plunk 0.2.11 → 0.3.1

data/plunk.gemspec

@@ -1,16 +1,16 @@
 Gem::Specification.new do |s|
   s.name                    = "plunk"
-  s.version                 = "0.2.11"
-  s.add_runtime_dependency  "json"
-  s.add_runtime_dependency  "parslet"
-  s.add_runtime_dependency  "elasticsearch"
-  s.add_runtime_dependency  "activesupport"
-  s.add_development_dependency "rspec"
-  s.add_development_dependency "timecop"
+  s.version                 = "0.3.1"
+  s.add_runtime_dependency  "json", "~> 1.8", ">= 1.8.0"
+  s.add_runtime_dependency  "parslet", "~> 1.5", ">= 1.5.0"
+  s.add_runtime_dependency  "elasticsearch", "~> 0.4", ">= 0.4.3"
+  s.add_runtime_dependency  "activesupport", "~> 4.0", ">= 4.0.0"
+  s.add_development_dependency "rspec", "~> 2.0", ">= 2.14.1"
+  s.add_development_dependency "timecop", "~> 0.7", ">= 0.7.1"
   s.summary                 = "Elasticsearch query language"
   s.description             = "Human-friendly query language for Elasticsearch"
-  s.authors                 = ["Ram Mehta", "Jamil Bou Kheir"]
-  s.email                   = ["ram.mehta@gmail.com", "jamil@elbii.com"]
+  s.authors                 = ["Ram Mehta", "Jamil Bou Kheir", "Roman Heinrich"]
+  s.email                   = ["ram.mehta@gmail.com", "jamil@elbii.com", "roman.heinrich@gmail.com"]
   s.files                   = `git ls-files`.split("\n")
   s.homepage                = "https://github.com/elbii/plunk"
   s.license                 = "MIT"

data/spec/basic_spec.rb

@@ -1,17 +1,39 @@
 require 'spec_helper'
 
 describe 'basic searches' do
+  def basic_builder(expected)
+    {
+      query: {
+        filtered: {
+          filter: {
+            query: {
+              query_string: {
+                query: expected
+              }
+            }
+          }
+        }
+      }
+    }
+  end
+
   it 'should parse bar' do
-    result = @transformer.apply @parser.parse('bar')
-    result.query.should eq({query:{filtered:{query:{query_string:{
-      query: 'bar'
-    }}}}})
+    result = Plunk.search 'bar'
+    result.should eq(basic_builder('bar'))
+  end
+
+  it 'should parse bar ' do
+    result = Plunk.search 'bar '
+    result.should eq(basic_builder('bar'))
+  end
+
+  it 'should parse (bar) ' do
+    result = Plunk.search '(bar) '
+    result.should eq(basic_builder('bar'))
   end
 
   it 'should parse  bar ' do
-    result = @transformer.apply @parser.parse(' bar ')
-    result.query.should eq({query:{filtered:{query:{query_string:{
-      query: 'bar'
-    }}}}})
+    result = Plunk.search ' bar '
+    result.should eq(basic_builder('bar'))
   end
 end

data/spec/boolean_spec.rb

@@ -1,42 +1,88 @@
 require 'spec_helper'
 
 describe 'boolean searches' do
+
   it 'should parse (foo OR bar)' do
-    result = @transformer.apply @parser.parse '(foo OR bar)'
-    expect(result.query).to eq({query:{filtered:{query:{query_string:{
-      query: '(foo OR bar)'
-    }}}}})
+    result = Plunk.search '(foo OR bar)'
+    expected = Plunk::Helper.filter_builder({
+      or: [
+        Plunk::Helper.query_builder('foo'),
+        Plunk::Helper.query_builder('bar')
+      ]
+    })
+    expect(result).to eq(expected)
+  end
+
+  it 'should parse (foo | bar)' do
+    result = Plunk.search '(foo | bar)'
+    expected = Plunk::Helper.filter_builder({
+      or: [
+        Plunk::Helper.query_builder('foo'),
+        Plunk::Helper.query_builder('bar')
+      ]
+    })
+    expect(result).to eq(expected)
   end
 
   it 'should parse (foo OR (bar AND baz))' do
-    result = @transformer.apply @parser.parse '(foo OR (bar AND baz))'
-    expect(result.query).to eq({query:{filtered:{query:{query_string:{
-      query: '(foo OR (bar AND baz))'
-    }}}}})
+    result = Plunk.search '(foo OR (bar AND baz))'
+    expected = Plunk::Helper.filter_builder({
+      or: [
+        Plunk::Helper.query_builder('foo'),
+        {
+          and: [
+            Plunk::Helper.query_builder('bar'),
+            Plunk::Helper.query_builder('baz')
+          ]
+        }
+      ]
+    })
+    expect(result).to eq(expected)
+  end
+
+  it 'should parse (foo=bar OR foo=bar)' do
+    result = Plunk.search '(foo=bar OR foo=bar)'
+    expected = Plunk::Helper.filter_builder({
+      or: [
+        Plunk::Helper.query_builder('foo:bar'),
+        Plunk::Helper.query_builder('foo:bar')
+      ]
+    })
+    expect(result).to eq(expected)
   end
 
-  pending 'should parse (foo=bar OR foo=bar)' do
-    result = @transformer.apply @parser.parse '(foo=bar OR foo=bar)'
-    expect(result.query).to eq({query:{filtered:{query:{query_string:{
-      query: '(foo:bar OR foo:bar)'
-    }}}}})
+  it 'should parse foo=bar OR baz=fez' do
+    result = Plunk.search 'foo=bar OR baz=fez'
+    expected = Plunk::Helper.filter_builder({
+      or: [
+        Plunk::Helper.query_builder('foo:bar'),
+        Plunk::Helper.query_builder('baz:fez')
+      ]
+    })
+    expect(result).to eq(expected)
   end
 
-  pending 'should parse foo=bar OR baz=fez' do
-    result = @transformer.apply @parser.parse 'foo=bar OR baz=fez'
-    expect(result.query).to eq({query:{filtered:{query:{
-      query_string:{
-        query: 'foo:bar OR baz:fez'
-      }},
-    }}})
+  it 'should parse (foo=bar AND baz=fez) OR ham=cheese' do
+    result = Plunk.search '(foo=bar AND baz=fez) OR ham=cheese'
+    expected = Plunk::Helper.filter_builder({
+      or: [
+        {
+          and: [
+            Plunk::Helper.query_builder('foo:bar'),
+            Plunk::Helper.query_builder('baz:fez')
+          ]
+        },
+        Plunk::Helper.query_builder('ham:cheese')
+      ]
+    })
+    expect(result).to eq(expected)
   end
 
-  pending 'should parse (foo=bar AND baz=fez) OR ham=cheese' do
-    result = @transformer.apply @parser.parse '(foo=bar AND baz=fez) OR ham=cheese'
-    expect(result.query).to eq({query:{filtered:{query:{
-      query_string:{
-        query: '(foo:bar AND baz:fez) OR ham:cheese'
-      }},
-    }}})
+  it 'should parse NOT foo=bar' do
+    result = Plunk.search 'NOT foo=bar'
+    expected = Plunk::Helper.filter_builder({
+      not: Plunk::Helper.query_builder('foo:bar')
+    })
+    expect(result).to eq(expected)
   end
 end

data/spec/chained_search_spec.rb

@@ -6,51 +6,43 @@ describe 'chained searches' do
   include_context "time stubs"
   include_context "plunk stubs"
 
-  it 'should parse last 24h foo_type=bar baz="fez" host=27.224.123.110' do
-    parsed = @parser.parse 'last 24h foo_type=bar baz="fez" host=27.224.123.110'
-    result = @transformer.apply parsed
-    expect(result.query).to eq({query:{filtered:{query:{
-      query_string: {
-        query: 'foo_type:bar'
-      }},
-      filter: {
-        and: [{
-          range: {
-            :@timestamp => {
-              gte: (@time - 24.hours).utc.to_datetime.iso8601(3),
-              lte: @time.utc.to_datetime.iso8601(3)
-            }
-          }},
-          {query:{query_string: {
-            query: 'baz:"fez"'
-          }}},
-          {query:{query_string: {
-            query: 'host:27.224.123.110'
-          }}}
-    ]}}}})
+  it 'should parse last 24h & foo_type=bar & baz="fez" & host=27.224.123.110' do
+    result = Plunk.search 'last 24h & foo_type=bar & baz="fez" & host=27.224.123.110'
+    expected = Plunk::Helper.filter_builder({
+      and: [
+        Plunk::Helper.range_builder(
+          (@time - 24.hours).utc.to_datetime.iso8601(3),
+          @time.utc.to_datetime.iso8601(3)
+        ),
+        { and: [
+          Plunk::Helper.query_builder('foo_type:bar'),
+          { and: [
+            Plunk::Helper.query_builder('baz:"fez"'),
+            Plunk::Helper.query_builder('host:27.224.123.110')
+          ]}
+        ]}
+      ]
+    })
+    expect(result).to eq(expected)
   end
 
-  pending 'should parse last 24h (foo_type=bar AND baz="fez" AND host=27.224.123.110)' do
-    parsed = @parser.parse 'last 24h (foo_type=bar AND baz="fez" AND host=27.224.123.110)'
-    result = @transformer.apply parsed
-    expect(result.query).to eq({query:{filtered:{query:{
-      query_string: {
-        query: 'foo_type:bar'
-      }},
-      filter: {
-        and: [{
-          range: {
-            :timestamp => {
-              gte: (@time - 1.day).utc.to_datetime.iso8601(3),
-              lte: @time.utc.to_datetime.iso8601(3)
-            }
-          }},
-          {query:{query_string: {
-            query: 'baz:fez'
-          }}},
-          {query:{query_string: {
-            query: 'host:27.224.123.110'
-          }}}
-    ]}}}})
+  it 'should parse last 24h & (foo_type=bar AND baz="fez" AND host=27.224.123.110)' do
+    result = Plunk.search 'last 24h & (foo_type=bar AND baz="fez" AND host=27.224.123.110)'
+    expected = Plunk::Helper.filter_builder({
+      and: [
+        Plunk::Helper.range_builder(
+          (@time - 24.hours).utc.to_datetime.iso8601(3),
+          @time.utc.to_datetime.iso8601(3)
+        ),
+        { and: [
+          Plunk::Helper.query_builder('foo_type:bar'),
+          { and: [
+            Plunk::Helper.query_builder('baz:"fez"'),
+            Plunk::Helper.query_builder('host:27.224.123.110')
+          ]}
+        ]}
+      ]
+    })
+    expect(result).to eq(expected)
   end
 end

data/spec/field_value_spec.rb

@@ -1,45 +1,44 @@
 require 'spec_helper'
 
 describe 'field / value searches' do
-  it 'should parse a _foo.@bar=baz' do
-    result = @transformer.apply @parser.parse('_foo.@bar=baz')
-    expect(result.query).to eq({query:{filtered:{query:{query_string:{
-      query: '_foo.@bar:baz'
-    }}}}})
+
+  it 'should parse _foo.@bar=baz' do
+    result = Plunk.search '_foo.@bar=baz'
+    expected = Plunk::Helper.filter_builder(
+      Plunk::Helper.query_builder('_foo.@bar:baz')
+    )
+    expect(result).to eq(expected)
   end
 
-  it 'should parse a _foo.@bar=(baz)' do
-    result = @transformer.apply @parser.parse('_foo.@bar=(baz)')
-    expect(result.query).to eq({query:{filtered:{query:{query_string:{
-      query: '_foo.@bar:(baz)'
-    }}}}})
+  it 'should parse _foo.@bar=(baz)' do
+    result = Plunk.search '_foo.@bar=(baz)'
+    expected = Plunk::Helper.filter_builder(
+      Plunk::Helper.query_builder('_foo.@bar:(baz)')
+    )
+    expect(result).to eq(expected)
   end
 
   it 'should parse _foo.@fields.@bar="bar baz"' do
-    result = @transformer.apply @parser.parse '_foo.@fields.@bar="bar baz"'
-    expect(result.query).to eq({query:{filtered:{query:{query_string:{
-      query: '_foo.@fields.@bar:"bar baz"'
-    }}}}})
+    result = Plunk.search '_foo.@fields.@bar="bar baz"'
+    expected = Plunk::Helper.filter_builder(
+      Plunk::Helper.query_builder('_foo.@fields.@bar:"bar baz"')
+    )
+    expect(result).to eq(expected)
   end
 
   it 'should parse _foo-barcr@5Y_+f!3*(name=bar' do
-    result = @transformer.apply @parser.parse '_foo-barcr@5Y_+f!3*(name=bar'
-    expect(result.query).to eq({query:{filtered:{query:{query_string:{
-      query: '_foo-barcr@5Y_+f!3*(name:bar'
-    }}}}})
+    result = Plunk.search '_foo-barcr@5Y_+f!3*(name=bar'
+    expected = Plunk::Helper.filter_builder(
+      Plunk::Helper.query_builder('_foo-barcr@5Y_+f!3*(name:bar')
+    )
+    expect(result).to eq(expected)
   end
 
   it 'should parse foo=bar-baz' do
-    result = @transformer.apply @parser.parse 'foo=bar-baz'
-    expect(result.query).to eq({query:{filtered:{query:{query_string:{
-      query: 'foo:bar-baz'
-    }}}}})
-  end
-
-  it 'should parse foo=(NOT bar)' do
-    result = @transformer.apply @parser.parse 'foo=(NOT bar)'
-    expect(result.query).to eq({query:{filtered:{query:{query_string:{
-      query: 'foo:(NOT bar)'
-    }}}}})
+    result = Plunk.search 'foo=bar-baz'
+    expected = Plunk::Helper.filter_builder(
+      Plunk::Helper.query_builder('foo:bar-baz')
+    )
+    expect(result).to eq(expected)
   end
 end

data/spec/last_spec.rb

@@ -7,68 +7,71 @@ describe 'the last command' do
   include_context "plunk stubs"
 
   it 'should parse last 24h' do
-    result = @transformer.apply @parser.parse('last 24h')
-    expect(result.query.to_s).to eq({query:{filtered:{query:{
-      range: {
-        Plunk.timestamp_field => {
-          gte: (@time - 24.hours).utc.to_datetime.iso8601(3),
-          lte: @time.utc.to_datetime.iso8601(3)
-    }}}}}}.to_s)
+    result = Plunk.search 'last 24h'
+    expected = Plunk::Helper.filter_builder(
+      Plunk::Helper.range_builder(
+        (@time - 24.hours).utc.to_datetime.iso8601(3),
+        @time.utc.to_datetime.iso8601(3)
+      )
+    )
+    expect(result).to eq(expected)
   end
 
   it 'should parse last 24d' do
-    result = @transformer.apply @parser.parse('last 24d')
-    expect(result.query.to_s).to eq({query:{filtered:{query:{
-      range: {
-        Plunk.timestamp_field => {
-          gte: (@time - 24.days).utc.to_datetime.iso8601(3),
-          lte: @time.utc.to_datetime.iso8601(3)
-    }}}}}}.to_s)
+    result = Plunk.search 'last 24d'
+    expected = Plunk::Helper.filter_builder(
+      Plunk::Helper.range_builder(
+        (@time - 24.days).utc.to_datetime.iso8601(3),
+        @time.utc.to_datetime.iso8601(3)
+      )
+    )
+    expect(result).to eq(expected)
   end
 
   it 'should parse last 24w' do
-    result = @transformer.apply @parser.parse('last 24w')
-    expect(result.query.to_s).to eq({query:{filtered:{query:{
-      range: {
-        Plunk.timestamp_field => {
-          gte: (@time - 24.weeks).utc.to_datetime.iso8601(3),
-          lte: @time.utc.to_datetime.iso8601(3)
-    }}}}}}.to_s)
+    result = Plunk.search 'last 24w'
+    expected = Plunk::Helper.filter_builder(
+      Plunk::Helper.range_builder(
+        (@time - 24.weeks).utc.to_datetime.iso8601(3),
+        @time.utc.to_datetime.iso8601(3)
+      )
+    )
+    expect(result).to eq(expected)
   end
 
   it 'should parse last 24s' do
-    result = @transformer.apply @parser.parse('last 24s')
-    expect(result.query.to_s).to eq({query:{filtered:{query:{
-      range: {
-        Plunk.timestamp_field => {
-          gte: (@time - 24.seconds).utc.to_datetime.iso8601(3),
-          lte: @time.utc.to_datetime.iso8601(3)
-    }}}}}}.to_s)
+    result = Plunk.search 'last 24s'
+    expected = Plunk::Helper.filter_builder(
+      Plunk::Helper.range_builder(
+        (@time - 24.seconds).utc.to_datetime.iso8601(3),
+        @time.utc.to_datetime.iso8601(3)
+      )
+    )
+    expect(result).to eq(expected)
   end
 
   it 'should parse last 24m' do
-    result = @transformer.apply @parser.parse('last 24m')
-    expect(result.query.to_s).to eq({query:{filtered:{query:{
-      range: {
-        Plunk.timestamp_field => {
-          gte: (@time - 24.minutes).utc.to_datetime.iso8601(3),
-          lte: @time.utc.to_datetime.iso8601(3)
-    }}}}}}.to_s)
+    result = Plunk.search 'last 24m'
+    expected = Plunk::Helper.filter_builder(
+      Plunk::Helper.range_builder(
+        (@time - 24.minutes).utc.to_datetime.iso8601(3),
+        @time.utc.to_datetime.iso8601(3)
+      )
+    )
+    expect(result).to eq(expected)
   end
 
-  it 'should parse last 1h @fields.foo.@field=bar' do
-    result = @transformer.apply @parser.parse('last 1h @fields.foo.@field=bar')
-    expect(result.query.to_s).to eq({query:{filtered:{
-      query:{
-        query_string: {
-          query: '@fields.foo.@field:bar'
-      }},
-      filter: {
-        and: [
-          range: {
-            Plunk.timestamp_field => {
-              gte: (@time - 1.hour).utc.to_datetime.iso8601(3),
-              lte: @time.utc.to_datetime.iso8601(3)
-    }}]}}}}.to_s)
+  it 'should parse last 1h & @fields.foo.@field=bar' do
+    result = Plunk.search 'last 1h & @fields.foo.@field=bar'
+    expected = Plunk::Helper.filter_builder(
+      and: [
+        Plunk::Helper.range_builder(
+          (@time - 1.hour).utc.to_datetime.iso8601(3),
+          @time.utc.to_datetime.iso8601(3)
+        ),
+        Plunk::Helper.query_builder('@fields.foo.@field:bar')
+      ]
+    )
+    expect(result).to eq(expected)
   end
 end