RubyGems - plunk - Versions diffs - 0.0.9 → 0.0.10 - Mend

plunk 0.0.9 → 0.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f4dfac5efa2e55552472e25e7c690597f9897f54
-  data.tar.gz: dcd5d467953d34343a7bb3a1a2f52ed9a1a40293
+  metadata.gz: a659a0a283f124f49496afa4cca6987f8c922d5d
+  data.tar.gz: 545c1203a5f86c97ac4eb32e8a515c84c36f342a
 SHA512:
-  metadata.gz: 883e88718a5af4fdd8bb7e636cf4a1621a24b6dd8b15e00d94b1bdeb5c147944daa24ba04672b3496b6adedf6576e3c9a5b89b9e82d444e1d44ffeb414c60111
-  data.tar.gz: 4c1403380786063af8680102e108650e769883568f38aa7434f75da71abb7991d567ecc5264f19f3f4721a364700f700670f258ef711d624a7115853f24d58fa
+  metadata.gz: c92655505f884b6b95231fd923620948ca9d67fa32610d0c416e408a39696d44baa752b14ac0482d1a77f9a061c41544f5d662cd84f7e6178c1670d5abed7b42
+  data.tar.gz: cb2b3e91a07b221b954aabe2f9ae0711e267ef7a68f4dc4fdfb16482534135d59761e7773897716021b6cd3d755f89bd3aebd2061998acd9ca7845ac32abf6b1

data/lib/plunk/transformer.rb CHANGED Viewed

@@ -31,6 +31,35 @@ class Plunk::Transformer < Parslet::Transform
     Plunk::ResultSet.new(query_string: "#{field}:#{value}")
   end
+  rule(
+    timerange: {
+      quantity: simple(:quantity),
+      quantifier: simple(:quantifier)
+    }) do
+    int_quantity = quantity.to_s.to_i
+    start_time =
+      case quantifier
+      when 's'
+        int_quantity.seconds.ago
+      when 'm'
+        int_quantity.minutes.ago
+      when 'h'
+        int_quantity.hours.ago
+      when 'd'
+        int_quantity.days.ago
+      when 'w'
+        int_quantity.weeks.ago
+      end
+    end_time = Time.now
+    Plunk::ResultSet.new(
+      start_time: start_time,
+      end_time: end_time)
+  end
   rule(
     search: simple(:result_set),
     timerange: {

data/plunk.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name                    = "plunk"
-  s.version                 = "0.0.9"
+  s.version                 = "0.0.10"
   s.date                    = "2013-12-03"
   s.add_runtime_dependency  "json"
   s.add_runtime_dependency  "parslet"

data/spec/basic_spec.rb CHANGED Viewed

@@ -1,25 +1,12 @@
 require 'spec_helper'
 describe 'basic searches' do
-  before :each do
-    @parsed = @parser.parse 'bar'
-  end
-  it 'should parse a single keyword' do
-    expect(@parsed[:match].to_s).to eq 'bar'
-  end
-  context 'transformed' do
-    before :each do
-      @result_set = @transformer.apply(@parsed)
-    end
-    it 'should be a proper query' do
-      @result_set.query.should eq({
-       query: {
-         query_string: {
-           query: 'bar'
-      }}})
-    end
+  it 'should parse' do
+    result = @transformer.apply @parser.parse('bar')
+    result.query.should eq({
+      query: {
+        query_string: {
+          query: 'bar'
+    }}})
   end
 end

data/spec/boolean_spec.rb CHANGED Viewed

@@ -1,20 +1,21 @@
 require 'spec_helper'
 describe 'boolean searches' do
-  it 'should parse last command with boolean' do
-    @parsed = @parser.parse 'last 1h (foo OR bar)'
-    expect(@parsed[:search][:match].to_s).to eq '(foo OR bar)'
+  it 'should parse (foo OR bar)' do
+    result = @transformer.apply @parser.parse '(foo OR bar)'
+    expect(result.query).to eq({
+      query: {
+        query_string: {
+          query: '(foo OR bar)'
+    }}})
   end
-  it 'should parse a single field / value complex boolean expression' do
-    @parsed = @parser.parse 'baz=(foo OR bar AND (bar OR fez))'
-    expect(@parsed[:field].to_s).to eq 'baz'
-    expect(@parsed[:value].to_s).to eq '(foo OR bar AND (bar OR fez))'
-    expect(@parsed[:op].to_s).to eq '='
-  end
-  it 'should parse a single boolean expression' do
-    @parsed = @parser.parse '(bar OR car)'
-    expect(@parsed[:match].to_s).to eq '(bar OR car)'
+  it 'should parse (foo OR (bar AND baz))' do
+    result = @transformer.apply @parser.parse '(foo OR (bar AND baz))'
+    expect(result.query).to eq({
+      query: {
+        query_string: {
+          query: '(foo OR (bar AND baz))'
+    }}})
   end
 end

data/spec/chained_search_spec.rb ADDED Viewed

File without changes

data/spec/elasticseach_spec.rb ADDED Viewed

@@ -0,0 +1,6 @@
+require 'spec_helper'
+describe Plunk::Elasticsearch do
+  pending 'mock and test Elasticsearch methods' do
+  end
+end

data/spec/field_value_spec.rb CHANGED Viewed

@@ -1,17 +1,21 @@
 require 'spec_helper'
 describe 'field / value searches' do
-  it 'should parse a single field/value combo' do
-    @parsed = @parser.parse 'tshark.http.@src_ip=bar'
-    expect(@parsed[:field].to_s).to eq 'tshark.http.@src_ip'
-    expect(@parsed[:value].to_s).to eq 'bar'
-    expect(@parsed[:op].to_s).to eq '='
+  it 'should parse a single _foo.@bar=baz' do
+    result = @transformer.apply @parser.parse('_foo.@bar=baz')
+    expect(result.query).to eq({
+      query: {
+        query_string: {
+          query: '_foo.@bar:baz'
+    }}})
   end
-  it 'should parse a single field / parenthesized value' do
-    @parsed = @parser.parse 'ids.attacker=(10.150.44.195)'
-    expect(@parsed[:field].to_s).to eq 'ids.attacker'
-    expect(@parsed[:value].to_s).to eq '(10.150.44.195)'
-    expect(@parsed[:op].to_s).to eq '='
+  it 'should parse a single _foo.@bar=(baz)' do
+    result = @transformer.apply @parser.parse('_foo.@bar=(baz)')
+    expect(result.query).to eq({
+      query: {
+        query_string: {
+          query: '_foo.@bar:(baz)'
+    }}})
   end
 end

data/spec/last_spec.rb CHANGED Viewed

@@ -1,47 +1,58 @@
 require 'spec_helper'
 describe 'the last command' do
-  context 'basic' do
-    it 'should parse a standalone last command' do
-      @parsed = @parser.parse 'last 24h'
-      expect(@parsed[:timerange][:quantity].to_s).to eq '24'
-      expect(@parsed[:timerange][:quantifier].to_s).to eq 'h'
-    end
+  it 'should parse last 24h' do
+    result = @transformer.apply @parser.parse('last 24h')
+    expect(result.query.to_s).to eq({
+      query: {
+        range: {
+          '@timestamp' => {
+            gte: 24.hours.ago,
+            lte: Time.now
+    }}}}.to_s)
   end
-  context 'complex' do
-    before :all do
-      @parsed = @parser.parse 'last 24w tshark.@src_ip = bar'
-    end
-    it 'should parse last command with a search' do
-      expect(@parsed[:timerange][:quantity].to_s).to eq '24'
-      expect(@parsed[:timerange][:quantifier].to_s).to eq 'w'
-      expect(@parsed[:search][:field].to_s).to eq 'tshark.@src_ip'
-      expect(@parsed[:search][:value].to_s).to eq 'bar'
-    end
-    context 'transformation' do
-      before :each do
-        @result_set = @transformer.apply(@parsed)
-      end
+  it 'should parse last 24d' do
+    result = @transformer.apply @parser.parse('last 24d')
+    expect(result.query.to_s).to eq({
+      query: {
+        range: {
+          '@timestamp' => {
+            gte: 24.days.ago,
+            lte: Time.now
+    }}}}.to_s)
+  end
-      it 'should have the proper result set' do
-        @result_set.should be_a Plunk::ResultSet
-        @result_set.query.should be_present
+  it 'should parse last 24w' do
+    result = @transformer.apply @parser.parse('last 24w')
+    expect(result.query.to_s).to eq({
+      query: {
+        range: {
+          '@timestamp' => {
+            gte: 24.weeks.ago,
+            lte: Time.now
+    }}}}.to_s)
+  end
-        query = { query: {
-          query_string: {
-            query: "tshark.@src_ip:bar"
-            },
-          range: {
-            '@timestamp' => {
-              gte: 24.weeks.ago,
-              lte: Time.now
-          }}}}
+  it 'should parse last 24s' do
+    result = @transformer.apply @parser.parse('last 24s')
+    expect(result.query.to_s).to eq({
+      query: {
+        range: {
+          '@timestamp' => {
+            gte: 24.seconds.ago,
+            lte: Time.now
+    }}}}.to_s)
+  end
-        @result_set.query.to_json.should eq query.to_json
-      end
-    end
+  it 'should parse last 24m' do
+    result = @transformer.apply @parser.parse('last 24m')
+    expect(result.query.to_s).to eq({
+      query: {
+        range: {
+          '@timestamp' => {
+            gte: 24.minutes.ago,
+            lte: Time.now
+    }}}}.to_s)
   end
 end

data/spec/regexp_spec.rb CHANGED Viewed

@@ -1,29 +1,12 @@
 require 'spec_helper'
 describe 'regexp searches' do
-  context 'simple' do
-    it 'should parse a basic regexp search' do
-      @parsed = @parser.parse 'foo=/blah foo/'
-      expect(@parsed[:field].to_s).to eq 'foo'
-      expect(@parsed[:value].to_s).to eq '/blah foo/'
-    end
-  end
-  context 'complex' do
-    it 'should parse key/value with regex' do
-      @parsed = @parser.parse 'foo=bar fe.ip=/whodunnit/'
-      expect(@parsed[0][:field].to_s).to eq 'foo'
-      expect(@parsed[0][:value].to_s).to eq 'bar'
-      expect(@parsed[1][:field].to_s).to eq 'fe.ip'
-      expect(@parsed[1][:value].to_s).to eq '/whodunnit/'
-    end
-    it 'should parse last command with a regex' do
-      @parsed = @parser.parse 'last 24w foo=/blah/'
-      expect(@parsed[:timerange][:quantity].to_s).to eq '24'
-      expect(@parsed[:timerange][:quantifier].to_s).to eq 'w'
-      expect(@parsed[:search][:field].to_s).to eq 'foo'
-      expect(@parsed[:search][:value].to_s).to eq '/blah/'
-    end
+  it 'should parse foo=/blah foo/' do
+    result = @transformer.apply @parser.parse('foo=/blah foo/')
+    expect(result.query).to eq({
+      query: {
+        query_string: {
+          query: 'foo:/blah foo/'
+    }}})
   end
 end

data/spec/spec_helper.rb CHANGED Viewed

@@ -3,6 +3,7 @@ require 'plunk'
 require 'plunk/parser'
 require 'plunk/transformer'
 require 'plunk/result_set'
+require 'plunk/elasticsearch'
 require 'parslet/rig/rspec'
 # Print ascii_tree when exception occurs

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: plunk
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 0.0.10
 platform: ruby
 authors:
 - Ram Mehta
@@ -103,7 +103,8 @@ files:
 - plunk.gemspec
 - spec/basic_spec.rb
 - spec/boolean_spec.rb
-- spec/elasticsearch_spec.rb
+- spec/chained_search_spec.rb
+- spec/elasticseach_spec.rb
 - spec/field_value_spec.rb
 - spec/last_spec.rb
 - spec/nested_search_spec.rb

data/spec/elasticsearch_spec.rb DELETED Viewed

@@ -1,15 +0,0 @@
-require 'plunk'
-require 'plunk/elasticsearch'
-describe Plunk::Elasticsearch do
-  before :all do
-    @elasticsearch = Plunk::Elasticsearch.new
-  end
-  context 'test field mapping' do
-    it 'should successfully list all fields' do
-      fields = @elasticsearch.available_fields
-      expect(fields).to be_a Hash
-    end
-  end
-end