plunk 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/plunk/result_set.rb +2 -2
- data/lib/plunk/transformer.rb +51 -1
- data/plunk.gemspec +1 -1
- data/spec/last_spec.rb +1 -2
- data/spec/nested_search_spec.rb +2 -2
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f4347fcd85f52a27bcf5f88860aafb1723ba4dbe
|
4
|
+
data.tar.gz: 6e61f5fddc8d46739a2ab022811ee0ed0dae370e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7260262be415b410743081d51ac61c80383d8dcf26cff42adbfbbb8f85ac2f2268edf7c6e431abfe7ea91cdb08c609ed042bd6fc48f3602bb2c64d520239c920
|
7
|
+
data.tar.gz: 04e0993e9818842f23efd04febb9eefd79c90afa2450d196882e31b9f7bb9ff4596e02b2643d019f59338a21a464518f43dea6488d0f112fce62f9ce0dd948e1
|
data/lib/plunk/result_set.rb
CHANGED
data/lib/plunk/transformer.rb
CHANGED
@@ -3,6 +3,56 @@ require 'active_support/core_ext'
|
|
3
3
|
|
4
4
|
class Plunk::Transformer < Parslet::Transform
|
5
5
|
|
6
|
+
rule(
|
7
|
+
field: simple(:field),
|
8
|
+
value: {
|
9
|
+
initial_query: subtree(:initial_query),
|
10
|
+
extractors: simple(:extractors)
|
11
|
+
},
|
12
|
+
op: '=',
|
13
|
+
timerange: {
|
14
|
+
quantity: simple(:quantity),
|
15
|
+
quantifier: simple(:quantifier)
|
16
|
+
}) do
|
17
|
+
|
18
|
+
int_quantity = quantity.to_s.to_i
|
19
|
+
|
20
|
+
start_time =
|
21
|
+
case quantifier
|
22
|
+
when 's'
|
23
|
+
int_quantity.seconds.ago
|
24
|
+
when 'm'
|
25
|
+
int_quantity.minutes.ago
|
26
|
+
when 'h'
|
27
|
+
int_quantity.hours.ago
|
28
|
+
when 'd'
|
29
|
+
int_quantity.days.ago
|
30
|
+
when 'w'
|
31
|
+
int_quantity.weeks.ago
|
32
|
+
end
|
33
|
+
|
34
|
+
end_time = Time.now
|
35
|
+
|
36
|
+
|
37
|
+
# recursively apply nested query
|
38
|
+
result_set = Plunk::Transformer.new.apply(initial_query)
|
39
|
+
|
40
|
+
json = JSON.parse result_set.eval
|
41
|
+
values = Plunk::Elasticsearch.extract_values json, extractors.to_s.split(',')
|
42
|
+
|
43
|
+
if values.empty?
|
44
|
+
Plunk::ResultSet.new(
|
45
|
+
start_time: start_time.utc.to_datetime.iso8601(3),
|
46
|
+
end_time: end_time.utc.to_datetime.iso8601(3))
|
47
|
+
|
48
|
+
else
|
49
|
+
Plunk::ResultSet.new(
|
50
|
+
query_string: "#{field}:(#{values.uniq.join(' OR ')})",
|
51
|
+
start_time: start_time.utc.to_datetime.iso8601(3),
|
52
|
+
end_time: end_time.utc.to_datetime.iso8601(3))
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
6
56
|
rule(match: simple(:value)) do
|
7
57
|
Plunk::ResultSet.new(query_string: "#{value}")
|
8
58
|
end
|
@@ -18,7 +68,7 @@ class Plunk::Transformer < Parslet::Transform
|
|
18
68
|
# recursively apply nested query
|
19
69
|
result_set = Plunk::Transformer.new.apply(initial_query)
|
20
70
|
|
21
|
-
json = JSON.parse result_set.eval
|
71
|
+
json = JSON.parse result_set.eval
|
22
72
|
values = Plunk::Elasticsearch.extract_values json, extractors.to_s.split(',')
|
23
73
|
|
24
74
|
if values.empty?
|
data/plunk.gemspec
CHANGED
data/spec/last_spec.rb
CHANGED
@@ -3,7 +3,6 @@ require 'spec_helper'
|
|
3
3
|
describe 'the last command' do
|
4
4
|
it 'should parse last 24h' do
|
5
5
|
result = @transformer.apply @parser.parse('last 24h')
|
6
|
-
puts "QUERY: #{result.query}"
|
7
6
|
expect(result.query.to_s).to eq({
|
8
7
|
query: {
|
9
8
|
range: {
|
@@ -57,7 +56,7 @@ describe 'the last command' do
|
|
57
56
|
}}}}.to_s)
|
58
57
|
end
|
59
58
|
|
60
|
-
it 'should parse foo=bar
|
59
|
+
it 'should parse last 1h foo=bar' do
|
61
60
|
result = @transformer.apply @parser.parse('last 1h foo=bar')
|
62
61
|
expect(result.query.to_s).to eq({
|
63
62
|
query: {
|
data/spec/nested_search_spec.rb
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe 'nested searches' do
|
4
|
-
before :
|
4
|
+
before :each do
|
5
5
|
fake_results = {
|
6
6
|
foo: 'bar',
|
7
7
|
baz: 5,
|
8
8
|
arr: [ 0, 1, 2, 3 ],
|
9
|
-
'@timestamp' => Time.now
|
9
|
+
'@timestamp' => Time.now.utc.iso8601(3)
|
10
10
|
}.to_json
|
11
11
|
Plunk::ResultSet.any_instance.stub(:eval).and_return(fake_results)
|
12
12
|
end
|