
115
+ "2014-08-01 03:00:00 UTC",
116
+ "2014-08-01 04:00:00 UTC",
117
+ "2014-08-01 05:00:00 UTC",
118
+ "2014-08-01 06:00:00 UTC",
119
+ "2014-08-01 07:00:00 UTC",
120
+ "2014-08-01 08:00:00 UTC",
121
+ "2014-08-01 09:00:00 UTC",
122
+ "2014-08-01 10:00:00 UTC",
123
+ "2014-08-01 11:00:00 UTC",
124
+ "2014-08-01 12:00:00 UTC",
125
+ "2014-08-01 13:00:00 UTC",
126
+ "2014-08-01 14:00:00 UTC",
127
+ "2014-08-01 15:00:00 UTC",
128
+ "2014-08-01 16:00:00 UTC",
129
+ "2014-08-01 17:00:00 UTC",
130
+ "2014-08-01 18:00:00 UTC",
131
+ "2014-08-01 19:00:00 UTC",
132
+ "2014-08-01 20:00:00 UTC",
133
+ "2014-08-01 21:00:00 UTC",
134
+ "2014-08-01 22:00:00 UTC",
135
+ "2014-08-01 23:00:00 UTC",
136
+ "2014-08-02 00:00:00 UTC",
137
+ "2014-08-02 01:00:00 UTC",
138
+ "2014-08-02 02:00:00 UTC",
139
+ "2014-08-02 03:00:00 UTC",
140
+ "2014-08-02 04:00:00 UTC",
141
+ "2014-08-02 05:00:00 UTC",
142
+ "2014-08-02 06:00:00 UTC",
143
+ "2014-08-02 07:00:00 UTC",
144
+ "2014-08-02 08:00:00 UTC",
145
+ "2014-08-02 09:00:00 UTC",
146
+ "2014-08-02 10:00:00 UTC",
147
+ "2014-08-02 11:00:00 UTC",
148
+ "2014-08-02 12:00:00 UTC",
149
+ "2014-08-02 13:00:00 UTC",
150
+ "2014-08-02 14:00:00 UTC",
151
+ "2014-08-02 15:00:00 UTC",
152
+ "2014-08-02 16:00:00 UTC",
153
+ "2014-08-02 17:00:00 UTC",
154
+ "2014-08-02 18:00:00 UTC",
155
+ "2014-08-02 19:00:00 UTC",
156
+ "2014-08-02 20:00:00 UTC",
157
+ "2014-08-02 21:00:00 UTC"
158
+ ])
159
+ end
103
160
  end
104
161
 
105
162
  end
106
163
 
107
- context "body" do
108
- its(:body) { should eq ({
109
- :sort => [{"@timestamp"=>{:order=>"asc"}}],
110
- :fields => %w(message),
111
- :query => {:filtered=>{
112
- :query => { :bool => { :should => [ { :query_string => { :query=>"*" }}]}},
113
- :filter=> { :bool => { :must => [ { :range => { "@timestamp" => { :from => 1407016800000, :to => 1407074073000}}}]}}}}
114
- })}
164
+ context "search" do
165
+ it "should produce the correct elasticsearch search request attributes" do
166
+ expect(subject.search(0, 10)).to eq ({
167
+ :sort => [{"@timestamp"=>{:order=>"asc"}}],
168
+ :fields => %w(message),
169
+ :query => {:filtered=>{
170
+ :query => { :bool => { :should => [ { :query_string => { :query=>"*" }}]}},
171
+ :filter=> { :bool => { :must => [ { :range => { "@timestamp" => { :gte => 1407016800000, :lt => 1407074073000}}}]}}}},
172
+ :from => 0,
173
+ :size => 10
174
+ })
175
+ end
115
176
  end
116
177
 
117
178
  end
118
179
 
119
180
  context "running on 2014-08-01" do
120
181
  let(:time) { '2014-08-01 12:53:03' }
121
- let(:query) { nil }
182
+ let(:query_string) { nil }
122
183
  let(:options) { {} }
123
184
 
124
- subject { Lstash::Query.new(query, options) }
185
+ subject { Lstash::Query.new(query_string, options) }
125
186
 
126
187
  before { Timecop.freeze(Time.parse(time)) }
127
188
  after { Timecop.return }
@@ -129,15 +190,15 @@ describe Lstash::Query do
129
190
  context "from 'firstday' with 'yesterday' anchor" do
130
191
  let(:options) { { anchor: 'yesterday', from: 'firstday' } }
131
192
 
132
- its('time_range.from') { should eq Time.parse('2014-07-01 00:00:00.000000000 +0200') }
133
- its('time_range.to') { should eq Time.parse('2014-08-01 12:53:03.000000000 +0200') }
193
+ its('from') { should eq Time.parse('2014-07-01 00:00:00.000000000 +0200') }
194
+ its('to') { should eq Time.parse('2014-08-01 12:53:03.000000000 +0200') }
134
195
  end
135
196
 
136
197
  context "from 'firstday' with default 'today' anchor" do
137
198
  let(:options) { { from: 'firstday', to: 'now' } }
138
199
 
139
- its('time_range.from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
140
- its('time_range.to') { should eq Time.parse('2014-08-01 12:53:03.000000000 +0200') }
200
+ its('from') { should eq Time.parse('2014-08-01 00:00:00.000000000 +0200') }
201
+ its('to') { should eq Time.parse('2014-08-01 12:53:03.000000000 +0200') }
141
202
  end
142
203
 
143
204
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lstash
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.9
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Klaas Jan Wierenga
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-09-22 00:00:00.000000000 Z
11
+ date: 2014-10-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -233,7 +233,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
233
233
  version: '0'
234
234
  requirements: []
235
235
  rubyforge_project:
236
- rubygems_version: 2.4.1
236
+ rubygems_version: 2.4.2
237
237
  signing_key:
238
238
  specification_version: 4
239
239
  summary: The lstash gem allows you to count or grep log messages in a specific time