plunk 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +32 -0
- data/lib/plunk/result_set.rb +25 -19
- data/lib/plunk/transformer.rb +1 -1
- data/plunk.gemspec +1 -1
- data/spec/basic_spec.rb +3 -5
- data/spec/boolean_spec.rb +6 -10
- data/spec/chained_search_spec.rb +24 -0
- data/spec/field_value_spec.rb +6 -10
- data/spec/last_spec.rb +40 -43
- data/spec/nested_search_spec.rb +3 -5
- data/spec/regexp_spec.rb +3 -5
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1aaa198f780c8d3c6f9538cd86a7ee20fbf4d44c
|
4
|
+
data.tar.gz: 4cb13fb58000bf09dca9fa3001077a2b46474c41
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a994a69ca9c8557f07869aaff1eb468773346caa06d5676e68cdea867d0e6642cb3bd573e419f557a224beb11c6a386a7189851b2f166a3ce74884f5a8e0e802
|
7
|
+
data.tar.gz: bfbd1504b80387dd2b3695a030cbb9be35110052f9b5ec8857b4415d048219e9519e71d4f6849575c67b8d878da94dff80bd3fb52b39407385d3185f4170168a
|
data/README.md
CHANGED
@@ -2,3 +2,35 @@ plunk
|
|
2
2
|
=====
|
3
3
|
|
4
4
|
Human-friendly query language for Elasticsearch
|
5
|
+
|
6
|
+
Examples:
|
7
|
+
|
8
|
+
```last 24h _type=syslog```
|
9
|
+
|
10
|
+
gets translated to:
|
11
|
+
|
12
|
+
```json
|
13
|
+
{
|
14
|
+
"query": {
|
15
|
+
"filtered": {
|
16
|
+
"query": {
|
17
|
+
"query_string": {
|
18
|
+
"query": "_type:syslog"
|
19
|
+
}
|
20
|
+
},
|
21
|
+
"filter": {
|
22
|
+
"and": [
|
23
|
+
{
|
24
|
+
"range": {
|
25
|
+
"timestamp": {
|
26
|
+
"gte": "2013-08-23T05:43:13.770Z",
|
27
|
+
"lte": "2013-08-24T05:43:13.770Z"
|
28
|
+
}
|
29
|
+
}
|
30
|
+
}
|
31
|
+
]
|
32
|
+
}
|
33
|
+
}
|
34
|
+
}
|
35
|
+
}
|
36
|
+
```
|
data/lib/plunk/result_set.rb
CHANGED
@@ -1,29 +1,35 @@
|
|
1
1
|
class Plunk::ResultSet
|
2
|
-
attr_accessor :query
|
2
|
+
attr_accessor :query, :query_string
|
3
3
|
|
4
|
-
def initialize(opts=
|
5
|
-
|
6
|
-
@query = { query: { }}
|
7
|
-
|
8
|
-
if @query_string = opts[:query_string]
|
9
|
-
@query[:query][:query_string] = { query: opts[:query_string] }
|
10
|
-
end
|
4
|
+
def initialize(opts={})
|
5
|
+
@query = { query: { filtered: {}}}
|
11
6
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
7
|
+
if opts.size >= 3 # use "and" filter to AND filters
|
8
|
+
@query_string = opts[:query_string]
|
9
|
+
@query[:query][:filtered][:query] = {
|
10
|
+
query_string: {
|
11
|
+
query: opts[:query_string] }}
|
12
|
+
@query[:query][:filtered][:filter] = {
|
13
|
+
and: [
|
14
|
+
range: {
|
15
|
+
'@timestamp' => {
|
16
|
+
gte: opts[:start_time],
|
17
|
+
lte: opts[:end_time] }}]}
|
18
|
+
else
|
19
|
+
if @query_string = opts[:query_string]
|
20
|
+
@query[:query][:filtered][:query] = {
|
21
|
+
query_string: {
|
22
|
+
query: opts[:query_string] }}
|
23
|
+
elsif opts[:start_time] and opts[:end_time]
|
24
|
+
@query[:query][:filtered][:query] = {
|
25
|
+
range: {
|
26
|
+
'@timestamp' => {
|
27
|
+
gte: opts[:start_time],
|
28
|
+
lte: opts[:end_time] }}}
|
19
29
|
end
|
20
30
|
end
|
21
31
|
end
|
22
32
|
|
23
|
-
def raw_query
|
24
|
-
@query_string
|
25
|
-
end
|
26
|
-
|
27
33
|
def eval
|
28
34
|
@@elasticsearch.search(@query.to_json) if @query
|
29
35
|
end
|
data/lib/plunk/transformer.rb
CHANGED
@@ -137,7 +137,7 @@ class Plunk::Transformer < Parslet::Transform
|
|
137
137
|
end_time = Time.now
|
138
138
|
|
139
139
|
Plunk::ResultSet.new(
|
140
|
-
query_string: result_set.
|
140
|
+
query_string: result_set.query_string,
|
141
141
|
start_time: start_time.utc.to_datetime.iso8601(3),
|
142
142
|
end_time: end_time.utc.to_datetime.iso8601(3))
|
143
143
|
end
|
data/plunk.gemspec
CHANGED
data/spec/basic_spec.rb
CHANGED
@@ -3,10 +3,8 @@ require 'spec_helper'
|
|
3
3
|
describe 'basic searches' do
|
4
4
|
it 'should parse' do
|
5
5
|
result = @transformer.apply @parser.parse('bar')
|
6
|
-
result.query.should eq({
|
7
|
-
query:
|
8
|
-
|
9
|
-
query: 'bar'
|
10
|
-
}}})
|
6
|
+
result.query.should eq({query:{filtered:{query:{query_string:{
|
7
|
+
query: 'bar'
|
8
|
+
}}}}})
|
11
9
|
end
|
12
10
|
end
|
data/spec/boolean_spec.rb
CHANGED
@@ -3,19 +3,15 @@ require 'spec_helper'
|
|
3
3
|
describe 'boolean searches' do
|
4
4
|
it 'should parse (foo OR bar)' do
|
5
5
|
result = @transformer.apply @parser.parse '(foo OR bar)'
|
6
|
-
expect(result.query).to eq({
|
7
|
-
query:
|
8
|
-
|
9
|
-
query: '(foo OR bar)'
|
10
|
-
}}})
|
6
|
+
expect(result.query).to eq({query:{filtered:{query:{query_string:{
|
7
|
+
query: '(foo OR bar)'
|
8
|
+
}}}}})
|
11
9
|
end
|
12
10
|
|
13
11
|
it 'should parse (foo OR (bar AND baz))' do
|
14
12
|
result = @transformer.apply @parser.parse '(foo OR (bar AND baz))'
|
15
|
-
expect(result.query).to eq({
|
16
|
-
query:
|
17
|
-
|
18
|
-
query: '(foo OR (bar AND baz))'
|
19
|
-
}}})
|
13
|
+
expect(result.query).to eq({query:{filtered:{query:{query_string:{
|
14
|
+
query: '(foo OR (bar AND baz))'
|
15
|
+
}}}}})
|
20
16
|
end
|
21
17
|
end
|
data/spec/chained_search_spec.rb
CHANGED
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'chained searches' do
|
4
|
+
it 'should parse last 24h foo=bar baz=fez' do
|
5
|
+
result = @transformer.apply @parser.parse 'last 24h foo=bar baz=fez'
|
6
|
+
puts result
|
7
|
+
expect(result.query).to eq({query:{filtered:{query:{
|
8
|
+
range: {
|
9
|
+
'@timestamp' => {
|
10
|
+
gte: 1.day.ago.utc.iso8601(3),
|
11
|
+
lte: Time.now.utc.iso8601(3)
|
12
|
+
}
|
13
|
+
},
|
14
|
+
filter: {
|
15
|
+
and: [
|
16
|
+
query_string: {
|
17
|
+
query: 'foo:bar'
|
18
|
+
},
|
19
|
+
query_string: {
|
20
|
+
query: 'baz:fez'
|
21
|
+
}
|
22
|
+
]}}}}})
|
23
|
+
end
|
24
|
+
end
|
data/spec/field_value_spec.rb
CHANGED
@@ -3,19 +3,15 @@ require 'spec_helper'
|
|
3
3
|
describe 'field / value searches' do
|
4
4
|
it 'should parse a single _foo.@bar=baz' do
|
5
5
|
result = @transformer.apply @parser.parse('_foo.@bar=baz')
|
6
|
-
expect(result.query).to eq({
|
7
|
-
query:
|
8
|
-
|
9
|
-
query: '_foo.@bar:baz'
|
10
|
-
}}})
|
6
|
+
expect(result.query).to eq({query:{filtered:{query:{query_string:{
|
7
|
+
query: '_foo.@bar:baz'
|
8
|
+
}}}}})
|
11
9
|
end
|
12
10
|
|
13
11
|
it 'should parse a single _foo.@bar=(baz)' do
|
14
12
|
result = @transformer.apply @parser.parse('_foo.@bar=(baz)')
|
15
|
-
expect(result.query).to eq({
|
16
|
-
query:
|
17
|
-
|
18
|
-
query: '_foo.@bar:(baz)'
|
19
|
-
}}})
|
13
|
+
expect(result.query).to eq({query:{filtered:{query:{query_string:{
|
14
|
+
query: '_foo.@bar:(baz)'
|
15
|
+
}}}}})
|
20
16
|
end
|
21
17
|
end
|
data/spec/last_spec.rb
CHANGED
@@ -3,70 +3,67 @@ require 'spec_helper'
|
|
3
3
|
describe 'the last command' do
|
4
4
|
it 'should parse last 24h' do
|
5
5
|
result = @transformer.apply @parser.parse('last 24h')
|
6
|
-
expect(result.query.to_s).to eq({
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
}}}}.to_s)
|
6
|
+
expect(result.query.to_s).to eq({query:{filtered:{query:{
|
7
|
+
range: {
|
8
|
+
'@timestamp' => {
|
9
|
+
gte: 24.hours.ago.utc.to_datetime.iso8601(3),
|
10
|
+
lte: Time.now.utc.to_datetime.iso8601(3)
|
11
|
+
}}}}}}.to_s)
|
13
12
|
end
|
14
13
|
|
15
14
|
it 'should parse last 24d' do
|
16
15
|
result = @transformer.apply @parser.parse('last 24d')
|
17
|
-
expect(result.query.to_s).to eq({
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
}}}}.to_s)
|
16
|
+
expect(result.query.to_s).to eq({query:{filtered:{query:{
|
17
|
+
range: {
|
18
|
+
'@timestamp' => {
|
19
|
+
gte: 24.days.ago.utc.to_datetime.iso8601(3),
|
20
|
+
lte: Time.now.utc.to_datetime.iso8601(3)
|
21
|
+
}}}}}}.to_s)
|
24
22
|
end
|
25
23
|
|
26
24
|
it 'should parse last 24w' do
|
27
25
|
result = @transformer.apply @parser.parse('last 24w')
|
28
|
-
expect(result.query.to_s).to eq({
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
}}}}.to_s)
|
26
|
+
expect(result.query.to_s).to eq({query:{filtered:{query:{
|
27
|
+
range: {
|
28
|
+
'@timestamp' => {
|
29
|
+
gte: 24.weeks.ago.utc.to_datetime.iso8601(3),
|
30
|
+
lte: Time.now.utc.to_datetime.iso8601(3)
|
31
|
+
}}}}}}.to_s)
|
35
32
|
end
|
36
33
|
|
37
34
|
it 'should parse last 24s' do
|
38
35
|
result = @transformer.apply @parser.parse('last 24s')
|
39
|
-
expect(result.query.to_s).to eq({
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
}}}}.to_s)
|
36
|
+
expect(result.query.to_s).to eq({query:{filtered:{query:{
|
37
|
+
range: {
|
38
|
+
'@timestamp' => {
|
39
|
+
gte: 24.seconds.ago.utc.to_datetime.iso8601(3),
|
40
|
+
lte: Time.now.utc.to_datetime.iso8601(3)
|
41
|
+
}}}}}}.to_s)
|
46
42
|
end
|
47
43
|
|
48
44
|
it 'should parse last 24m' do
|
49
45
|
result = @transformer.apply @parser.parse('last 24m')
|
50
|
-
expect(result.query.to_s).to eq({
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
}}}}.to_s)
|
46
|
+
expect(result.query.to_s).to eq({query:{filtered:{query:{
|
47
|
+
range: {
|
48
|
+
'@timestamp' => {
|
49
|
+
gte: 24.minutes.ago.utc.to_datetime.iso8601(3),
|
50
|
+
lte: Time.now.utc.to_datetime.iso8601(3)
|
51
|
+
}}}}}}.to_s)
|
57
52
|
end
|
58
53
|
|
59
54
|
it 'should parse last 1h foo=bar' do
|
60
55
|
result = @transformer.apply @parser.parse('last 1h foo=bar')
|
61
|
-
expect(result.query.to_s).to eq({
|
62
|
-
query:
|
56
|
+
expect(result.query.to_s).to eq({query:{filtered:{
|
57
|
+
query:{
|
63
58
|
query_string: {
|
64
59
|
query: 'foo:bar'
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
60
|
+
}},
|
61
|
+
filter: {
|
62
|
+
and: [
|
63
|
+
range: {
|
64
|
+
'@timestamp' => {
|
65
|
+
gte: 1.hour.ago.utc.to_datetime.iso8601(3),
|
66
|
+
lte: Time.now.utc.to_datetime.iso8601(3)
|
67
|
+
}}]}}}}.to_s)
|
71
68
|
end
|
72
69
|
end
|
data/spec/nested_search_spec.rb
CHANGED
@@ -13,11 +13,9 @@ describe 'nested searches' do
|
|
13
13
|
|
14
14
|
it 'should transform' do
|
15
15
|
results = @transformer.apply @parser.parse('foo=`bar=baz|baz`')
|
16
|
-
expect(results.query).to eq({
|
17
|
-
query:
|
18
|
-
|
19
|
-
query: 'foo:(5)'
|
20
|
-
}}})
|
16
|
+
expect(results.query).to eq({query:{filtered:{query:{query_string:{
|
17
|
+
query: 'foo:(5)'
|
18
|
+
}}}}})
|
21
19
|
end
|
22
20
|
|
23
21
|
it 'should parse a nested basic search' do
|
data/spec/regexp_spec.rb
CHANGED
@@ -3,10 +3,8 @@ require 'spec_helper'
|
|
3
3
|
describe 'regexp searches' do
|
4
4
|
it 'should parse foo=/blah foo/' do
|
5
5
|
result = @transformer.apply @parser.parse('foo=/blah foo/')
|
6
|
-
expect(result.query).to eq({
|
7
|
-
query:
|
8
|
-
|
9
|
-
query: 'foo:/blah foo/'
|
10
|
-
}}})
|
6
|
+
expect(result.query).to eq({query:{filtered:{query:{query_string:{
|
7
|
+
query: 'foo:/blah foo/'
|
8
|
+
}}}}})
|
11
9
|
end
|
12
10
|
end
|