ruby-splunk 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. data/lib/splunk.rb +69 -0
  2. metadata +47 -0
data/lib/splunk.rb ADDED
@@ -0,0 +1,69 @@
1
+ # Splunk API for Ruby
2
+ require 'net/http'
3
+ require 'nokogiri'
4
+ require 'nori'
5
+ require 'uri'
6
+
7
+ Nori.parser = :nokogiri
8
+
9
+ module Splunk
10
+
11
+ class Splunk
12
+ def initialize(splunk_uri,user,password)
13
+ @uri = splunk_uri
14
+ res = Nokogiri::XML(api_request("#{@uri}/auth/login", 'username' => user, 'password' => password).body)
15
+ @session_key = res.xpath('/response/sessionKey')[0].content
16
+ end
17
+
18
+ def search(search, *data)
19
+ search = "search #{search}"
20
+ data[0]["search"] = search
21
+ xml = Nori.parse api_request("#{@uri}/search/jobs/export", *data).body
22
+ raise "Search failed: #{xml["response"]["messages"]["msg"]}" if xml.has_key? "response"
23
+ ret = Array.new
24
+ xml["results"]["result"].each do |result|
25
+ rres = Hash.new
26
+ result["field"].each do |field|
27
+ if field.has_key? "@k"
28
+ case field["@k"]
29
+ when '_raw'
30
+ rres[:"#{field["@k"]}"] = field["v"].to_s
31
+ when '_si'
32
+ # FIXME do nothing - we don't handle this yet
33
+ else
34
+ case field["@k"]
35
+ when '_time'
36
+ rres[:"#{field["@k"]}"] = Time.parse field["value"]["text"].to_s
37
+ else
38
+ rres[:"#{field["@k"]}"] = field["value"]["text"].to_s
39
+ end
40
+ end
41
+ end
42
+ end
43
+ ret << rres
44
+ end
45
+ ret
46
+ end
47
+
48
+ private
49
+
50
+ def api_request(uri, *data)
51
+ endpoint = URI.parse(uri)
52
+ http = Net::HTTP.new endpoint.host, endpoint.port
53
+ if endpoint.scheme == 'https'
54
+ http.use_ssl = true
55
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
56
+ end
57
+
58
+ req = Net::HTTP::Post.new(endpoint.path)
59
+
60
+ if @session_key
61
+ req['Authorization'] = "Splunk #{@session_key}"
62
+ end
63
+
64
+ req.set_form_data(*data)
65
+ http.request req
66
+ end
67
+ end
68
+
69
+ end
metadata ADDED
@@ -0,0 +1,47 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ruby-splunk
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Andrew Beresford
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-04-23 00:00:00.000000000 +01:00
13
+ default_executable:
14
+ dependencies: []
15
+ description: Splunk API Library for Ruby
16
+ email: beezly@beez.ly
17
+ executables: []
18
+ extensions: []
19
+ extra_rdoc_files: []
20
+ files:
21
+ - lib/splunk.rb
22
+ has_rdoc: true
23
+ homepage: http://github.com/beezly/ruby-splunk
24
+ licenses: []
25
+ post_install_message:
26
+ rdoc_options: []
27
+ require_paths:
28
+ - lib
29
+ required_ruby_version: !ruby/object:Gem::Requirement
30
+ none: false
31
+ requirements:
32
+ - - ! '>='
33
+ - !ruby/object:Gem::Version
34
+ version: '0'
35
+ required_rubygems_version: !ruby/object:Gem::Requirement
36
+ none: false
37
+ requirements:
38
+ - - ! '>='
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ requirements: []
42
+ rubyforge_project:
43
+ rubygems_version: 1.6.2
44
+ signing_key:
45
+ specification_version: 3
46
+ summary: Splunk API Library
47
+ test_files: []