plunk 0.0.9 → 0.0.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/lib/plunk/transformer.rb +29 -0
  3. data/plunk.gemspec +1 -1
  4. data/spec/basic_spec.rb +7 -20
  5. data/spec/boolean_spec.rb +14 -13
  6. data/spec/chained_search_spec.rb +0 -0
  7. data/spec/elasticseach_spec.rb +6 -0
  8. data/spec/field_value_spec.rb +14 -10
  9. data/spec/last_spec.rb +48 -37
  10. data/spec/regexp_spec.rb +7 -24
  11. data/spec/spec_helper.rb +1 -0
  12. metadata +3 -2
  13. data/spec/elasticsearch_spec.rb +0 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f4dfac5efa2e55552472e25e7c690597f9897f54
4
- data.tar.gz: dcd5d467953d34343a7bb3a1a2f52ed9a1a40293
3
+ metadata.gz: a659a0a283f124f49496afa4cca6987f8c922d5d
4
+ data.tar.gz: 545c1203a5f86c97ac4eb32e8a515c84c36f342a
5
5
  SHA512:
6
- metadata.gz: 883e88718a5af4fdd8bb7e636cf4a1621a24b6dd8b15e00d94b1bdeb5c147944daa24ba04672b3496b6adedf6576e3c9a5b89b9e82d444e1d44ffeb414c60111
7
- data.tar.gz: 4c1403380786063af8680102e108650e769883568f38aa7434f75da71abb7991d567ecc5264f19f3f4721a364700f700670f258ef711d624a7115853f24d58fa
6
+ metadata.gz: c92655505f884b6b95231fd923620948ca9d67fa32610d0c416e408a39696d44baa752b14ac0482d1a77f9a061c41544f5d662cd84f7e6178c1670d5abed7b42
7
+ data.tar.gz: cb2b3e91a07b221b954aabe2f9ae0711e267ef7a68f4dc4fdfb16482534135d59761e7773897716021b6cd3d755f89bd3aebd2061998acd9ca7845ac32abf6b1
data/lib/plunk/transformer.rb CHANGED
@@ -31,6 +31,35 @@ class Plunk::Transformer < Parslet::Transform
31
31
  Plunk::ResultSet.new(query_string: "#{field}:#{value}")
32
32
  end
33
33
 
34
+ rule(
35
+ timerange: {
36
+ quantity: simple(:quantity),
37
+ quantifier: simple(:quantifier)
38
+ }) do
39
+
40
+ int_quantity = quantity.to_s.to_i
41
+
42
+ start_time =
43
+ case quantifier
44
+ when 's'
45
+ int_quantity.seconds.ago
46
+ when 'm'
47
+ int_quantity.minutes.ago
48
+ when 'h'
49
+ int_quantity.hours.ago
50
+ when 'd'
51
+ int_quantity.days.ago
52
+ when 'w'
53
+ int_quantity.weeks.ago
54
+ end
55
+
56
+ end_time = Time.now
57
+
58
+ Plunk::ResultSet.new(
59
+ start_time: start_time,
60
+ end_time: end_time)
61
+ end
62
+
34
63
  rule(
35
64
  search: simple(:result_set),
36
65
  timerange: {
data/plunk.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = "plunk"
3
- s.version = "0.0.9"
3
+ s.version = "0.0.10"
4
4
  s.date = "2013-12-03"
5
5
  s.add_runtime_dependency "json"
6
6
  s.add_runtime_dependency "parslet"
data/spec/basic_spec.rb CHANGED
@@ -1,25 +1,12 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe 'basic searches' do
4
- before :each do
5
- @parsed = @parser.parse 'bar'
6
- end
7
-
8
- it 'should parse a single keyword' do
9
- expect(@parsed[:match].to_s).to eq 'bar'
10
- end
11
-
12
- context 'transformed' do
13
- before :each do
14
- @result_set = @transformer.apply(@parsed)
15
- end
16
-
17
- it 'should be a proper query' do
18
- @result_set.query.should eq({
19
- query: {
20
- query_string: {
21
- query: 'bar'
22
- }}})
23
- end
4
+ it 'should parse' do
5
+ result = @transformer.apply @parser.parse('bar')
6
+ result.query.should eq({
7
+ query: {
8
+ query_string: {
9
+ query: 'bar'
10
+ }}})
24
11
  end
25
12
  end
data/spec/boolean_spec.rb CHANGED
@@ -1,20 +1,21 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe 'boolean searches' do
4
- it 'should parse last command with boolean' do
5
- @parsed = @parser.parse 'last 1h (foo OR bar)'
6
- expect(@parsed[:search][:match].to_s).to eq '(foo OR bar)'
4
+ it 'should parse (foo OR bar)' do
5
+ result = @transformer.apply @parser.parse '(foo OR bar)'
6
+ expect(result.query).to eq({
7
+ query: {
8
+ query_string: {
9
+ query: '(foo OR bar)'
10
+ }}})
7
11
  end
8
12
 
9
- it 'should parse a single field / value complex boolean expression' do
10
- @parsed = @parser.parse 'baz=(foo OR bar AND (bar OR fez))'
11
- expect(@parsed[:field].to_s).to eq 'baz'
12
- expect(@parsed[:value].to_s).to eq '(foo OR bar AND (bar OR fez))'
13
- expect(@parsed[:op].to_s).to eq '='
14
- end
15
-
16
- it 'should parse a single boolean expression' do
17
- @parsed = @parser.parse '(bar OR car)'
18
- expect(@parsed[:match].to_s).to eq '(bar OR car)'
13
+ it 'should parse (foo OR (bar AND baz))' do
14
+ result = @transformer.apply @parser.parse '(foo OR (bar AND baz))'
15
+ expect(result.query).to eq({
16
+ query: {
17
+ query_string: {
18
+ query: '(foo OR (bar AND baz))'
19
+ }}})
19
20
  end
20
21
  end
data/spec/chained_search_spec.rb ADDED
File without changes
data/spec/elasticseach_spec.rb ADDED
@@ -0,0 +1,6 @@
1
+ require 'spec_helper'
2
+
3
+ describe Plunk::Elasticsearch do
4
+ pending 'mock and test Elasticsearch methods' do
5
+ end
6
+ end
data/spec/field_value_spec.rb CHANGED
@@ -1,17 +1,21 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe 'field / value searches' do
4
- it 'should parse a single field/value combo' do
5
- @parsed = @parser.parse 'tshark.http.@src_ip=bar'
6
- expect(@parsed[:field].to_s).to eq 'tshark.http.@src_ip'
7
- expect(@parsed[:value].to_s).to eq 'bar'
8
- expect(@parsed[:op].to_s).to eq '='
4
+ it 'should parse a single _foo.@bar=baz' do
5
+ result = @transformer.apply @parser.parse('_foo.@bar=baz')
6
+ expect(result.query).to eq({
7
+ query: {
8
+ query_string: {
9
+ query: '_foo.@bar:baz'
10
+ }}})
9
11
  end
10
12
 
11
- it 'should parse a single field / parenthesized value' do
12
- @parsed = @parser.parse 'ids.attacker=(10.150.44.195)'
13
- expect(@parsed[:field].to_s).to eq 'ids.attacker'
14
- expect(@parsed[:value].to_s).to eq '(10.150.44.195)'
15
- expect(@parsed[:op].to_s).to eq '='
13
+ it 'should parse a single _foo.@bar=(baz)' do
14
+ result = @transformer.apply @parser.parse('_foo.@bar=(baz)')
15
+ expect(result.query).to eq({
16
+ query: {
17
+ query_string: {
18
+ query: '_foo.@bar:(baz)'
19
+ }}})
16
20
  end
17
21
  end
data/spec/last_spec.rb CHANGED
@@ -1,47 +1,58 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe 'the last command' do
4
- context 'basic' do
5
- it 'should parse a standalone last command' do
6
- @parsed = @parser.parse 'last 24h'
7
- expect(@parsed[:timerange][:quantity].to_s).to eq '24'
8
- expect(@parsed[:timerange][:quantifier].to_s).to eq 'h'
9
- end
4
+ it 'should parse last 24h' do
5
+ result = @transformer.apply @parser.parse('last 24h')
6
+ expect(result.query.to_s).to eq({
7
+ query: {
8
+ range: {
9
+ '@timestamp' => {
10
+ gte: 24.hours.ago,
11
+ lte: Time.now
12
+ }}}}.to_s)
10
13
  end
11
14
 
12
- context 'complex' do
13
- before :all do
14
- @parsed = @parser.parse 'last 24w tshark.@src_ip = bar'
15
- end
16
-
17
- it 'should parse last command with a search' do
18
- expect(@parsed[:timerange][:quantity].to_s).to eq '24'
19
- expect(@parsed[:timerange][:quantifier].to_s).to eq 'w'
20
- expect(@parsed[:search][:field].to_s).to eq 'tshark.@src_ip'
21
- expect(@parsed[:search][:value].to_s).to eq 'bar'
22
- end
23
-
24
- context 'transformation' do
25
- before :each do
26
- @result_set = @transformer.apply(@parsed)
27
- end
15
+ it 'should parse last 24d' do
16
+ result = @transformer.apply @parser.parse('last 24d')
17
+ expect(result.query.to_s).to eq({
18
+ query: {
19
+ range: {
20
+ '@timestamp' => {
21
+ gte: 24.days.ago,
22
+ lte: Time.now
23
+ }}}}.to_s)
24
+ end
28
25
 
29
- it 'should have the proper result set' do
30
- @result_set.should be_a Plunk::ResultSet
31
- @result_set.query.should be_present
26
+ it 'should parse last 24w' do
27
+ result = @transformer.apply @parser.parse('last 24w')
28
+ expect(result.query.to_s).to eq({
29
+ query: {
30
+ range: {
31
+ '@timestamp' => {
32
+ gte: 24.weeks.ago,
33
+ lte: Time.now
34
+ }}}}.to_s)
35
+ end
32
36
 
33
- query = { query: {
34
- query_string: {
35
- query: "tshark.@src_ip:bar"
36
- },
37
- range: {
38
- '@timestamp' => {
39
- gte: 24.weeks.ago,
40
- lte: Time.now
41
- }}}}
37
+ it 'should parse last 24s' do
38
+ result = @transformer.apply @parser.parse('last 24s')
39
+ expect(result.query.to_s).to eq({
40
+ query: {
41
+ range: {
42
+ '@timestamp' => {
43
+ gte: 24.seconds.ago,
44
+ lte: Time.now
45
+ }}}}.to_s)
46
+ end
42
47
 
43
- @result_set.query.to_json.should eq query.to_json
44
- end
45
- end
48
+ it 'should parse last 24m' do
49
+ result = @transformer.apply @parser.parse('last 24m')
50
+ expect(result.query.to_s).to eq({
51
+ query: {
52
+ range: {
53
+ '@timestamp' => {
54
+ gte: 24.minutes.ago,
55
+ lte: Time.now
56
+ }}}}.to_s)
46
57
  end
47
58
  end
data/spec/regexp_spec.rb CHANGED
@@ -1,29 +1,12 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe 'regexp searches' do
4
- context 'simple' do
5
- it 'should parse a basic regexp search' do
6
- @parsed = @parser.parse 'foo=/blah foo/'
7
- expect(@parsed[:field].to_s).to eq 'foo'
8
- expect(@parsed[:value].to_s).to eq '/blah foo/'
9
- end
10
- end
11
-
12
- context 'complex' do
13
- it 'should parse key/value with regex' do
14
- @parsed = @parser.parse 'foo=bar fe.ip=/whodunnit/'
15
- expect(@parsed[0][:field].to_s).to eq 'foo'
16
- expect(@parsed[0][:value].to_s).to eq 'bar'
17
- expect(@parsed[1][:field].to_s).to eq 'fe.ip'
18
- expect(@parsed[1][:value].to_s).to eq '/whodunnit/'
19
- end
20
-
21
- it 'should parse last command with a regex' do
22
- @parsed = @parser.parse 'last 24w foo=/blah/'
23
- expect(@parsed[:timerange][:quantity].to_s).to eq '24'
24
- expect(@parsed[:timerange][:quantifier].to_s).to eq 'w'
25
- expect(@parsed[:search][:field].to_s).to eq 'foo'
26
- expect(@parsed[:search][:value].to_s).to eq '/blah/'
27
- end
4
+ it 'should parse foo=/blah foo/' do
5
+ result = @transformer.apply @parser.parse('foo=/blah foo/')
6
+ expect(result.query).to eq({
7
+ query: {
8
+ query_string: {
9
+ query: 'foo:/blah foo/'
10
+ }}})
28
11
  end
29
12
  end
data/spec/spec_helper.rb CHANGED
@@ -3,6 +3,7 @@ require 'plunk'
3
3
  require 'plunk/parser'
4
4
  require 'plunk/transformer'
5
5
  require 'plunk/result_set'
6
+ require 'plunk/elasticsearch'
6
7
  require 'parslet/rig/rspec'
7
8
 
8
9
  # Print ascii_tree when exception occurs
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: plunk
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.9
4
+ version: 0.0.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ram Mehta
@@ -103,7 +103,8 @@ files:
103
103
  - plunk.gemspec
104
104
  - spec/basic_spec.rb
105
105
  - spec/boolean_spec.rb
106
- - spec/elasticsearch_spec.rb
106
+ - spec/chained_search_spec.rb
107
+ - spec/elasticseach_spec.rb
107
108
  - spec/field_value_spec.rb
108
109
  - spec/last_spec.rb
109
110
  - spec/nested_search_spec.rb
data/spec/elasticsearch_spec.rb DELETED
@@ -1,15 +0,0 @@
1
- require 'plunk'
2
- require 'plunk/elasticsearch'
3
-
4
- describe Plunk::Elasticsearch do
5
- before :all do
6
- @elasticsearch = Plunk::Elasticsearch.new
7
- end
8
-
9
- context 'test field mapping' do
10
- it 'should successfully list all fields' do
11
- fields = @elasticsearch.available_fields
12
- expect(fields).to be_a Hash
13
- end
14
- end
15
- end