rsplunk 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest.txt +3 -1
- data/README.txt +11 -23
- data/Rakefile +4 -7
- data/lib/rsplunk/api_error.rb +17 -0
- data/lib/rsplunk/client.rb +59 -0
- data/lib/rsplunk/search.rb +44 -0
- data/lib/rsplunk.rb +10 -33
- metadata +20 -7
- data/lib/rsplunk/auth.rb +0 -28
data/Manifest.txt
CHANGED
data/README.txt
CHANGED
@@ -9,38 +9,27 @@ This is a gem to facilitate Splunk searches and indexing.
|
|
9
9
|
require 'rsplunk'
|
10
10
|
|
11
11
|
=== To create a Splunk instance
|
12
|
-
|
13
|
-
=> "
|
12
|
+
Rsplunk.set('HOST', PORT)
|
13
|
+
=> "https://HOST:PORT"
|
14
14
|
|
15
15
|
=== To create a Splunk session
|
16
|
-
|
17
|
-
=> #<Rsplunk::
|
18
|
-
|
19
|
-
Appending the 'session_token' method will give you your token:
|
20
|
-
session.session_token
|
21
|
-
=> "66f8ee2ab56a2e30d3a016f6b78e50ce"
|
16
|
+
splunk = Rsplunk::Client.new(:username => 'USERNAME', :password => 'PASSWORD')
|
17
|
+
=> #<Rsplunk::Client:0x8b800f8 @pass="PASSWORD", @user="USERNAME">
|
22
18
|
|
23
19
|
=== To view current query jobs:
|
24
|
-
|
25
|
-
bar.query_jobs
|
26
|
-
|
27
|
-
This will bring back a very unsexy XML package for you.
|
28
|
-
|
29
|
-
'query_jobs' can take arguements to return certain XML parameters:
|
30
|
-
|
31
|
-
For example:
|
32
|
-
bar.query_jobs("name", "published", "title")
|
33
|
-
|
34
|
-
will return the owner, published date, and query string for all current running jobs.
|
20
|
+
splunk.list_jobs
|
35
21
|
|
36
22
|
=== To create a job:
|
37
|
-
|
23
|
+
splunk.create_job('SEARCH TERM', options)
|
38
24
|
=> "1334848433.7828"
|
39
25
|
|
40
26
|
Where, "1334848433.7828" is the Search ID returned from the job.
|
41
27
|
|
28
|
+
Available options can be found at:
|
29
|
+
http://docs.splunk.com/Documentation/Splunk/4.2.2/RESTAPI/RESTsearch#POST_search.2Fjobs
|
30
|
+
|
42
31
|
=== To list job results:
|
43
|
-
|
32
|
+
splunk.job_results(res)
|
44
33
|
=> XML results
|
45
34
|
|
46
35
|
== REQUIREMENTS:
|
@@ -52,8 +41,7 @@ Access to a working Splunk environment.
|
|
52
41
|
gem install rsplunk
|
53
42
|
|
54
43
|
== Upcoming Features:
|
55
|
-
|
56
|
-
* Credentials providing: delete a query
|
44
|
+
|
57
45
|
|
58
46
|
== Contributing to rSplunk
|
59
47
|
|
data/Rakefile
CHANGED
@@ -3,17 +3,14 @@
|
|
3
3
|
require 'rubygems'
|
4
4
|
require 'hoe'
|
5
5
|
|
6
|
-
# Hoe.plugin :compiler
|
7
|
-
# Hoe.plugin :gem_prelude_sucks
|
8
|
-
# Hoe.plugin :inline
|
9
|
-
# Hoe.plugin :minitest
|
10
|
-
# Hoe.plugin :racc
|
11
|
-
# Hoe.plugin :rubyforge
|
12
|
-
|
13
6
|
Hoe.spec 'rsplunk' do
|
14
7
|
|
15
8
|
developer('Ben Woodall', 'mail@benwoodall.com')
|
16
9
|
|
10
|
+
self.rubyforge_name = 'rsplunk'
|
11
|
+
|
12
|
+
dependency 'hpricot', '~> 0.8.6'
|
13
|
+
|
17
14
|
end
|
18
15
|
|
19
16
|
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module Rsplunk
|
2
|
+
class APIError < StandardError
|
3
|
+
|
4
|
+
attr_reader :code
|
5
|
+
attr_reader :response
|
6
|
+
|
7
|
+
def initialize(error, response)
|
8
|
+
@code = error.status
|
9
|
+
@response = response
|
10
|
+
end
|
11
|
+
|
12
|
+
def message
|
13
|
+
"(#{@code}):#{@response}"
|
14
|
+
end
|
15
|
+
alias :to_s :message
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
require 'forwardable'
|
2
|
+
|
3
|
+
module Rsplunk
|
4
|
+
|
5
|
+
class Client
|
6
|
+
extend Forwardable
|
7
|
+
|
8
|
+
include Search
|
9
|
+
|
10
|
+
attr_accessor :user, :pass
|
11
|
+
|
12
|
+
# Create a Splunk session using basic_auth parameters.
|
13
|
+
#
|
14
|
+
# Example:
|
15
|
+
# client = Rsplunk::Client.new(:username => 'your_username', :password => 'your_password')
|
16
|
+
def initialize(options={})
|
17
|
+
@user = options[:username]
|
18
|
+
@pass = options[:password]
|
19
|
+
end
|
20
|
+
|
21
|
+
# Sets up the initial connection to your Splunk server
|
22
|
+
def connection
|
23
|
+
params = {}
|
24
|
+
params[:username] = @user if @user
|
25
|
+
params[:password] = @pass if @pass
|
26
|
+
@connection ||= Faraday::Connection.new(:url => api_url, :ssl => { :verify => false },
|
27
|
+
:params => params, :headers => default_headers) do |builder|
|
28
|
+
builder.request :url_encoded
|
29
|
+
builder.response :xml
|
30
|
+
builder.adapter :net_http
|
31
|
+
builder.basic_auth(@user, @pass)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
# This is created in Splunk.set
|
36
|
+
def api_url
|
37
|
+
"https://#{$host}:#{$port}/services/"
|
38
|
+
end
|
39
|
+
|
40
|
+
# Sexy error handling
|
41
|
+
def return_error_or_body(response, response_body)
|
42
|
+
if response.status.to_s =~ /20./
|
43
|
+
response_body
|
44
|
+
else
|
45
|
+
raise Rsplunk::APIError.new(response, response.body)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
private
|
50
|
+
|
51
|
+
def default_headers
|
52
|
+
headers = {
|
53
|
+
:user_agent => "rSplunk"
|
54
|
+
}
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
58
|
+
|
59
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
module Rsplunk
|
2
|
+
module Search
|
3
|
+
|
4
|
+
# Returns an XML with all of the current running jobs
|
5
|
+
def list_jobs
|
6
|
+
response = connection.get('search/jobs')
|
7
|
+
return_error_or_body(response, response.body)
|
8
|
+
end
|
9
|
+
|
10
|
+
# Create a job
|
11
|
+
#
|
12
|
+
# 'query' is the search string you are passing to Splunk
|
13
|
+
# 'options' can be found at http://docs.splunk.com/Documentation/Splunk/4.2.2/RESTAPI/RESTsearch#POST_search.2Fjobs
|
14
|
+
#
|
15
|
+
def create_job(query, options={})
|
16
|
+
options[:earliest_time] ||= '-15m'
|
17
|
+
[:earliest_time, :latest_time, :time].each { |t| options[t] = format_time(options[t]) if options[t] }
|
18
|
+
response = connection.post do |req|
|
19
|
+
req.url 'search/jobs'
|
20
|
+
req.body = { :search => "search #{query}" }.merge(options)
|
21
|
+
end
|
22
|
+
return_error_or_body(response, response.body)
|
23
|
+
end
|
24
|
+
|
25
|
+
# Return results from a job using the job SID
|
26
|
+
def job_results(sid)
|
27
|
+
response = connection.get("search/jobs/#{sid}/results")
|
28
|
+
return_error_or_body(response, response.body)
|
29
|
+
end
|
30
|
+
|
31
|
+
def delete_job(sid)
|
32
|
+
response = connection.delete("search/jobs/#{sid}")
|
33
|
+
return_error_or_body(response, response.body)
|
34
|
+
end
|
35
|
+
|
36
|
+
|
37
|
+
private
|
38
|
+
|
39
|
+
def format_time(time)
|
40
|
+
time.is_a?(Time) ? time.strftime('%Y-%m-%dT%H:%M:%S%z') : time.to_s
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
end
|
data/lib/rsplunk.rb
CHANGED
@@ -1,47 +1,24 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'net/https'
|
4
|
-
require 'rubygems'
|
1
|
+
require 'faraday'
|
2
|
+
require 'faraday_middleware'
|
5
3
|
require 'hpricot'
|
6
|
-
|
7
|
-
|
4
|
+
|
5
|
+
$:.unshift( File.dirname( __FILE__ ))
|
8
6
|
|
9
7
|
module Rsplunk
|
10
8
|
|
11
|
-
VERSION = '0.
|
9
|
+
VERSION = '0.3.0'
|
12
10
|
|
13
|
-
require 'rsplunk/auth'
|
14
11
|
require 'rsplunk/search'
|
12
|
+
require 'rsplunk/client'
|
13
|
+
require 'rsplunk/api_error'
|
15
14
|
|
16
15
|
attr_accessor :host, :port
|
17
16
|
|
18
17
|
# Set the Splunk server instance. Defaults to 'localhost:8089'
|
19
18
|
def self.set(host='localhost', port = 8089)
|
20
|
-
|
21
|
-
|
22
|
-
"
|
23
|
-
end
|
24
|
-
|
25
|
-
# Create an SSL POST
|
26
|
-
def self.splunk_ssl_post_request(path, data = nil, headers = nil)
|
27
|
-
http = Net::HTTP.new(@host, @port)
|
28
|
-
http.use_ssl = true
|
29
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
30
|
-
http.post(path, data, headers).body
|
31
|
-
end
|
32
|
-
# Create and SSL GET
|
33
|
-
def self.splunk_ssl_get_request(path, headers = nil)
|
34
|
-
http = Net::HTTP.new(@host, @port)
|
35
|
-
http.use_ssl = true
|
36
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
37
|
-
http.get(path, headers).body
|
38
|
-
end
|
39
|
-
# Create an SSL DELETE
|
40
|
-
def self.splunk_ssl_delete_request(path, headers = nil)
|
41
|
-
http = Net::HTTP.new(@host, @port)
|
42
|
-
http.use_ssl = true
|
43
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
44
|
-
http.delete(path, headers).body
|
19
|
+
$host = host
|
20
|
+
$port = port
|
21
|
+
"https://#{$host}:#{$port}"
|
45
22
|
end
|
46
23
|
|
47
24
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rsplunk
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,11 +9,22 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-04-
|
12
|
+
date: 2012-04-25 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: hpricot
|
16
|
+
requirement: &82791720 !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: 0.8.6
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: *82791720
|
14
25
|
- !ruby/object:Gem::Dependency
|
15
26
|
name: rdoc
|
16
|
-
requirement: &
|
27
|
+
requirement: &82791230 !ruby/object:Gem::Requirement
|
17
28
|
none: false
|
18
29
|
requirements:
|
19
30
|
- - ~>
|
@@ -21,10 +32,10 @@ dependencies:
|
|
21
32
|
version: '3.10'
|
22
33
|
type: :development
|
23
34
|
prerelease: false
|
24
|
-
version_requirements: *
|
35
|
+
version_requirements: *82791230
|
25
36
|
- !ruby/object:Gem::Dependency
|
26
37
|
name: hoe
|
27
|
-
requirement: &
|
38
|
+
requirement: &82790790 !ruby/object:Gem::Requirement
|
28
39
|
none: false
|
29
40
|
requirements:
|
30
41
|
- - ~>
|
@@ -32,7 +43,7 @@ dependencies:
|
|
32
43
|
version: '3.0'
|
33
44
|
type: :development
|
34
45
|
prerelease: false
|
35
|
-
version_requirements: *
|
46
|
+
version_requirements: *82790790
|
36
47
|
description: This is a gem to facilitate Splunk searches and indexing.
|
37
48
|
email:
|
38
49
|
- mail@benwoodall.com
|
@@ -50,7 +61,9 @@ files:
|
|
50
61
|
- Rakefile
|
51
62
|
- bin/rsplunk
|
52
63
|
- lib/rsplunk.rb
|
53
|
-
- lib/rsplunk/
|
64
|
+
- lib/rsplunk/api_error.rb
|
65
|
+
- lib/rsplunk/client.rb
|
66
|
+
- lib/rsplunk/search.rb
|
54
67
|
- spec/spec_helper.rb
|
55
68
|
- spec/rsplunk_spec.rb
|
56
69
|
- test/test_rsplunk.rb
|
data/lib/rsplunk/auth.rb
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
module Rsplunk
|
2
|
-
|
3
|
-
class Auth
|
4
|
-
# Create a Splunk session
|
5
|
-
def initialize(user, pass)
|
6
|
-
@user = user
|
7
|
-
@pass = pass
|
8
|
-
session_token
|
9
|
-
end
|
10
|
-
|
11
|
-
attr_accessor :user, :pass
|
12
|
-
|
13
|
-
# Grab token with username and password
|
14
|
-
def create_token
|
15
|
-
doc = Hpricot(Rsplunk.splunk_ssl_post_request("/services/auth/login",
|
16
|
-
"username=#{@user}&password=#{@pass}"))
|
17
|
-
(doc/"//sessionkey").inner_html
|
18
|
-
end
|
19
|
-
|
20
|
-
# Returns the session token
|
21
|
-
|
22
|
-
def session_token
|
23
|
-
$session_token = create_token
|
24
|
-
end
|
25
|
-
|
26
|
-
end
|
27
|
-
|
28
|
-
end
|