rsplunk 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Manifest.txt +3 -1
- data/README.txt +11 -23
- data/Rakefile +4 -7
- data/lib/rsplunk/api_error.rb +17 -0
- data/lib/rsplunk/client.rb +59 -0
- data/lib/rsplunk/search.rb +44 -0
- data/lib/rsplunk.rb +10 -33
- metadata +20 -7
- data/lib/rsplunk/auth.rb +0 -28
data/Manifest.txt
CHANGED
data/README.txt
CHANGED
@@ -9,38 +9,27 @@ This is a gem to facilitate Splunk searches and indexing.
|
|
9
9
|
require 'rsplunk'
|
10
10
|
|
11
11
|
=== To create a Splunk instance
|
12
|
-
|
13
|
-
=> "
|
12
|
+
Rsplunk.set('HOST', PORT)
|
13
|
+
=> "https://HOST:PORT"
|
14
14
|
|
15
15
|
=== To create a Splunk session
|
16
|
-
|
17
|
-
=> #<Rsplunk::
|
18
|
-
|
19
|
-
Appending the 'session_token' method will give you your token:
|
20
|
-
session.session_token
|
21
|
-
=> "66f8ee2ab56a2e30d3a016f6b78e50ce"
|
16
|
+
splunk = Rsplunk::Client.new(:username => 'USERNAME', :password => 'PASSWORD')
|
17
|
+
=> #<Rsplunk::Client:0x8b800f8 @pass="PASSWORD", @user="USERNAME">
|
22
18
|
|
23
19
|
=== To view current query jobs:
|
24
|
-
|
25
|
-
bar.query_jobs
|
26
|
-
|
27
|
-
This will bring back a very unsexy XML package for you.
|
28
|
-
|
29
|
-
'query_jobs' can take arguements to return certain XML parameters:
|
30
|
-
|
31
|
-
For example:
|
32
|
-
bar.query_jobs("name", "published", "title")
|
33
|
-
|
34
|
-
will return the owner, published date, and query string for all current running jobs.
|
20
|
+
splunk.list_jobs
|
35
21
|
|
36
22
|
=== To create a job:
|
37
|
-
|
23
|
+
splunk.create_job('SEARCH TERM', options)
|
38
24
|
=> "1334848433.7828"
|
39
25
|
|
40
26
|
Where, "1334848433.7828" is the Search ID returned from the job.
|
41
27
|
|
28
|
+
Available options can be found at:
|
29
|
+
http://docs.splunk.com/Documentation/Splunk/4.2.2/RESTAPI/RESTsearch#POST_search.2Fjobs
|
30
|
+
|
42
31
|
=== To list job results:
|
43
|
-
|
32
|
+
splunk.job_results(res)
|
44
33
|
=> XML results
|
45
34
|
|
46
35
|
== REQUIREMENTS:
|
@@ -52,8 +41,7 @@ Access to a working Splunk environment.
|
|
52
41
|
gem install rsplunk
|
53
42
|
|
54
43
|
== Upcoming Features:
|
55
|
-
|
56
|
-
* Credentials providing: delete a query
|
44
|
+
|
57
45
|
|
58
46
|
== Contributing to rSplunk
|
59
47
|
|
data/Rakefile
CHANGED
@@ -3,17 +3,14 @@
|
|
3
3
|
require 'rubygems'
|
4
4
|
require 'hoe'
|
5
5
|
|
6
|
-
# Hoe.plugin :compiler
|
7
|
-
# Hoe.plugin :gem_prelude_sucks
|
8
|
-
# Hoe.plugin :inline
|
9
|
-
# Hoe.plugin :minitest
|
10
|
-
# Hoe.plugin :racc
|
11
|
-
# Hoe.plugin :rubyforge
|
12
|
-
|
13
6
|
Hoe.spec 'rsplunk' do
|
14
7
|
|
15
8
|
developer('Ben Woodall', 'mail@benwoodall.com')
|
16
9
|
|
10
|
+
self.rubyforge_name = 'rsplunk'
|
11
|
+
|
12
|
+
dependency 'hpricot', '~> 0.8.6'
|
13
|
+
|
17
14
|
end
|
18
15
|
|
19
16
|
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module Rsplunk
|
2
|
+
class APIError < StandardError
|
3
|
+
|
4
|
+
attr_reader :code
|
5
|
+
attr_reader :response
|
6
|
+
|
7
|
+
def initialize(error, response)
|
8
|
+
@code = error.status
|
9
|
+
@response = response
|
10
|
+
end
|
11
|
+
|
12
|
+
def message
|
13
|
+
"(#{@code}):#{@response}"
|
14
|
+
end
|
15
|
+
alias :to_s :message
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
require 'forwardable'
|
2
|
+
|
3
|
+
module Rsplunk
|
4
|
+
|
5
|
+
class Client
|
6
|
+
extend Forwardable
|
7
|
+
|
8
|
+
include Search
|
9
|
+
|
10
|
+
attr_accessor :user, :pass
|
11
|
+
|
12
|
+
# Create a Splunk session using basic_auth parameters.
|
13
|
+
#
|
14
|
+
# Example:
|
15
|
+
# client = Rsplunk::Client.new(:username => 'your_username', :password => 'your_password')
|
16
|
+
def initialize(options={})
|
17
|
+
@user = options[:username]
|
18
|
+
@pass = options[:password]
|
19
|
+
end
|
20
|
+
|
21
|
+
# Sets up the initial connection to your Splunk server
|
22
|
+
def connection
|
23
|
+
params = {}
|
24
|
+
params[:username] = @user if @user
|
25
|
+
params[:password] = @pass if @pass
|
26
|
+
@connection ||= Faraday::Connection.new(:url => api_url, :ssl => { :verify => false },
|
27
|
+
:params => params, :headers => default_headers) do |builder|
|
28
|
+
builder.request :url_encoded
|
29
|
+
builder.response :xml
|
30
|
+
builder.adapter :net_http
|
31
|
+
builder.basic_auth(@user, @pass)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
# This is created in Splunk.set
|
36
|
+
def api_url
|
37
|
+
"https://#{$host}:#{$port}/services/"
|
38
|
+
end
|
39
|
+
|
40
|
+
# Sexy error handling
|
41
|
+
def return_error_or_body(response, response_body)
|
42
|
+
if response.status.to_s =~ /20./
|
43
|
+
response_body
|
44
|
+
else
|
45
|
+
raise Rsplunk::APIError.new(response, response.body)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
private
|
50
|
+
|
51
|
+
def default_headers
|
52
|
+
headers = {
|
53
|
+
:user_agent => "rSplunk"
|
54
|
+
}
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
58
|
+
|
59
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
module Rsplunk
|
2
|
+
module Search
|
3
|
+
|
4
|
+
# Returns an XML with all of the current running jobs
|
5
|
+
def list_jobs
|
6
|
+
response = connection.get('search/jobs')
|
7
|
+
return_error_or_body(response, response.body)
|
8
|
+
end
|
9
|
+
|
10
|
+
# Create a job
|
11
|
+
#
|
12
|
+
# 'query' is the search string you are passing to Splunk
|
13
|
+
# 'options' can be found at http://docs.splunk.com/Documentation/Splunk/4.2.2/RESTAPI/RESTsearch#POST_search.2Fjobs
|
14
|
+
#
|
15
|
+
def create_job(query, options={})
|
16
|
+
options[:earliest_time] ||= '-15m'
|
17
|
+
[:earliest_time, :latest_time, :time].each { |t| options[t] = format_time(options[t]) if options[t] }
|
18
|
+
response = connection.post do |req|
|
19
|
+
req.url 'search/jobs'
|
20
|
+
req.body = { :search => "search #{query}" }.merge(options)
|
21
|
+
end
|
22
|
+
return_error_or_body(response, response.body)
|
23
|
+
end
|
24
|
+
|
25
|
+
# Return results from a job using the job SID
|
26
|
+
def job_results(sid)
|
27
|
+
response = connection.get("search/jobs/#{sid}/results")
|
28
|
+
return_error_or_body(response, response.body)
|
29
|
+
end
|
30
|
+
|
31
|
+
def delete_job(sid)
|
32
|
+
response = connection.delete("search/jobs/#{sid}")
|
33
|
+
return_error_or_body(response, response.body)
|
34
|
+
end
|
35
|
+
|
36
|
+
|
37
|
+
private
|
38
|
+
|
39
|
+
def format_time(time)
|
40
|
+
time.is_a?(Time) ? time.strftime('%Y-%m-%dT%H:%M:%S%z') : time.to_s
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
end
|
data/lib/rsplunk.rb
CHANGED
@@ -1,47 +1,24 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'net/https'
|
4
|
-
require 'rubygems'
|
1
|
+
require 'faraday'
|
2
|
+
require 'faraday_middleware'
|
5
3
|
require 'hpricot'
|
6
|
-
|
7
|
-
|
4
|
+
|
5
|
+
$:.unshift( File.dirname( __FILE__ ))
|
8
6
|
|
9
7
|
module Rsplunk
|
10
8
|
|
11
|
-
VERSION = '0.
|
9
|
+
VERSION = '0.3.0'
|
12
10
|
|
13
|
-
require 'rsplunk/auth'
|
14
11
|
require 'rsplunk/search'
|
12
|
+
require 'rsplunk/client'
|
13
|
+
require 'rsplunk/api_error'
|
15
14
|
|
16
15
|
attr_accessor :host, :port
|
17
16
|
|
18
17
|
# Set the Splunk server instance. Defaults to 'localhost:8089'
|
19
18
|
def self.set(host='localhost', port = 8089)
|
20
|
-
|
21
|
-
|
22
|
-
"
|
23
|
-
end
|
24
|
-
|
25
|
-
# Create an SSL POST
|
26
|
-
def self.splunk_ssl_post_request(path, data = nil, headers = nil)
|
27
|
-
http = Net::HTTP.new(@host, @port)
|
28
|
-
http.use_ssl = true
|
29
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
30
|
-
http.post(path, data, headers).body
|
31
|
-
end
|
32
|
-
# Create and SSL GET
|
33
|
-
def self.splunk_ssl_get_request(path, headers = nil)
|
34
|
-
http = Net::HTTP.new(@host, @port)
|
35
|
-
http.use_ssl = true
|
36
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
37
|
-
http.get(path, headers).body
|
38
|
-
end
|
39
|
-
# Create an SSL DELETE
|
40
|
-
def self.splunk_ssl_delete_request(path, headers = nil)
|
41
|
-
http = Net::HTTP.new(@host, @port)
|
42
|
-
http.use_ssl = true
|
43
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
44
|
-
http.delete(path, headers).body
|
19
|
+
$host = host
|
20
|
+
$port = port
|
21
|
+
"https://#{$host}:#{$port}"
|
45
22
|
end
|
46
23
|
|
47
24
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rsplunk
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,11 +9,22 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-04-
|
12
|
+
date: 2012-04-25 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: hpricot
|
16
|
+
requirement: &82791720 !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: 0.8.6
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: *82791720
|
14
25
|
- !ruby/object:Gem::Dependency
|
15
26
|
name: rdoc
|
16
|
-
requirement: &
|
27
|
+
requirement: &82791230 !ruby/object:Gem::Requirement
|
17
28
|
none: false
|
18
29
|
requirements:
|
19
30
|
- - ~>
|
@@ -21,10 +32,10 @@ dependencies:
|
|
21
32
|
version: '3.10'
|
22
33
|
type: :development
|
23
34
|
prerelease: false
|
24
|
-
version_requirements: *
|
35
|
+
version_requirements: *82791230
|
25
36
|
- !ruby/object:Gem::Dependency
|
26
37
|
name: hoe
|
27
|
-
requirement: &
|
38
|
+
requirement: &82790790 !ruby/object:Gem::Requirement
|
28
39
|
none: false
|
29
40
|
requirements:
|
30
41
|
- - ~>
|
@@ -32,7 +43,7 @@ dependencies:
|
|
32
43
|
version: '3.0'
|
33
44
|
type: :development
|
34
45
|
prerelease: false
|
35
|
-
version_requirements: *
|
46
|
+
version_requirements: *82790790
|
36
47
|
description: This is a gem to facilitate Splunk searches and indexing.
|
37
48
|
email:
|
38
49
|
- mail@benwoodall.com
|
@@ -50,7 +61,9 @@ files:
|
|
50
61
|
- Rakefile
|
51
62
|
- bin/rsplunk
|
52
63
|
- lib/rsplunk.rb
|
53
|
-
- lib/rsplunk/
|
64
|
+
- lib/rsplunk/api_error.rb
|
65
|
+
- lib/rsplunk/client.rb
|
66
|
+
- lib/rsplunk/search.rb
|
54
67
|
- spec/spec_helper.rb
|
55
68
|
- spec/rsplunk_spec.rb
|
56
69
|
- test/test_rsplunk.rb
|
data/lib/rsplunk/auth.rb
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
module Rsplunk
|
2
|
-
|
3
|
-
class Auth
|
4
|
-
# Create a Splunk session
|
5
|
-
def initialize(user, pass)
|
6
|
-
@user = user
|
7
|
-
@pass = pass
|
8
|
-
session_token
|
9
|
-
end
|
10
|
-
|
11
|
-
attr_accessor :user, :pass
|
12
|
-
|
13
|
-
# Grab token with username and password
|
14
|
-
def create_token
|
15
|
-
doc = Hpricot(Rsplunk.splunk_ssl_post_request("/services/auth/login",
|
16
|
-
"username=#{@user}&password=#{@pass}"))
|
17
|
-
(doc/"//sessionkey").inner_html
|
18
|
-
end
|
19
|
-
|
20
|
-
# Returns the session token
|
21
|
-
|
22
|
-
def session_token
|
23
|
-
$session_token = create_token
|
24
|
-
end
|
25
|
-
|
26
|
-
end
|
27
|
-
|
28
|
-
end
|