plunk 0.3.1 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +6 -6
- data/lib/plunk/helper.rb +8 -0
- data/lib/plunk/transformer.rb +3 -3
- data/plunk.gemspec +1 -1
- data/spec/boolean_spec.rb +24 -0
- data/spec/chained_search_spec.rb +6 -14
- data/spec/field_value_spec.rb +8 -0
- data/spec/regexp_spec.rb +8 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2166c154fb85131ea652ccc4409725b29b4dc250
|
|
4
|
+
data.tar.gz: 75503b3934ea91d1ba81ff934684ccd724af7a84
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bbeff1a1e3c8e36d0857662715b2b8c9392d6543ff7de11527f6748852feba47f449bb1e66c9a125918884c4d95bfa2d3cb952370c77cb87d9f8e1a3ae00f91f
|
|
7
|
+
data.tar.gz: 1d281d2a627594100c9ed502a96e82e01192248585cba14a8de91174fb5c8381145dd8d8a192a9a7259b0653eed029629fc2642593011fee14c6c7bee4b3aa14
|
data/Gemfile.lock
CHANGED
|
@@ -2,10 +2,10 @@ PATH
|
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
4
|
plunk (0.3.1)
|
|
5
|
-
activesupport
|
|
6
|
-
elasticsearch
|
|
7
|
-
json
|
|
8
|
-
parslet
|
|
5
|
+
activesupport (~> 4.0, >= 4.0.0)
|
|
6
|
+
elasticsearch (~> 0.4, >= 0.4.3)
|
|
7
|
+
json (~> 1.8, >= 1.8.0)
|
|
8
|
+
parslet (~> 1.5, >= 1.5.0)
|
|
9
9
|
|
|
10
10
|
GEM
|
|
11
11
|
remote: https://rubygems.org/
|
|
@@ -54,5 +54,5 @@ PLATFORMS
|
|
|
54
54
|
|
|
55
55
|
DEPENDENCIES
|
|
56
56
|
plunk!
|
|
57
|
-
rspec
|
|
58
|
-
timecop
|
|
57
|
+
rspec (~> 2.0, >= 2.14.1)
|
|
58
|
+
timecop (~> 0.7, >= 0.7.1)
|
data/lib/plunk/helper.rb
CHANGED
|
@@ -2,6 +2,14 @@ require 'active_support/core_ext'
|
|
|
2
2
|
|
|
3
3
|
module Plunk
|
|
4
4
|
class Helper
|
|
5
|
+
def self.combine_subtrees(left, right, op)
|
|
6
|
+
if right[op]
|
|
7
|
+
{ op => [left] + right[op] }
|
|
8
|
+
else
|
|
9
|
+
{ op => [left, right] }
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
|
|
5
13
|
def self.query_builder(query_string)
|
|
6
14
|
{
|
|
7
15
|
query: {
|
data/lib/plunk/transformer.rb
CHANGED
|
@@ -2,7 +2,6 @@ require 'parslet'
|
|
|
2
2
|
|
|
3
3
|
module Plunk
|
|
4
4
|
class Transformer < Parslet::Transform
|
|
5
|
-
|
|
6
5
|
# Field = Value
|
|
7
6
|
rule(command: {
|
|
8
7
|
field: simple(:field),
|
|
@@ -41,14 +40,15 @@ module Plunk
|
|
|
41
40
|
left: subtree(:left),
|
|
42
41
|
right: subtree(:right)
|
|
43
42
|
}) do
|
|
44
|
-
|
|
43
|
+
Helper.combine_subtrees(left, right, :or)
|
|
45
44
|
end
|
|
46
45
|
|
|
47
46
|
rule(:and => {
|
|
48
47
|
left: subtree(:left),
|
|
49
48
|
right: subtree(:right)
|
|
50
49
|
}) do
|
|
51
|
-
|
|
50
|
+
Helper.combine_subtrees(left, right, :and)
|
|
52
51
|
end
|
|
52
|
+
|
|
53
53
|
end
|
|
54
54
|
end
|
data/plunk.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = "plunk"
|
|
3
|
-
s.version = "0.3.
|
|
3
|
+
s.version = "0.3.2"
|
|
4
4
|
s.add_runtime_dependency "json", "~> 1.8", ">= 1.8.0"
|
|
5
5
|
s.add_runtime_dependency "parslet", "~> 1.5", ">= 1.5.0"
|
|
6
6
|
s.add_runtime_dependency "elasticsearch", "~> 0.4", ">= 0.4.3"
|
data/spec/boolean_spec.rb
CHANGED
|
@@ -40,6 +40,30 @@ describe 'boolean searches' do
|
|
|
40
40
|
expect(result).to eq(expected)
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
+
it 'should parse foo=bar & baz=fez & fad=bad' do
|
|
44
|
+
result = Plunk.search 'foo=bar & baz=fez & fad=bad'
|
|
45
|
+
expected = Plunk::Helper.filter_builder({
|
|
46
|
+
and: [
|
|
47
|
+
Plunk::Helper.query_builder('foo:bar'),
|
|
48
|
+
Plunk::Helper.query_builder('baz:fez'),
|
|
49
|
+
Plunk::Helper.query_builder('fad:bad')
|
|
50
|
+
]
|
|
51
|
+
})
|
|
52
|
+
expect(result).to eq(expected)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
it 'should parse foo=bar | foo=baz | fez=baz' do
|
|
56
|
+
result = Plunk.search 'foo=bar | foo=baz | fez=baz'
|
|
57
|
+
expected = Plunk::Helper.filter_builder({
|
|
58
|
+
or: [
|
|
59
|
+
Plunk::Helper.query_builder('foo:bar'),
|
|
60
|
+
Plunk::Helper.query_builder('foo:baz'),
|
|
61
|
+
Plunk::Helper.query_builder('fez:baz')
|
|
62
|
+
]
|
|
63
|
+
})
|
|
64
|
+
expect(result).to eq(expected)
|
|
65
|
+
end
|
|
66
|
+
|
|
43
67
|
it 'should parse (foo=bar OR foo=bar)' do
|
|
44
68
|
result = Plunk.search '(foo=bar OR foo=bar)'
|
|
45
69
|
expected = Plunk::Helper.filter_builder({
|
data/spec/chained_search_spec.rb
CHANGED
|
@@ -14,13 +14,9 @@ describe 'chained searches' do
|
|
|
14
14
|
(@time - 24.hours).utc.to_datetime.iso8601(3),
|
|
15
15
|
@time.utc.to_datetime.iso8601(3)
|
|
16
16
|
),
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
Plunk::Helper.query_builder('baz:"fez"'),
|
|
21
|
-
Plunk::Helper.query_builder('host:27.224.123.110')
|
|
22
|
-
]}
|
|
23
|
-
]}
|
|
17
|
+
Plunk::Helper.query_builder('foo_type:bar'),
|
|
18
|
+
Plunk::Helper.query_builder('baz:"fez"'),
|
|
19
|
+
Plunk::Helper.query_builder('host:27.224.123.110')
|
|
24
20
|
]
|
|
25
21
|
})
|
|
26
22
|
expect(result).to eq(expected)
|
|
@@ -34,13 +30,9 @@ describe 'chained searches' do
|
|
|
34
30
|
(@time - 24.hours).utc.to_datetime.iso8601(3),
|
|
35
31
|
@time.utc.to_datetime.iso8601(3)
|
|
36
32
|
),
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
Plunk::Helper.query_builder('baz:"fez"'),
|
|
41
|
-
Plunk::Helper.query_builder('host:27.224.123.110')
|
|
42
|
-
]}
|
|
43
|
-
]}
|
|
33
|
+
Plunk::Helper.query_builder('foo_type:bar'),
|
|
34
|
+
Plunk::Helper.query_builder('baz:"fez"'),
|
|
35
|
+
Plunk::Helper.query_builder('host:27.224.123.110')
|
|
44
36
|
]
|
|
45
37
|
})
|
|
46
38
|
expect(result).to eq(expected)
|
data/spec/field_value_spec.rb
CHANGED
|
@@ -41,4 +41,12 @@ describe 'field / value searches' do
|
|
|
41
41
|
)
|
|
42
42
|
expect(result).to eq(expected)
|
|
43
43
|
end
|
|
44
|
+
|
|
45
|
+
it 'should parse !src_ip=0.0.0.0' do
|
|
46
|
+
result = Plunk.search '!src_ip=0.0.0.0'
|
|
47
|
+
expected = Plunk::Helper.filter_builder(
|
|
48
|
+
Plunk::Helper.query_builder('!src_ip:0.0.0.0')
|
|
49
|
+
)
|
|
50
|
+
expect(result).to eq(expected)
|
|
51
|
+
end
|
|
44
52
|
end
|
data/spec/regexp_spec.rb
CHANGED
|
@@ -25,4 +25,12 @@ describe 'regexp searches' do
|
|
|
25
25
|
)
|
|
26
26
|
expect(result).to eq(expected)
|
|
27
27
|
end
|
|
28
|
+
|
|
29
|
+
it 'should parse /.*User\-Agent\: Microsoft\-WebDAV.*/' do
|
|
30
|
+
result = Plunk.search '/.*User\-Agent\: Microsoft\-WebDAV.*/'
|
|
31
|
+
expected = Plunk::Helper.filter_builder(
|
|
32
|
+
Plunk::Helper.query_builder('/.*User\-Agent\: Microsoft\-WebDAV.*/')
|
|
33
|
+
)
|
|
34
|
+
expect(result).to eq(expected)
|
|
35
|
+
end
|
|
28
36
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: plunk
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ram Mehta
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2014-03-
|
|
13
|
+
date: 2014-03-20 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: json
|