RubyGems - splunk-client - Versions diffs - 0.5.1 → 0.6 - Mend

splunk-client 0.5.1 → 0.6

Files changed (13) hide show

data/Gemfile +4 -0
data/Gemfile.lock +38 -0
data/README.md +55 -0
data/Rakefile +9 -0
data/VERSION +1 -0
data/lib/splunk-client.rb +1 -91
data/lib/splunk_client/splunk_client.rb +76 -0
data/lib/splunk_client/splunk_job.rb +43 -0
data/lib/splunk_client/splunk_result.rb +34 -0
data/lib/splunk_client/splunk_results.rb +29 -0
data/spec/spec_helper.rb +15 -0
data/spec/splunk_client_spec.rb +58 -0
metadata +112 -51

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in splunk-client.gemspec
+gemspec

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,38 @@
+PATH
+  remote: .
+  specs:
+    splunk-client (0.5.3)
+      nokogiri
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.1.3)
+    json (1.7.3)
+    multi_json (1.3.5)
+    nokogiri (1.5.2)
+    rake (0.9.2.2)
+    rspec (2.10.0)
+      rspec-core (~> 2.10.0)
+      rspec-expectations (~> 2.10.0)
+      rspec-mocks (~> 2.10.0)
+    rspec-core (2.10.0)
+    rspec-expectations (2.10.0)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.10.1)
+    simplecov (0.6.4)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.5.3)
+    simplecov-html (0.5.3)
+    simplecov-rcov (0.2.3)
+      simplecov (>= 0.4.1)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  json
+  rake
+  rspec
+  simplecov-rcov
+  splunk-client!

data/README.md ADDED Viewed

@@ -0,0 +1,55 @@
+# SplunkClient
+Ruby library for dealing with Splunk searches and results using the Splunk REST API.
+## Installation
+	gem install splunk-client
+## Usage
+Creating and using a client is easy:
+	require 'splunk-client.rb'
+	# Create the client
+	splunk = SplunkClient.new("username", "password", "hostname")
+	# Create the Search
+	search = splunk.search("test_search")
+	# Wait for the Splunk search to complete
+	search.wait # Blocks until the search returns
+	#Print the raw XML results
+	puts search.results
+	#Print the time and host of each result
+	search.parsedResults.each do |result|
+		puts result.host + " : " + result.time
+	end
+## Tips
+* Want to spawn multiple jobs without blocking on each? Use `search.complete?` to poll for job status.
+* Looking for more or less results? Use `search.results(maxResults)` to control how much is returned. (A value of 0 returns all results (this is the default.))
+* Access Splunk fields in results via method calls
+	`result = search.parsedResults`
+	`puts result[0].fieldName`
+## Revision History
+#### 0.6
+* Added two new objects: SplunkResults and SplunkResult for to support:
+* Accessing Splunk fields via method calls
+    `search.parsedResults.each {|result| puts result.$$FIELD_NAME$$}`
+#### 0.5
+WARNING: Compatibility with prior versions will break as SplunkClient no longer returns a sid. It now returns a SplunkJob object.
+* Separated SplunkClient and SplunkJob into two separate objects.
+#### 0.1
+* Initial Release

data/Rakefile ADDED Viewed

@@ -0,0 +1,9 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+desc "Run specs"
+RSpec::Core::RakeTask.new do |t|
+  t.pattern = "./spec/**/*_spec.rb" # don't need this, it's default.
+  # Put spec opts in a file named .rspec in root
+end

data/VERSION ADDED Viewed

	@@ -0,0 +1 @@
1	+ 0.6

data/lib/splunk-client.rb CHANGED Viewed

@@ -1,93 +1,3 @@
 # Author::        Christopher Brito (cbrito@gmail.com)
 # Original Repo:: https://github.com/cbrito/splunk-client
-require 'net/https'
-require 'cgi'
-require 'rubygems'
-require 'nokogiri'
-class SplunkJob
-  attr_reader :jobId
-  def initialize(jobId, clientPointer)
-      @jobId  = jobId
-      @client = clientPointer #SplunkClient object pointer
-  end
-  def wait
-    wait_for_results
-  end
-  def wait_for_results
-    # Wait for the Splunk search to complete
-  	while (@client.get_search_status(@jobId).to_i == 0)
-  	  sleep 2
-  	end
-  end
-  def complete?
-    # Return status of job
-    @client.get_search_status(@jobId).to_i == 0
-  end
-  def results(maxResults=0)
-    # Return search results
-    @client.get_search_results(@jobId, maxResults)
-  end
-end #class SplunkJob
-class SplunkClient
-  def initialize(username, password, host, port=8089)
-    @USER=username; @PASS=password; @HOST=host; @PORT=port
-    @SESSION_KEY = { 'authorization' => "Splunk #{get_session_key}" }
-  end
-  def create_search(search)
-    # Returns a SplunkJob
-    xml = splunk_post_request("/services/search/jobs",
-                              "search=#{CGI::escape("search #{search}")}",
-                              @SESSION_KEY)
-    @doc = Nokogiri::Slop(xml)
-    return SplunkJob.new(@doc.xpath("//sid").text, self)
-  end
-  def get_search_status(sid)
-    xml = splunk_get_request("/services/search/jobs/#{sid}")
-    @doc = Nokogiri::Slop(xml)
-    return @doc.xpath("//s:key[@name='isDone']").text
-  end
-  def get_search_results(sid, maxResults=0)
-    splunk_get_request("/services/search/jobs/#{sid}/results?count=#{maxResults}")
-  end
-  private ###############################################################################
-  def splunk_http_request
-    http = Net::HTTP.new(@HOST, @PORT)
-    http.use_ssl = true
-    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-    return http
-  end
-  def splunk_get_request(path)
-    splunk_http_request.get(path, @SESSION_KEY).body
-  end
-  def splunk_post_request(path, data=nil, headers=nil)
-    splunk_http_request.post(path,data,headers).body
-  end
-  def get_session_key
-    xml = splunk_post_request("/services/auth/login",
-                              "username=#{@USER}&password=#{@PASS}")
-    @doc = Nokogiri::Slop(xml)
-    return @doc.xpath("//sessionKey").text
-  end
-end #class SplunkClient
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_client/splunk_client')

data/lib/splunk_client/splunk_client.rb ADDED Viewed

@@ -0,0 +1,76 @@
+# Author::        Christopher Brito (cbrito@gmail.com)
+# Original Repo:: https://github.com/cbrito/splunk-client
+require 'net/https'
+require 'cgi'
+require 'rubygems'
+require 'nokogiri'
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_job')
+class SplunkClient
+  def initialize(username, password, host, port=8089)
+    @USER=username; @PASS=password; @HOST=host; @PORT=port
+    @SESSION_KEY = { 'authorization' => "Splunk #{get_session_key}" }
+  end
+  def search(search)
+    create_search(search)
+  end
+  def create_search(search)
+    # Returns a SplunkJob
+    xml = splunk_post_request("/services/search/jobs",
+                              "search=#{CGI::escape("search #{search}")}",
+                              @SESSION_KEY)
+    @doc = Nokogiri::Slop(xml)
+    return SplunkJob.new(@doc.xpath("//sid").text, self)
+  end
+  def get_search_status(sid)
+    xml = splunk_get_request("/services/search/jobs/#{sid}")
+    @doc = Nokogiri::Slop(xml)
+    return @doc.xpath("//s:key[@name='isDone']").text
+  end
+  def get_search_results(sid, maxResults=0, mode=nil)
+    url = "/services/search/jobs/#{sid}/results?count=#{maxResults}"
+    url += "&output_mode=#{mode}" unless mode.nil?
+    splunk_get_request(url)
+  end
+  def control_job(sid, action)
+    xml = splunk_post_request("/services/search/jobs/#{sid}/control",
+                              "action=#{CGI::escape(action)}",
+                              @SESSION_KEY)
+    @doc = Nokogiri::Slop(xml)
+  end
+  private ###############################################################################
+  def splunk_http_request
+    http = Net::HTTP.new(@HOST, @PORT)
+    http.use_ssl = true
+    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    return http
+  end
+  def splunk_get_request(path)
+    splunk_http_request.get(path, @SESSION_KEY).body
+  end
+  def splunk_post_request(path, data=nil, headers=nil)
+    splunk_http_request.post(path,data,headers).body
+  end
+  def get_session_key
+    xml = splunk_post_request("/services/auth/login",
+                              "username=#{@USER}&password=#{@PASS}")
+    @doc = Nokogiri::Slop(xml)
+    return @doc.xpath("//sessionKey").text
+  end
+end #class SplunkClient

data/lib/splunk_client/splunk_job.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# Author::        Christopher Brito (cbrito@gmail.com)
+# Original Repo:: https://github.com/cbrito/splunk-client
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_results')
+class SplunkJob
+  attr_reader :jobId
+  def initialize(jobId, clientPointer)
+    @jobId  = jobId
+    @client = clientPointer #SplunkClient object pointer
+  end
+  def wait
+    wait_for_results
+  end
+  def wait_for_results
+    # Wait for the Splunk search to complete
+    sleep 1 until complete?
+  end
+  def complete?
+    # Return status of job
+    @client.get_search_status(@jobId).to_i == 1
+  end
+  def results(maxResults=0, mode=nil)
+    # Return search results
+    @client.get_search_results(@jobId, maxResults, mode)
+  end
+  def cancel
+    @client.control_job(@jobId, 'cancel')
+  end
+  def parsedResults
+    # Return a SplunkResults object with methods for the result fields
+    SplunkResults.new(results).results
+  end
+end #class SplunkJob

data/lib/splunk_client/splunk_result.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# Author::        Christopher Brito (cbrito@gmail.com)
+# Original Repo:: https://github.com/cbrito/splunk-client
+# Simplify the calling of single result data from xpaths into an object
+# http://stackoverflow.com/questions/2240535/how-do-i-use-hash-keys-as-methods-on-a-class
+class SplunkResult
+  def initialize(nokogiriNode)
+    @result = nokogiriNode
+  end
+  # Ex: splunkResult.time => nokogiriNode.result.field("[@k=\"_time\"]").value.text
+  def time
+    @result.field("[@k=\"_time\"]").value.text
+  end
+  # Ex: splunkResult.sourceIp => nokogiriNode.result.field("[@k=\"sourceIp\"]").value.text
+  def method_missing(name, *args, &blk)
+    if args.empty? && blk.nil? && @result.field("[@k=\"#{name}\"]")
+      @result.field("[@k=\"#{name}\"]").value.text
+    else
+      super
+    end
+  end
+  def respond_to?(name)
+    begin
+      unless @result.field("[@k=\"#{name}\"]").nil? then true else super end
+    rescue NoMethodError
+      super
+    end
+  end
+end #class SplunkResult

data/lib/splunk_client/splunk_results.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# Author::        Christopher Brito (cbrito@gmail.com)
+# Original Repo:: https://github.com/cbrito/splunk-client
+require 'rubygems'
+require 'nokogiri'
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_result')
+# Simplify the calling of single result data from xpaths into an objects
+class SplunkResults
+  attr_reader :results
+  def initialize(rawResults)
+    nokoResults = Nokogiri::Slop(rawResults)
+    @results = Array.new
+    if nokoResults.results.result.respond_to?("length")
+      # Multiple Results, build array
+      nokoResults.results.result.each do |resultObj|
+        @results.push SplunkResult.new(resultObj)
+      end
+    else
+      # Single results object
+      @results.push Splunkresults.new(nokoResults.results.result)
+    end
+    return @results
+  end
+end #class SplunkResults

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,15 @@
+require 'rubygems'
+require 'simplecov'
+require 'simplecov-rcov'
+class SimpleCov::Formatter::MergedFormatter
+  def format(result)
+    SimpleCov::Formatter::HTMLFormatter.new.format(result)
+    SimpleCov::Formatter::RcovFormatter.new.format(result)
+  end
+end
+SimpleCov.formatter = SimpleCov::Formatter::MergedFormatter
+SimpleCov.start
+require 'rspec/autorun'
+require 'json'
+require File.expand_path File.join(File.dirname(__FILE__), '../lib/splunk-client')

data/spec/splunk_client_spec.rb ADDED Viewed

@@ -0,0 +1,58 @@
+require File.expand_path File.join(File.dirname(__FILE__), 'spec_helper')
+describe SplunkClient do
+  before :each do
+    @user = ENV['SPLUNK_USER']
+    @pass = ENV['SPLUNK_PASSWD']
+    @host = ENV['SPLUNK_HOST']
+    @splunk_client = SplunkClient.new(@user, @pass, @host)
+  end
+  context "initialization" do
+    it "creates a session key" do
+      splunk_client = @splunk_client
+      splunk_client.should_not be(nil)
+      splunk_client.send(:get_session_key).should_not be(nil)
+    end
+  end
+  context "searching" do
+    it "creates a search job and returns results" do
+      splunk_client = @splunk_client
+      splunk_client.should_not be(nil)
+      search = 'source="/var/log/messages" "kernel" earliest=-10m'
+      job = splunk_client.search(search)
+      job.should_not be(nil)
+      job.wait
+      job.results(0, 'json')
+      job.cancel
+    end
+  end
+  context "parsing_results" do
+    it "uses the parsedResults 'host' method of a SplunkJob" do
+      splunk_client = @splunk_client
+      splunk_client.should_not be(nil)
+      search = 'source="/var/log/messages" "kernel" earliest=-10m'
+      job = splunk_client.search(search)
+      job.should_not be(nil)
+      job.wait
+      results = job.parsedResults
+      # Test the auto generated methods
+      results.each do |result|
+        result.respond_to?("time").should be(true)
+        result.respond_to?("host").should be(true)
+        result.time.should_not be(nil)
+        result.host.should_not be(nil)
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,78 +1,139 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: splunk-client
-version: !ruby/object:Gem::Version
-  hash: 9
+version: !ruby/object:Gem::Version
+  version: '0.6'
   prerelease:
-  segments:
-  - 0
-  - 5
-  - 1
-  version: 0.5.1
 platform: ruby
-authors:
+authors:
 - Christopher Brito
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-04-24 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2012-05-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: nokogiri
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov-rcov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Simple Ruby library for interfacing with Splunk's REST API.
-email: cbrito@gmail.com
+email:
+- cbrito@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
+files:
 - lib/splunk-client.rb
+- lib/splunk_client/splunk_client.rb
+- lib/splunk_client/splunk_job.rb
+- lib/splunk_client/splunk_result.rb
+- lib/splunk_client/splunk_results.rb
+- spec/spec_helper.rb
+- spec/splunk_client_spec.rb
+- VERSION
+- README.md
+- Rakefile
+- Gemfile
+- Gemfile.lock
 homepage: http://github.com/cbrito/splunk-client
 licenses: []
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.15
+rubygems_version: 1.8.24
 signing_key:
 specification_version: 3
 summary: Ruby Library for interfacing with Splunk's REST API
-test_files: []
+test_files:
+- spec/spec_helper.rb
+- spec/splunk_client_spec.rb