lstash 0.2.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0f41d0f4233ebb92ad410bbc04a55f8b39d7205e576283677ca2de977c24aea5
-  data.tar.gz: f038956a733448fa7902e9e9c8aaed5a893881ec3154fa39a936c467a58e8e00
+  metadata.gz: b595d887abdc37f07322ccb509d627d477b6e4897bc7768c512ba55f45ab4029
+  data.tar.gz: 814170a66956839f128b52a31bc56d99578d434a73e1194c0fa45ecd686f9b40
 SHA512:
-  metadata.gz: d0a803e99283cf78ccceb1f24ab266cb2ac6b650574c9272f2a13a760a9ea021a3c7be54de3e6c68c5ffa9b9ec22a1afc5aa262502c2a45f98b8aaf1eced27a2
-  data.tar.gz: 68209058f27b409c9d2804431cbf7e7426445e084854a26c49640aaf7b5a466f7019804458338bf73fb14ccebf1c7302bc4014fa7abe48c9501900fa2ab475d7
+  metadata.gz: 308cb925f02b6dc9ae7c67ca9ac3099615c72b82254e3d9dfd8d0fad33d2b1aa2ead526b35023cf4a20c9497960010ea84cadd50d12d8664813fd7a5f96bb06c
+  data.tar.gz: 6e3b63eb59aa2c45bd5b1de469dc79c84bfbed514f2ec4a6b4c12bf92475d1c37daae6a07ef900c6c286fe4ac5ef2e8c0efc8898f88efa11ce5c7d16e47dcd73

data/.devcontainer/Aptfile

@@ -0,0 +1,6 @@
+# development only package dependencies
+build-essential
+curl
+jq
+git
+vim

data/.devcontainer/Dockerfile

@@ -0,0 +1,44 @@
+ARG RUBY_VERSION=2.4.6
+ARG BUNDLER_VERSION=1.17.3
+ARG DISTRO_NAME=buster
+
+FROM ruby:$RUBY_VERSION-slim-$DISTRO_NAME
+
+LABEL maintainer="k.j.wierenga@kerkdienstgemist.nl"
+
+# Install dependencies specified in Aptfile
+COPY Aptfile /tmp/
+RUN  apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get -yq dist-upgrade \
+  && mkdir -p /usr/share/man/man1 /usr/share/man/man7 \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends \
+    $(grep -Evh '^\s*#' /tmp/Aptfile /tmp/Aptfile.dev | xargs) \
+  && apt-get autoremove -y \
+  && apt-get clean \
+  && rm -rf /var/cache/apt/archives/* \
+  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+  && truncate -s 0 /var/log/*log
+
+# Configure bundler
+# ENV LANG=C.UTF-8 \
+#   BUNDLE_JOBS=4 \
+#   BUNDLE_RETRY=3 \
+#   TZ=Europe/Amsterdam
+
+# Store Bundler settings in the project's root
+# ENV BUNDLE_APP_CONFIG=.bundle
+
+# Uncomment this line if you want to run binstubs without prefixing with `bin/` or `bundle exec`
+# ENV PATH /gem/bin:$PATH
+
+# Upgrade RubyGems and install the latest Bundler version
+ARG BUNDLER_VERSION
+# gem update --system &&
+RUN gem install bundler:$BUNDLER_VERSION
+
+ENV TZ="Europe/Amsterdam"
+
+# Configure the main working directory. This is the base
+# directory used in any further RUN, COPY, and ENTRYPOINT commands.
+ENV WORKDIR /gem
+RUN mkdir -p $WORKDIR
+WORKDIR $WORKDIR

data/.devcontainer/devcontainer.json

@@ -0,0 +1,36 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+// https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/docker-existing-docker-compose
+// If you want to run as a non-root user in the container, see .devcontainer/docker-compose.yml.
+{
+  "name": "lstash",
+
+  // Update the 'dockerComposeFile' list if you have more compose files or use different names.
+  // The .devcontainer/docker-compose.yml file contains any overrides you need/want to make.
+  "dockerComposeFile": [
+    "../docker-compose.yml"
+    // "../docker-compose.override.yml"
+  ],
+
+  // The 'service' property is the name of the service for the container that VS Code should
+  // use. Update this value and .devcontainer/docker-compose.yml to the real service name.
+  "service": "runner",
+
+  // The optional 'workspaceFolder' property is the path VS Code should open by default when
+  // connected. This is typically a file mount in .devcontainer/docker-compose.yml
+  "workspaceFolder": "/gem"
+
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  // "forwardPorts": [],
+
+  // Uncomment the next line if you want start specific services in your Docker Compose config.
+  // "runServices": [],
+
+  // Uncomment the next line if you want to keep your containers running after VS Code shuts down.
+  // "shutdownAction": "none",
+
+  // Uncomment the next line to run commands after the container is created - for example installing curl.
+  // "postCreateCommand": "apt-get update && apt-get install -y curl",
+
+  // Uncomment to connect as a non-root user if you've added one. See https://aka.ms/vscode-remote/containers/non-root.
+  // "remoteUser": "vscode"
+}

data/.github/workflows/test.yml

@@ -0,0 +1,67 @@
+name: Run tests
+on: [push]
+
+jobs:
+  # This job uses buildx layer caching
+  # See https://evilmartians.com/chronicles/build-images-on-github-actions-with-docker-layer-caching#the-cache-dance-off
+  test:
+    runs-on: ubuntu-latest
+    env:
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          install: true # needed to ensure docker compose uses the build cache too
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-single-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-single-buildx
+
+      - name: Build runner image
+        uses: docker/build-push-action@v2
+        with:
+          context: .devcontainer
+          builder: ${{ steps.buildx.outputs.name }}
+          push: false # This would be set to true in a real world deployment scenario.
+          load: true # Needed to ensure image is used in the "Run tests" step
+          tags: lstash_runner
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - name: Run tests
+        id: test
+        env:
+          DOCKER_BUILDKIT: 1
+          COMPOSE_DOCKER_CLI_BUILD: 1
+        run: |
+          docker compose run runner bundle install
+          docker compose run runner bundle exec rspec
+
+      # Temp fix
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      # Notify via Slack when workflow is not successful
+      - uses: act10ns/slack@v1
+        with:
+          status: ${{ job.status }}
+          steps: ${{ toJson(steps) }}
+        if: always() # ${{ !success() }}
+
+# cancel in progress workflows for the same github ref (e.g. branch)
+concurrency:
+  group: ci-tests-${{ github.ref }}-1
+  cancel-in-progress: true

data/CHANGELOG.md

@@ -1,8 +1,27 @@
+## Release 1.0.0
+
+* BREAKING CHANGE: default options changed
+  * Default --from today changed to --from yesterday
+  * Default --to now changed to --to today
+  * This ensures that by default lstash counts or greps in yesterdays logging.
+* Fixed bug which caused empty range (e.g. --from today --to today) to incorrectly return non-zero count and logging.
+* Upgrade elasticsearch gem from version ~> 0.4 to ~> 7.17.7.
+* Update queries and field selectors to be compatible with Elasticsearch version 7.
+* Increase scroll step size for grep from 2 minutes to 1 hour (current Elasticsearch can handle it).
+* Add --wildcard / --no-wildcard option to use logstash-* wildcard instead of iterating over indices directly.
+  * For the count command --wildcard is faster so that's the default for count.
+  * For the grep command --no-wildcard is faster so that's the default for grep.
+* Dockerize development and add GitHub action for testing.
+* Moved repo from kdgm/lstash to kdgm/lstash.
+* Rubocop fixes
+
 ## Release 0.2.0
+
 Merge branch 'feature/fix/hashie-warnings' into develop
-- [fix] pin faraday to a compatible version
-- [enh] upgrade to ruby 2.4(.6)
-- [fix] suppress Hashie warnings; it would generate a warning for each log line (on stdout) leading to very large output
+
+* [fix] pin faraday to a compatible version
+* [enh] upgrade to ruby 2.4(.6)
+* [fix] suppress Hashie warnings; it would generate a warning for each log line (on stdout) leading to very large output
 
 ### 0.1.4 / 2015-05-29
 

data/README.md

@@ -1,6 +1,6 @@
 # lstash
 
-[![Build Status](https://travis-ci.org/kjwierenga/lstash.svg?branch=master)](https://travis-ci.org/kjwierenga/lstash)
+[![Run tests](https://github.com/kdgm/lstash/actions/workflows/test.yml/badge.svg)](https://github.com/kdgm/lstash/actions/workflows/test.yml)
 
 Lstash is a gem and command line utility to count or grep log messages in a certain time frame from a Logstash Elasticsearch server.
 
@@ -8,48 +8,48 @@ Lstash is a gem and command line utility to count or grep log messages in a cert
 
 Or install it yourself as:
 
-    $ gem install lstash
+    gem install lstash
 
 ## Running lstash from the command line
 
-	$ lstash
-	Commands:
-	  lstash count QUERY     # count number of log messages matching the QUERY
-	  lstash grep QUERY      # grep log messages from Logstash
-	  lstash help [COMMAND]  # Describe available commands or one specific command
+    $ lstash
+    Commands:
+      lstash count QUERY     # count number of log messages matching the QUERY
+      lstash grep QUERY      # grep log messages from Logstash
+      lstash help [COMMAND]  # Describe available commands or one specific command
 
 ## The `count` command
 
-	Usage:
-	  lstash count QUERY
+    Usage:
+      lstash count QUERY
 
-	Description:
-	  Count log messages matching the QUERY from Logstash and output this count to stdout. QUERY can use Apache Lucene query
-	  parser syntax.
+     Description:
+       Count log messages matching the QUERY from Logstash and output this count to stdout. QUERY can use Apache Lucene query
+       parser syntax.
 
-	  Example to count the number of HAProxy log messages in yesterdays month.
+       Example to count the number of HAProxy log messages in yesterdays month.
 
-	  lstash count 'program:haproxy' --from firstday --to today --anchor yesterday
+       lstash count 'program:haproxy' --from firstday --to today --anchor yesterday
 
 ## The `grep` command
 
-	Usage:
-	  lstash grep QUERY
+    Usage:
+      lstash grep QUERY
 
-	Description:
-	  Grep log messages matching the QUERY from Logstash in ascending timestamp order and output to stdout. QUERY can use Apache Lucene query parser syntax.
+    Description:
+      Grep log messages matching the QUERY from Logstash in ascending timestamp order and output to stdout. QUERY can use Apache    Lucene query parser syntax.
 
-	  Example to grep HAProxy log messages from the beginning of this month upto now
+      Example to grep HAProxy log messages from the beginning of this month upto now
 
-	  lstash grep 'program:haproxy' --from firstday --to now
+      lstash grep 'program:haproxy' --from firstday --to now
 
 ## Command line options
 
-	Options:
-	  -f, [--from=start of time range]                    # date/time, 'now', 'today', 'yesterday', or 'firstday'
-	  -t, [--to=end of time range]                        # date/time, 'now', 'today', 'yesterday', or 'firstday'
-	  -a, [--anchor=anchor date/time]                     # used as reference date for firstday
-	  -e, [--es-url=Elasticsearch endpoint for Logstash]  # or ES_URL environment variable
+    Options:
+      -f, [--from=start of time range]                    # date/time, 'now', 'today', 'yesterday', or 'firstday'
+      -t, [--to=end of time range]                        # date/time, 'now', 'today', 'yesterday', or 'firstday'
+      -a, [--anchor=anchor date/time]                     # used as reference date for firstday
+      -e, [--es-url=Elasticsearch endpoint for Logstash]  # or ES_URL environment variable
 
 All times will be relative to the timezone of the machine on which you are running lstash.
 
@@ -66,7 +66,7 @@ Example
 
 Or
 
-	lstash count program:haproxy --es-url log.mydomain.com
+    lstash count program:haproxy --es-url log.mydomain.com
 
 ## Examples
 
@@ -80,41 +80,41 @@ Grep all haproxy log messages using for one day (Aug 24 1 0:00 am upto and inclu
 
 Assuming today is Sep 1 2014. Count all haproxy log messages in the previous month.
 
-	lstash count program:haproxy --anchor yesterday --from firstday --to today -d
-	time range: [2014-08-01 00:00:00 +0200..2014-09-01 00:00:00 +0200]
-	logstash-2014.07.31: 1
-	logstash-2014.08.01: 13
-	logstash-2014.08.02: 14
-	logstash-2014.08.03: 1654
-	logstash-2014.08.04: 6
-	logstash-2014.08.05: 20
-	logstash-2014.08.06: 219
-	logstash-2014.08.07: 32
-	logstash-2014.08.08: 14
-	logstash-2014.08.09: 28
-	logstash-2014.08.10: 799
-	logstash-2014.08.11: 18
-	logstash-2014.08.12: 8
-	logstash-2014.08.13: 23
-	logstash-2014.08.14: 25
-	logstash-2014.08.15: 69
-	logstash-2014.08.16: 19
-	logstash-2014.08.17: 1160
-	logstash-2014.08.18: 284
-	logstash-2014.08.19: 61
-	logstash-2014.08.20: 26
-	logstash-2014.08.21: 16
-	logstash-2014.08.22: 145
-	logstash-2014.08.23: 72
-	logstash-2014.08.24: 792
-	logstash-2014.08.25: 31
-	logstash-2014.08.26: 33
-	logstash-2014.08.27: 51
-	logstash-2014.08.28: 8
-	logstash-2014.08.29: 23
-	logstash-2014.08.30: 25
-	logstash-2014.08.31: 69
-	5633
+    lstash count program:haproxy --anchor yesterday --from firstday --to today -d
+    time range: [2014-08-01 00:00:00 +0200..2014-09-01 00:00:00 +0200]
+    logstash-2014.07.31: 1
+    logstash-2014.08.01: 13
+    logstash-2014.08.02: 14
+    logstash-2014.08.03: 1654
+    logstash-2014.08.04: 6
+    logstash-2014.08.05: 20
+    logstash-2014.08.06: 219
+    logstash-2014.08.07: 32
+    logstash-2014.08.08: 14
+    logstash-2014.08.09: 28
+    logstash-2014.08.10: 799
+    logstash-2014.08.11: 18
+    logstash-2014.08.12: 8
+    logstash-2014.08.13: 23
+    logstash-2014.08.14: 25
+    logstash-2014.08.15: 69
+    logstash-2014.08.16: 19
+    logstash-2014.08.17: 1160
+    logstash-2014.08.18: 284
+    logstash-2014.08.19: 61
+    logstash-2014.08.20: 26
+    logstash-2014.08.21: 16
+    logstash-2014.08.22: 145
+    logstash-2014.08.23: 72
+    logstash-2014.08.24: 792
+    logstash-2014.08.25: 31
+    logstash-2014.08.26: 33
+    logstash-2014.08.27: 51
+    logstash-2014.08.28: 8
+    logstash-2014.08.29: 23
+    logstash-2014.08.30: 25
+    logstash-2014.08.31: 69
+    5633
 
 ## Using lstash as a gem in your project
 
@@ -124,46 +124,46 @@ Add this line to your application's Gemfile:
 
 And then execute:
 
-    $ bundle
+    bundle
 
 Usage:
 
-	$ bundle console
+    bundle console
 
-	# connect to elasticsearch and create the Lstash client
-	elasticsearch = Elasticsearch::Client.new(url: 'log.mydomain.com')
-	client = Lstash::Client.new(elasticsearch)
+Connect to elasticsearch and create the Lstash client
 
-	# create the query
-	query = Lstash::Query.new('program:haproxy', from: 'today', to: 'now')
+    elasticsearch = Elasticsearch::Client.new(url: ENV['ES_URL'])
+    client = Lstash::Client.new(elasticsearch, debug: true)
 
-	# count
-	client.count(query)
+Create the query
 
-	# grep
-	client.grep(query) do |message|
-	  puts message
-	end
+    query = Lstash::Query.new('program:haproxy', from: 'today', to: 'now')
+
+Count example
+
+    client.count(query)
+
+Grep example
+
+    client.grep(query) do |message|
+      puts message
+    end
 
 ## Publishing the gem to RubyGems.org
 
 1. Build the gem
 
-```
-$ gem build lstash.gem
-  Successfully built RubyGem
-  Name: lstash
-  Version: 0.2.0
-  File: lstash-0.2.0.gem
-```
+        $ gem build lstash
+        Successfully built RubyGem
+        Name: lstash
+        Version: 0.2.0
+        File: lstash-0.2.0.gem
 
 2. Pushing your gem to RubyGems.org
 
-```
-gem push lstash-0.2.0.gem
-  Pushing gem to RubyGems.org...
-  Successfully registered gem: lstash (0.2.0)
-```
+        $ gem push lstash-0.2.0.gem
+        Pushing gem to RubyGems.org...
+        Successfully registered gem: lstash (0.2.0)
 
 See [RubyGems.org documention](https://guides.rubygems.org/) for more info.
 

data/bin/lstash

@@ -1,7 +1,5 @@
 #!/usr/bin/env ruby
 
-require 'lstash/cli'
+require "lstash/cli"
 
-# Suppress Hashie warnings
-Hashie.logger = Logger.new(nil)
 Lstash::CLI.start(ARGV)

data/dip.yml

@@ -0,0 +1,48 @@
+# Required minimum dip version
+version: '6.1'
+
+compose:
+  files:
+    - docker-compose.yml
+    - docker-compose.override.yml # platform specific overrides
+
+  # Specify project name explicitly to avoid name collisions:
+  # docker-compose uses the compose file's folder name as the project name by default,
+  # which could be the same for different projects (e.g., if you store docker-compose.yml
+  # in the .devcontainer/ folder)
+
+  # NOTE: We deliberately do not set project_name  to prevent collissions
+  # between git work trees.
+  # Let the name be determined automatically from the base directory name.
+  # project_name: UNSET DELIBERATELY
+
+interaction:
+  sh:
+    description: Start a Bash shell in the container
+    service: runner
+    command: /bin/bash
+
+  bundle:
+    description: Run bundler commands
+    service: runner
+    command: bundle
+
+  rake:
+    description: Run rake commands
+    service: runner
+    command: bundle exec rake
+
+  rspec:
+    description: Run specs
+    service: runner
+    command: bundle exec rspec
+
+provision:
+  # Remove old containers and volumes.
+  - dip compose down --volumes --remove-orphans
+
+  # Build the development container (based on .devcontainer/Dockerfile)
+  - dip compose build
+
+  # Install gem dependencies
+  - dip bundle install

data/docker-compose.yml

@@ -0,0 +1,28 @@
+x-base: &base
+  # NOTE: We deliberately do not set the image name to prevent
+  # collissions between images built in different git work trees (directories)
+  # image: LEFT UNSET DELIBERATELY
+  build:
+    context: .devcontainer
+  tmpfs:
+    - /tmp
+  volumes:
+    - .:/gem:cached
+    - bundle:/usr/local/bundle
+    - history:/usr/local/hist
+  stdin_open: true
+  tty: true
+  environment:
+    HISTFILE: /usr/local/hist/.bash_history
+    IRB_HISTFILE: /usr/local/hist/.irb_history
+    EDITOR: ${EDITOR:-vi}
+    ES_URL: http://host.docker.internal:9200
+
+services:
+  runner:
+    <<: *base
+    command: /bin/bash
+
+volumes:
+  bundle:
+  history:

data/lib/lstash/cli.rb

@@ -1,24 +1,30 @@
 # external dependencies
-require 'thor'
-require 'uri'
-require 'elasticsearch'
+require "thor"
+require "uri"
+require "elasticsearch"
 
 # local files we need
-require 'lstash/query'
-require 'lstash/client'
+require "lstash/query"
+require "lstash/client"
+require "lstash/version"
 
 module Lstash
+  TRANSPORT_REQUEST_TIMEOUT = 120 # 2 minute request timeout
+
+  class CLIBase < Thor
+    class << self
+      def shared_options
+        method_option :anchor, banner: "YYYY-mm-dd", aliases: "-a", desc: "The 'firstday' is relative to this anchor date", default: "today"
+        method_option :from, banner: "YYYY-mm-dd [HH:MM:SS]", aliases: "-f", desc: "Start date/time, 'now', 'today', 'yesterday', or 'firstday'", default: "yesterday"
+        method_option :to, banner: "YYYY-mm-dd [HH:MM:SS]", aliases: "-t", desc: "End date/time, 'now', 'today', 'yesterday', or 'firstday'", default: "today"
+        method_option :es_url, banner: "http://localhost:9200", aliases: "-e", desc: "Elasticsearch URL or set ES_URL environment variable"
+        method_option :debug, desc: "Log debugging info to stderr", aliases: "-d", type: :boolean, default: false
+        method_option :wildcard, desc: "Use index wildcard to query all logstash-* indices (fast for count, slow for grep)", type: :boolean
+      end
+    end
+  end
 
-  TRANSPORT_REQUEST_TIMEOUT = 120.freeze # 2 minute request timeout
-
-  class CLI < Thor
-
-    class_option :from,   :banner => 'start of time range', :aliases => '-f', :desc => "date/time, 'now', 'today', 'yesterday', or 'firstday'"
-    class_option :to,     :banner => 'end of time range',   :aliases => '-t', :desc => "date/time, 'now', 'today', 'yesterday', or 'firstday'"
-    class_option :anchor, :banner => 'anchor date/time',    :aliases => '-a', :desc => "used as reference date for firstday"
-    class_option :es_url, :banner => 'Elasticsearch endpoint for Logstash', :aliases => '-e', :desc => "or ES_URL environment variable"
-    class_option :debug,  :banner => 'debug log to stderr', :aliases => '-d', :type => :boolean
-
+  class CLI < CLIBase
     long_desc <<-LONGDESC
       Grep log messages matching the QUERY from Logstash in ascending timestamp order
       and output to stdout. QUERY can use Apache Lucene query parser syntax.
@@ -27,7 +33,8 @@ module Lstash
 
         lstash grep 'program:haproxy' --from firstday --to now
     LONGDESC
-    desc "grep QUERY", "grep log messages from Logstash"
+    desc "grep QUERY", "Grep log messages from Logstash"
+    shared_options
     def grep(query_string)
       run_command(query_string) do |es_client, query|
         Lstash::Client.new(es_client, options).grep(query) do |message|
@@ -44,7 +51,8 @@ module Lstash
 
         lstash count 'program:haproxy' --from firstday --to today --anchor yesterday
     LONGDESC
-    desc "count QUERY", "count number of log messages matching the QUERY"
+    desc "count QUERY", "Count number of log messages matching the QUERY"
+    shared_options
     def count(query_string)
       run_command(query_string) do |es_client, query|
         count = Lstash::Client.new(es_client, options).count(query)
@@ -52,29 +60,34 @@ module Lstash
       end
     end
 
+    long_desc "Print the lstash version"
+    desc "version", "print lstash version"
+    def version
+      puts Lstash::VERSION
+    end
+
     private
 
     def run_command(query_string)
       es_client = ::Elasticsearch::Client.new(
-        url: options[:es_url] || ENV['ES_URL'] || 'localhost',
-        log: !!ENV['DEBUG'],
-        transport_options: { request: { timeout: TRANSPORT_REQUEST_TIMEOUT } }
+        url: options[:es_url] || ENV["ES_URL"] || "http://localhost:9200",
+        log: ENV["DEBUG"] == "true",
+        transport_options: {request: {timeout: TRANSPORT_REQUEST_TIMEOUT}}
       )
-      query  = Lstash::Query.new(query_string, options)
+      query = Lstash::Query.new(query_string, options)
 
       yield es_client, query
-
-    rescue Exception => e
+    rescue => e
       options[:debug] ? raise(e) : raise(Thor::Error.new(e.message))
     end
 
-    protected
-
     # Make sure we exit on failure with an error code
-    def self.exit_on_failure?
-      true
-    end
+    class << self
+      protected
 
+      def exit_on_failure?
+        true
+      end
+    end
   end
-
 end