plunk 0.0.9 → 0.0.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/plunk/transformer.rb +29 -0
- data/plunk.gemspec +1 -1
- data/spec/basic_spec.rb +7 -20
- data/spec/boolean_spec.rb +14 -13
- data/spec/chained_search_spec.rb +0 -0
- data/spec/elasticseach_spec.rb +6 -0
- data/spec/field_value_spec.rb +14 -10
- data/spec/last_spec.rb +48 -37
- data/spec/regexp_spec.rb +7 -24
- data/spec/spec_helper.rb +1 -0
- metadata +3 -2
- data/spec/elasticsearch_spec.rb +0 -15
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a659a0a283f124f49496afa4cca6987f8c922d5d
|
4
|
+
data.tar.gz: 545c1203a5f86c97ac4eb32e8a515c84c36f342a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c92655505f884b6b95231fd923620948ca9d67fa32610d0c416e408a39696d44baa752b14ac0482d1a77f9a061c41544f5d662cd84f7e6178c1670d5abed7b42
|
7
|
+
data.tar.gz: cb2b3e91a07b221b954aabe2f9ae0711e267ef7a68f4dc4fdfb16482534135d59761e7773897716021b6cd3d755f89bd3aebd2061998acd9ca7845ac32abf6b1
|
data/lib/plunk/transformer.rb
CHANGED
@@ -31,6 +31,35 @@ class Plunk::Transformer < Parslet::Transform
|
|
31
31
|
Plunk::ResultSet.new(query_string: "#{field}:#{value}")
|
32
32
|
end
|
33
33
|
|
34
|
+
rule(
|
35
|
+
timerange: {
|
36
|
+
quantity: simple(:quantity),
|
37
|
+
quantifier: simple(:quantifier)
|
38
|
+
}) do
|
39
|
+
|
40
|
+
int_quantity = quantity.to_s.to_i
|
41
|
+
|
42
|
+
start_time =
|
43
|
+
case quantifier
|
44
|
+
when 's'
|
45
|
+
int_quantity.seconds.ago
|
46
|
+
when 'm'
|
47
|
+
int_quantity.minutes.ago
|
48
|
+
when 'h'
|
49
|
+
int_quantity.hours.ago
|
50
|
+
when 'd'
|
51
|
+
int_quantity.days.ago
|
52
|
+
when 'w'
|
53
|
+
int_quantity.weeks.ago
|
54
|
+
end
|
55
|
+
|
56
|
+
end_time = Time.now
|
57
|
+
|
58
|
+
Plunk::ResultSet.new(
|
59
|
+
start_time: start_time,
|
60
|
+
end_time: end_time)
|
61
|
+
end
|
62
|
+
|
34
63
|
rule(
|
35
64
|
search: simple(:result_set),
|
36
65
|
timerange: {
|
data/plunk.gemspec
CHANGED
data/spec/basic_spec.rb
CHANGED
@@ -1,25 +1,12 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe 'basic searches' do
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
context 'transformed' do
|
13
|
-
before :each do
|
14
|
-
@result_set = @transformer.apply(@parsed)
|
15
|
-
end
|
16
|
-
|
17
|
-
it 'should be a proper query' do
|
18
|
-
@result_set.query.should eq({
|
19
|
-
query: {
|
20
|
-
query_string: {
|
21
|
-
query: 'bar'
|
22
|
-
}}})
|
23
|
-
end
|
4
|
+
it 'should parse' do
|
5
|
+
result = @transformer.apply @parser.parse('bar')
|
6
|
+
result.query.should eq({
|
7
|
+
query: {
|
8
|
+
query_string: {
|
9
|
+
query: 'bar'
|
10
|
+
}}})
|
24
11
|
end
|
25
12
|
end
|
data/spec/boolean_spec.rb
CHANGED
@@ -1,20 +1,21 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe 'boolean searches' do
|
4
|
-
it 'should parse
|
5
|
-
|
6
|
-
expect(
|
4
|
+
it 'should parse (foo OR bar)' do
|
5
|
+
result = @transformer.apply @parser.parse '(foo OR bar)'
|
6
|
+
expect(result.query).to eq({
|
7
|
+
query: {
|
8
|
+
query_string: {
|
9
|
+
query: '(foo OR bar)'
|
10
|
+
}}})
|
7
11
|
end
|
8
12
|
|
9
|
-
it 'should parse
|
10
|
-
|
11
|
-
expect(
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
it 'should parse a single boolean expression' do
|
17
|
-
@parsed = @parser.parse '(bar OR car)'
|
18
|
-
expect(@parsed[:match].to_s).to eq '(bar OR car)'
|
13
|
+
it 'should parse (foo OR (bar AND baz))' do
|
14
|
+
result = @transformer.apply @parser.parse '(foo OR (bar AND baz))'
|
15
|
+
expect(result.query).to eq({
|
16
|
+
query: {
|
17
|
+
query_string: {
|
18
|
+
query: '(foo OR (bar AND baz))'
|
19
|
+
}}})
|
19
20
|
end
|
20
21
|
end
|
File without changes
|
data/spec/field_value_spec.rb
CHANGED
@@ -1,17 +1,21 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe 'field / value searches' do
|
4
|
-
it 'should parse a single
|
5
|
-
|
6
|
-
expect(
|
7
|
-
|
8
|
-
|
4
|
+
it 'should parse a single _foo.@bar=baz' do
|
5
|
+
result = @transformer.apply @parser.parse('_foo.@bar=baz')
|
6
|
+
expect(result.query).to eq({
|
7
|
+
query: {
|
8
|
+
query_string: {
|
9
|
+
query: '_foo.@bar:baz'
|
10
|
+
}}})
|
9
11
|
end
|
10
12
|
|
11
|
-
it 'should parse a single
|
12
|
-
|
13
|
-
expect(
|
14
|
-
|
15
|
-
|
13
|
+
it 'should parse a single _foo.@bar=(baz)' do
|
14
|
+
result = @transformer.apply @parser.parse('_foo.@bar=(baz)')
|
15
|
+
expect(result.query).to eq({
|
16
|
+
query: {
|
17
|
+
query_string: {
|
18
|
+
query: '_foo.@bar:(baz)'
|
19
|
+
}}})
|
16
20
|
end
|
17
21
|
end
|
data/spec/last_spec.rb
CHANGED
@@ -1,47 +1,58 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe 'the last command' do
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
4
|
+
it 'should parse last 24h' do
|
5
|
+
result = @transformer.apply @parser.parse('last 24h')
|
6
|
+
expect(result.query.to_s).to eq({
|
7
|
+
query: {
|
8
|
+
range: {
|
9
|
+
'@timestamp' => {
|
10
|
+
gte: 24.hours.ago,
|
11
|
+
lte: Time.now
|
12
|
+
}}}}.to_s)
|
10
13
|
end
|
11
14
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
end
|
23
|
-
|
24
|
-
context 'transformation' do
|
25
|
-
before :each do
|
26
|
-
@result_set = @transformer.apply(@parsed)
|
27
|
-
end
|
15
|
+
it 'should parse last 24d' do
|
16
|
+
result = @transformer.apply @parser.parse('last 24d')
|
17
|
+
expect(result.query.to_s).to eq({
|
18
|
+
query: {
|
19
|
+
range: {
|
20
|
+
'@timestamp' => {
|
21
|
+
gte: 24.days.ago,
|
22
|
+
lte: Time.now
|
23
|
+
}}}}.to_s)
|
24
|
+
end
|
28
25
|
|
29
|
-
|
30
|
-
|
31
|
-
|
26
|
+
it 'should parse last 24w' do
|
27
|
+
result = @transformer.apply @parser.parse('last 24w')
|
28
|
+
expect(result.query.to_s).to eq({
|
29
|
+
query: {
|
30
|
+
range: {
|
31
|
+
'@timestamp' => {
|
32
|
+
gte: 24.weeks.ago,
|
33
|
+
lte: Time.now
|
34
|
+
}}}}.to_s)
|
35
|
+
end
|
32
36
|
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
37
|
+
it 'should parse last 24s' do
|
38
|
+
result = @transformer.apply @parser.parse('last 24s')
|
39
|
+
expect(result.query.to_s).to eq({
|
40
|
+
query: {
|
41
|
+
range: {
|
42
|
+
'@timestamp' => {
|
43
|
+
gte: 24.seconds.ago,
|
44
|
+
lte: Time.now
|
45
|
+
}}}}.to_s)
|
46
|
+
end
|
42
47
|
|
43
|
-
|
44
|
-
|
45
|
-
|
48
|
+
it 'should parse last 24m' do
|
49
|
+
result = @transformer.apply @parser.parse('last 24m')
|
50
|
+
expect(result.query.to_s).to eq({
|
51
|
+
query: {
|
52
|
+
range: {
|
53
|
+
'@timestamp' => {
|
54
|
+
gte: 24.minutes.ago,
|
55
|
+
lte: Time.now
|
56
|
+
}}}}.to_s)
|
46
57
|
end
|
47
58
|
end
|
data/spec/regexp_spec.rb
CHANGED
@@ -1,29 +1,12 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe 'regexp searches' do
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
context 'complex' do
|
13
|
-
it 'should parse key/value with regex' do
|
14
|
-
@parsed = @parser.parse 'foo=bar fe.ip=/whodunnit/'
|
15
|
-
expect(@parsed[0][:field].to_s).to eq 'foo'
|
16
|
-
expect(@parsed[0][:value].to_s).to eq 'bar'
|
17
|
-
expect(@parsed[1][:field].to_s).to eq 'fe.ip'
|
18
|
-
expect(@parsed[1][:value].to_s).to eq '/whodunnit/'
|
19
|
-
end
|
20
|
-
|
21
|
-
it 'should parse last command with a regex' do
|
22
|
-
@parsed = @parser.parse 'last 24w foo=/blah/'
|
23
|
-
expect(@parsed[:timerange][:quantity].to_s).to eq '24'
|
24
|
-
expect(@parsed[:timerange][:quantifier].to_s).to eq 'w'
|
25
|
-
expect(@parsed[:search][:field].to_s).to eq 'foo'
|
26
|
-
expect(@parsed[:search][:value].to_s).to eq '/blah/'
|
27
|
-
end
|
4
|
+
it 'should parse foo=/blah foo/' do
|
5
|
+
result = @transformer.apply @parser.parse('foo=/blah foo/')
|
6
|
+
expect(result.query).to eq({
|
7
|
+
query: {
|
8
|
+
query_string: {
|
9
|
+
query: 'foo:/blah foo/'
|
10
|
+
}}})
|
28
11
|
end
|
29
12
|
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: plunk
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ram Mehta
|
@@ -103,7 +103,8 @@ files:
|
|
103
103
|
- plunk.gemspec
|
104
104
|
- spec/basic_spec.rb
|
105
105
|
- spec/boolean_spec.rb
|
106
|
-
- spec/
|
106
|
+
- spec/chained_search_spec.rb
|
107
|
+
- spec/elasticseach_spec.rb
|
107
108
|
- spec/field_value_spec.rb
|
108
109
|
- spec/last_spec.rb
|
109
110
|
- spec/nested_search_spec.rb
|
data/spec/elasticsearch_spec.rb
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
require 'plunk'
|
2
|
-
require 'plunk/elasticsearch'
|
3
|
-
|
4
|
-
describe Plunk::Elasticsearch do
|
5
|
-
before :all do
|
6
|
-
@elasticsearch = Plunk::Elasticsearch.new
|
7
|
-
end
|
8
|
-
|
9
|
-
context 'test field mapping' do
|
10
|
-
it 'should successfully list all fields' do
|
11
|
-
fields = @elasticsearch.available_fields
|
12
|
-
expect(fields).to be_a Hash
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|