rsplunk 0.3.1 → 0.4.0

data/Manifest.txt

@@ -2,11 +2,10 @@ History.txt
 Manifest.txt
 README.txt
 Rakefile
-bin/rsplunk
 lib/rsplunk.rb
 lib/rsplunk/api_error.rb
 lib/rsplunk/client.rb
 lib/rsplunk/search.rb
 spec/spec_helper.rb
 spec/rsplunk_spec.rb
-test/test_rsplunk.rb
+

data/README.txt

@@ -2,11 +2,8 @@
 
 == DESCRIPTION:
 
-This is a gem to facilitate Splunk searches and indexing.
-
-== SYNOPSIS:
-
-require 'rsplunk'
+rSplunk is a Splunk (http://www.splunk.com) API wrapper.  To use this gem, you will need access
+to a Splunk server.
 
 === To create a Splunk instance
 Rsplunk.set('HOST', PORT)
@@ -20,11 +17,19 @@ splunk = Rsplunk::Client.new(:username => 'USERNAME', :password => 'PASSWORD')
 splunk.list_jobs
 
 === To create a job:
-splunk.create_job('SEARCH TERM', options)
+splunk.create_job('search SEARCH TERM', options)
 => "1334848433.7828"
 
 Where, "1334848433.7828" is the Search ID returned from the job.
 
+I elected not to append 'search' automagically to the beginning of a job because you may need to create
+different jobs other than a direct 'search'.  Splunk UI does this automatically when using its interface.
+So a valid 'search' job would look like 'search 404:error host="www.benwoodall.com"'
+
+By default, a search with no 'earliest_time' option is set to '-15m' to only search the last 15 minutes.
+To change this:
+splunk.create_job('search SEARCH TERM', ":earlist_time => '-60m'")
+
 Available options can be found at:
 http://docs.splunk.com/Documentation/Splunk/4.2.2/RESTAPI/RESTsearch#POST_search.2Fjobs
 
@@ -35,13 +40,15 @@ splunk.job_results(res)
 == REQUIREMENTS:
 
 Access to a working Splunk environment.
+* faraday
+* faraday_middleware
 
 == INSTALL:
 
 gem install rsplunk
 
 == Upcoming Features:
-
+* include ALL THE ENDPOINTS!
 
 == Contributing to rSplunk
 

data/Rakefile

@@ -9,9 +9,7 @@ Hoe.spec 'rsplunk' do
 
   self.rubyforge_name = 'rsplunk'
 
-  dependency 'hpricot', '~> 0.8.6'
+  dependency 'faraday', '~> 0.8.0'
+  dependency 'faraday_middleware', '~> 0.8.7'
 
 end
-
-
-

data/lib/rsplunk/api_error.rb

@@ -9,8 +9,10 @@ module Rsplunk
       @response = response
     end
 
+    # Return the HTTP code and response
+    # (404):Unknown sid
     def message
-      "(#{@code}):#{@response}"
+      "(#{@code}):#{@response["response"]["messages"]["msg"]}"
     end
     alias :to_s :message
   end

data/lib/rsplunk/client.rb

@@ -32,7 +32,9 @@ module Rsplunk
       end
     end
 
-    # This is created in Splunk.set
+    private
+
+    # This is created in Rsplunk.set
     def api_url
       "https://#{$host}:#{$port}/services/"
     end
@@ -46,8 +48,6 @@ module Rsplunk
       end
     end
 
-    private
-
     def default_headers
       headers = {
         :user_agent => "rSplunk"

data/lib/rsplunk/search.rb

@@ -1,33 +1,51 @@
 module Rsplunk
 	module Search
 
+    # RETURN ALL THE JOBS!
+		#
 		# Returns an XML with all of the current running jobs
-		def list_jobs
-			response = connection.get('search/jobs')
-			return_error_or_body(response, response.body)
+		# Valid options for this are for output format:
+		# :output_mode => 'csv | raw | xml | json'
+		def list_jobs(options = {})
+			response = connection.get do |req|
+				req.url ('search/jobs')
+				req.body = options
+			end
+			return_error_or_body(response, response)
 		end
 
 		# Create a job
 		#
 		# 'query' is the search string you are passing to Splunk
 		# 'options' can be found at http://docs.splunk.com/Documentation/Splunk/4.2.2/RESTAPI/RESTsearch#POST_search.2Fjobs
-		#
 		def create_job(query, options={})
+			search = "#{query}"
 			options[:earliest_time] ||= '-15m'
 			[:earliest_time, :latest_time, :time].each { |t| options[t] = format_time(options[t]) if options[t] }
 			response = connection.post do |req|
 				req.url 'search/jobs'
-				req.body = { :search => "search #{query}" }.merge(options)
+				req.body = { :search => "#{search}" }.merge(options)
 			end
-			return_error_or_body(response, response.body)
+			return_error_or_body(response, response.body["response"]["sid"])
 		end
 
-		# Return results from a job using the job SID
-		def job_results(sid)
-			response = connection.get("search/jobs/#{sid}/results")
+
+		# Return results
+		#
+		# Gives the results from a job using the job SID.
+		# Valid options for this are for output format:
+		# :output_mode => 'csv | raw | xml | json'
+	  def job_results(sid, options = {})
+			response = connection.get do |req|
+				req.url "search/jobs/#{sid}/results"
+				req.body = options
+			end
 			return_error_or_body(response, response.body)
 		end
 
+		# Delete job
+		#
+		# Delete a running or saved job using the job SID
 		def delete_job(sid)
 			response = connection.delete("search/jobs/#{sid}")
 			return_error_or_body(response, response.body)

data/lib/rsplunk.rb

@@ -5,7 +5,7 @@ $:.unshift( File.dirname( __FILE__ ))
 
 module Rsplunk
 
-  VERSION = '0.3.1'
+  VERSION = '0.4.0'
 
   require 'rsplunk/search'
   require 'rsplunk/client'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rsplunk
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,22 +9,33 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-25 00:00:00.000000000 Z
+date: 2012-05-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: hpricot
-  requirement: &71241120 !ruby/object:Gem::Requirement
+  name: faraday
+  requirement: &74273600 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.8.6
+        version: 0.8.0
   type: :runtime
   prerelease: false
-  version_requirements: *71241120
+  version_requirements: *74273600
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: &74273340 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.8.7
+  type: :runtime
+  prerelease: false
+  version_requirements: *74273340
 - !ruby/object:Gem::Dependency
   name: rdoc
-  requirement: &71240560 !ruby/object:Gem::Requirement
+  requirement: &74273040 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,10 +43,10 @@ dependencies:
         version: '3.10'
   type: :development
   prerelease: false
-  version_requirements: *71240560
+  version_requirements: *74273040
 - !ruby/object:Gem::Dependency
   name: hoe
-  requirement: &71240160 !ruby/object:Gem::Requirement
+  requirement: &74272750 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -43,12 +54,14 @@ dependencies:
         version: '3.0'
   type: :development
   prerelease: false
-  version_requirements: *71240160
-description: This is a gem to facilitate Splunk searches and indexing.
+  version_requirements: *74272750
+description: ! 'rSplunk is a Splunk (http://www.splunk.com) API wrapper.  To use this
+  gem, you will need access
+
+  to a Splunk server.'
 email:
 - mail@benwoodall.com
-executables:
-- rsplunk
+executables: []
 extensions: []
 extra_rdoc_files:
 - History.txt
@@ -59,14 +72,12 @@ files:
 - Manifest.txt
 - README.txt
 - Rakefile
-- bin/rsplunk
 - lib/rsplunk.rb
 - lib/rsplunk/api_error.rb
 - lib/rsplunk/client.rb
 - lib/rsplunk/search.rb
 - spec/spec_helper.rb
 - spec/rsplunk_spec.rb
-- test/test_rsplunk.rb
 - .gemtest
 homepage: 
 licenses: []
@@ -93,6 +104,5 @@ rubyforge_project: rsplunk
 rubygems_version: 1.8.11
 signing_key: 
 specification_version: 3
-summary: This is a gem to facilitate Splunk searches and indexing.
-test_files:
-- test/test_rsplunk.rb
+summary: rSplunk is a Splunk (http://www.splunk.com) API wrapper
+test_files: []

data/bin/rsplunk

@@ -1 +0,0 @@
-#!/usr/bin/env ruby

data/test/test_rsplunk.rb

@@ -1,2 +0,0 @@
-class Rsplunk < MiniTest::Unit::TestCase
-end