plunk 0.2.6 → 0.2.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/plunk/parser.rb +1 -1
- data/plunk.gemspec +1 -1
- data/spec/chained_search_spec.rb +39 -7
- data/spec/last_spec.rb +17 -12
- data/spec/nested_search_spec.rb +7 -2
- data/spec/shared/plunk_stubs.rb +5 -0
- data/spec/shared/time_stubs.rb +6 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3408599e2af768132c73ca5baaee9e664a3a4e7d
|
4
|
+
data.tar.gz: ae781102e75198bbcc8645fd1ae16e6bcd5e00b2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8c82d20b434eb7a3e37272ea66ed0f70476469e8ee1b6871676f0aca673a6e21152fc2d59e75b8856ca160ce15778f05458616e7299de5c50bc9f97594de011a
|
7
|
+
data.tar.gz: b457cc61a5efa0b7aa7b926a5f8fefe3accc6bc7036955ed604494c71d1709caa66fd1b131c6f58e0d0dde741a4f8b229ad28bf695a9a95b9022484e9016950e
|
data/Gemfile.lock
CHANGED
data/lib/plunk/parser.rb
CHANGED
@@ -48,7 +48,7 @@ module Plunk
|
|
48
48
|
# possible right-hand side values
|
49
49
|
rule(:wildcard) { match('[^=\s)(|]').repeat(1) }
|
50
50
|
rule(:searchop) { match('[=]').as(:op) }
|
51
|
-
rule(:query_value) {
|
51
|
+
rule(:query_value) { string | wildcard | datetime | number }
|
52
52
|
|
53
53
|
# boolean operators search
|
54
54
|
rule(:concatop) { (str('OR') | str('AND')) >> space? }
|
data/plunk.gemspec
CHANGED
data/spec/chained_search_spec.rb
CHANGED
@@ -1,28 +1,60 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'shared/time_stubs'
|
3
|
+
require 'shared/plunk_stubs'
|
2
4
|
|
3
5
|
describe 'chained searches' do
|
4
|
-
|
5
|
-
|
6
|
+
include_context "time stubs"
|
7
|
+
include_context "plunk stubs"
|
8
|
+
|
9
|
+
before :each do
|
10
|
+
@time = Time.parse("01/01/2010 10:00")
|
11
|
+
Time.any_instance.stub(:now).and_return(@time)
|
12
|
+
end
|
13
|
+
|
14
|
+
it 'should parse last 24h foo_type=bar baz="fez" host=27.224.123.110' do
|
15
|
+
parsed = @parser.parse 'last 24h foo_type=bar baz="fez" host=27.224.123.110'
|
16
|
+
result = @transformer.apply parsed
|
17
|
+
expect(result.query).to eq({query:{filtered:{query:{
|
18
|
+
query_string: {
|
19
|
+
query: 'foo_type:bar'
|
20
|
+
}},
|
21
|
+
filter: {
|
22
|
+
and: [{
|
23
|
+
range: {
|
24
|
+
:timestamp => {
|
25
|
+
gte: @time - 24.hours,
|
26
|
+
lte: @time
|
27
|
+
}
|
28
|
+
}},
|
29
|
+
{query_string: {
|
30
|
+
query: 'baz:fez'
|
31
|
+
}},
|
32
|
+
{query_string: {
|
33
|
+
query: 'host:27.224.123.110'
|
34
|
+
}}
|
35
|
+
]}}}})
|
36
|
+
end
|
37
|
+
|
38
|
+
pending 'should parse last 24h (foo_type=bar AND baz="fez" AND host=27.224.123.110)' do
|
39
|
+
parsed = @parser.parse 'last 24h (foo_type=bar AND baz="fez" AND host=27.224.123.110)'
|
6
40
|
result = @transformer.apply parsed
|
7
|
-
puts "PARSED: #{parsed}"
|
8
|
-
puts "RESULT_SET: #{result.inspect}"
|
9
41
|
expect(result.query).to eq({query:{filtered:{query:{
|
10
42
|
query_string: {
|
11
|
-
query: '
|
43
|
+
query: 'foo_type:bar'
|
12
44
|
}},
|
13
45
|
filter: {
|
14
46
|
and: [{
|
15
47
|
range: {
|
16
48
|
:timestamp => {
|
17
49
|
gte: 1.day.ago.utc.iso8601(3),
|
18
|
-
lte:
|
50
|
+
lte: @time
|
19
51
|
}
|
20
52
|
}},
|
21
53
|
{query_string: {
|
22
54
|
query: 'baz:fez'
|
23
55
|
}},
|
24
56
|
{query_string: {
|
25
|
-
query: '
|
57
|
+
query: 'host:27.224.123.110'
|
26
58
|
}}
|
27
59
|
]}}}})
|
28
60
|
end
|
data/spec/last_spec.rb
CHANGED
@@ -1,13 +1,18 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'shared/time_stubs'
|
3
|
+
require 'shared/plunk_stubs'
|
2
4
|
|
3
5
|
describe 'the last command' do
|
6
|
+
include_context "time stubs"
|
7
|
+
include_context "plunk stubs"
|
8
|
+
|
4
9
|
it 'should parse last 24h' do
|
5
10
|
result = @transformer.apply @parser.parse('last 24h')
|
6
11
|
expect(result.query.to_s).to eq({query:{filtered:{query:{
|
7
12
|
range: {
|
8
13
|
Plunk.timestamp_field => {
|
9
|
-
gte: 24.hours
|
10
|
-
lte:
|
14
|
+
gte: @time - 24.hours,
|
15
|
+
lte: @time
|
11
16
|
}}}}}}.to_s)
|
12
17
|
end
|
13
18
|
|
@@ -16,8 +21,8 @@ describe 'the last command' do
|
|
16
21
|
expect(result.query.to_s).to eq({query:{filtered:{query:{
|
17
22
|
range: {
|
18
23
|
Plunk.timestamp_field => {
|
19
|
-
gte: 24.days
|
20
|
-
lte:
|
24
|
+
gte: @time - 24.days,
|
25
|
+
lte: @time
|
21
26
|
}}}}}}.to_s)
|
22
27
|
end
|
23
28
|
|
@@ -26,8 +31,8 @@ describe 'the last command' do
|
|
26
31
|
expect(result.query.to_s).to eq({query:{filtered:{query:{
|
27
32
|
range: {
|
28
33
|
Plunk.timestamp_field => {
|
29
|
-
gte: 24.weeks
|
30
|
-
lte:
|
34
|
+
gte: @time - 24.weeks,
|
35
|
+
lte: @time
|
31
36
|
}}}}}}.to_s)
|
32
37
|
end
|
33
38
|
|
@@ -36,8 +41,8 @@ describe 'the last command' do
|
|
36
41
|
expect(result.query.to_s).to eq({query:{filtered:{query:{
|
37
42
|
range: {
|
38
43
|
Plunk.timestamp_field => {
|
39
|
-
gte: 24.seconds
|
40
|
-
lte:
|
44
|
+
gte: @time - 24.seconds,
|
45
|
+
lte: @time
|
41
46
|
}}}}}}.to_s)
|
42
47
|
end
|
43
48
|
|
@@ -46,8 +51,8 @@ describe 'the last command' do
|
|
46
51
|
expect(result.query.to_s).to eq({query:{filtered:{query:{
|
47
52
|
range: {
|
48
53
|
Plunk.timestamp_field => {
|
49
|
-
gte: 24.minutes
|
50
|
-
lte:
|
54
|
+
gte: @time - 24.minutes,
|
55
|
+
lte: @time
|
51
56
|
}}}}}}.to_s)
|
52
57
|
end
|
53
58
|
|
@@ -62,8 +67,8 @@ describe 'the last command' do
|
|
62
67
|
and: [
|
63
68
|
range: {
|
64
69
|
Plunk.timestamp_field => {
|
65
|
-
gte: 1.hour
|
66
|
-
lte:
|
70
|
+
gte: @time - 1.hour,
|
71
|
+
lte: @time
|
67
72
|
}}]}}}}.to_s)
|
68
73
|
end
|
69
74
|
end
|
data/spec/nested_search_spec.rb
CHANGED
@@ -1,12 +1,17 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'shared/time_stubs'
|
3
|
+
require 'shared/plunk_stubs'
|
2
4
|
|
3
5
|
describe 'nested searches' do
|
6
|
+
include_context "time stubs"
|
7
|
+
include_context "plunk stubs"
|
8
|
+
|
4
9
|
before :each do
|
5
10
|
fake_results = {
|
6
11
|
foo: 'bar',
|
7
12
|
baz: 5,
|
8
13
|
arr: [ 0, 1, 2, 3 ],
|
9
|
-
:timestamp =>
|
14
|
+
:timestamp => @time
|
10
15
|
}.to_json
|
11
16
|
Plunk::ResultSet.any_instance.stub(:eval).and_return(fake_results)
|
12
17
|
end
|
@@ -22,7 +27,7 @@ describe 'nested searches' do
|
|
22
27
|
@parsed = @parser.parse 'tshark.len = ` 226 | tshark.frame.time_epoch,tshark.ip.src`'
|
23
28
|
expect(@parsed[:field].to_s).to eq 'tshark.len'
|
24
29
|
expect(@parsed[:op].to_s).to eq '='
|
25
|
-
expect(@parsed[:value][:initial_query][:match].to_s).to eq '226
|
30
|
+
expect(@parsed[:value][:initial_query][:match].to_s).to eq '226'
|
26
31
|
expect(@parsed[:value][:extractors].to_s).to eq 'tshark.frame.time_epoch,tshark.ip.src'
|
27
32
|
end
|
28
33
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: plunk
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ram Mehta
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-01-
|
12
|
+
date: 2014-01-29 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: json
|
@@ -113,6 +113,8 @@ files:
|
|
113
113
|
- spec/shared/basic.rb
|
114
114
|
- spec/shared/field_value.rb
|
115
115
|
- spec/shared/last.rb
|
116
|
+
- spec/shared/plunk_stubs.rb
|
117
|
+
- spec/shared/time_stubs.rb
|
116
118
|
- spec/spec_helper.rb
|
117
119
|
homepage: https://github.com/elbii/plunk
|
118
120
|
licenses:
|