RubyGems - plunk - Versions diffs - 0.0.10 → 0.1.0 - Mend

plunk 0.0.10 → 0.1.0

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a659a0a283f124f49496afa4cca6987f8c922d5d
-  data.tar.gz: 545c1203a5f86c97ac4eb32e8a515c84c36f342a
+  metadata.gz: 1f4ae213e6780d0beabd3c1d1595424aa75b041a
+  data.tar.gz: 00bd1c4fab440ccc2bc140f0243f6f9769e0f6f8
 SHA512:
-  metadata.gz: c92655505f884b6b95231fd923620948ca9d67fa32610d0c416e408a39696d44baa752b14ac0482d1a77f9a061c41544f5d662cd84f7e6178c1670d5abed7b42
-  data.tar.gz: cb2b3e91a07b221b954aabe2f9ae0711e267ef7a68f4dc4fdfb16482534135d59761e7773897716021b6cd3d755f89bd3aebd2061998acd9ca7845ac32abf6b1
+  metadata.gz: 05df593ab809765d85a480c9a6056599be8b8843023a473c5621cd4d49e878e26e40f168edc5375666de0596600790dfe168c462bac54191efab9b0c2423e1b7
+  data.tar.gz: b5dd04ae58e43e338259f171a421ab9cbc19096675ef78379d62adbf62a86a78c1f1703c270986b0d9669c342985fe1feca2157bf9c922c0ff5ea7118c5676c9

data/lib/plunk/elasticsearch.rb CHANGED Viewed

@@ -57,7 +57,7 @@ class Plunk::Elasticsearch
   end
   # nested field matcher
-  def extract_values(hash, keys)
+  def self.extract_values(hash, keys)
     @vals ||= []
     hash.each_pair do |k, v|

data/lib/plunk/transformer.rb CHANGED Viewed

@@ -10,20 +10,21 @@ class Plunk::Transformer < Parslet::Transform
   rule(
     field: simple(:field),
     value: {
-      term: simple(:term),
+      initial_query: subtree(:initial_query),
       extractors: simple(:extractors)
     },
     op: '=') do
-    rs = Plunk::ResultSet.new(query_string: "#{field}:#{term}")
+    # recursively apply nested query
+    result_set = Plunk::Transformer.new.apply(initial_query)
-    json = JSON.parse rs.eval
+    json = JSON.parse result_set.eval
     values = Plunk::Elasticsearch.extract_values json, extractors.to_s.split(',')
     if values.empty?
       Plunk::ResultSet.new
     else
-      Plunk::ResultSet.new(query_string: "(#{values.uniq.join(' OR ')})")
+      Plunk::ResultSet.new(query_string: "#{field}:(#{values.uniq.join(' OR ')})")
     end
   end

data/plunk.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name                    = "plunk"
-  s.version                 = "0.0.10"
+  s.version                 = "0.1.0"
   s.date                    = "2013-12-03"
   s.add_runtime_dependency  "json"
   s.add_runtime_dependency  "parslet"

data/spec/last_spec.rb CHANGED Viewed

@@ -55,4 +55,18 @@ describe 'the last command' do
             lte: Time.now
     }}}}.to_s)
   end
+  it 'should parse foo=bar last 1h' do
+    result = @transformer.apply @parser.parse('last 1h foo=bar')
+    expect(result.query.to_s).to eq({
+      query: {
+        query_string: {
+          query: 'foo:bar'
+        },
+        range: {
+          '@timestamp' => {
+            gte: 1.hour.ago,
+            lte: Time.now
+    }}}}.to_s)
+  end
 end

data/spec/nested_search_spec.rb CHANGED Viewed

@@ -1,6 +1,25 @@
 require 'spec_helper'
 describe 'nested searches' do
+  before :all do
+    fake_results = {
+      foo: 'bar',
+      baz: 5,
+      arr: [ 0, 1, 2, 3 ],
+      '@timestamp' => Time.now
+    }.to_json
+    Plunk::ResultSet.any_instance.stub(:eval).and_return(fake_results)
+  end
+  it 'should transform' do
+    results = @transformer.apply @parser.parse('foo=`bar=baz|baz`')
+    expect(results.query).to eq({
+      query: {
+        query_string: {
+          query: 'foo:(5)'
+    }}})
+  end
   it 'should parse a nested basic search' do
     @parsed = @parser.parse 'tshark.len = ` 226 | tshark.frame.time_epoch,tshark.ip.src`'
     expect(@parsed[:field].to_s).to eq 'tshark.len'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: plunk
 version: !ruby/object:Gem::Version
-  version: 0.0.10
+  version: 0.1.0
 platform: ruby
 authors:
 - Ram Mehta