splunk-client 0.6.1 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.lock +11 -2
- data/LICENSE +7 -0
- data/README.md +19 -1
- data/VERSION +1 -1
- data/lib/splunk_client/splunk_result.rb +9 -4
- data/lib/splunk_client/splunk_results.rb +5 -2
- data/spec/spec_helper.rb +18 -0
- data/spec/splunk_client_spec.rb +26 -33
- metadata +7 -6
data/Gemfile.lock
CHANGED
@@ -1,16 +1,24 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
splunk-client (0.
|
4
|
+
splunk-client (0.7.0)
|
5
5
|
nokogiri
|
6
6
|
|
7
7
|
GEM
|
8
8
|
remote: https://rubygems.org/
|
9
9
|
specs:
|
10
|
+
columnize (0.3.6)
|
11
|
+
debugger (1.1.3)
|
12
|
+
columnize (>= 0.3.1)
|
13
|
+
debugger-linecache (~> 1.1.1)
|
14
|
+
debugger-ruby_core_source (~> 1.1.2)
|
15
|
+
debugger-linecache (1.1.1)
|
16
|
+
debugger-ruby_core_source (>= 1.1.1)
|
17
|
+
debugger-ruby_core_source (1.1.3)
|
10
18
|
diff-lcs (1.1.3)
|
11
19
|
json (1.7.3)
|
12
20
|
multi_json (1.3.5)
|
13
|
-
nokogiri (1.5.
|
21
|
+
nokogiri (1.5.3)
|
14
22
|
rake (0.9.2.2)
|
15
23
|
rspec (2.10.0)
|
16
24
|
rspec-core (~> 2.10.0)
|
@@ -31,6 +39,7 @@ PLATFORMS
|
|
31
39
|
ruby
|
32
40
|
|
33
41
|
DEPENDENCIES
|
42
|
+
debugger
|
34
43
|
json
|
35
44
|
rake
|
36
45
|
rspec
|
data/LICENSE
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
Copyright (c) 2012 Christopher Brito
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
4
|
+
|
5
|
+
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|
6
|
+
|
7
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
CHANGED
@@ -50,12 +50,18 @@ Creating and using a client is easy:
|
|
50
50
|
|
51
51
|
## Revision History
|
52
52
|
|
53
|
+
#### 0.7
|
54
|
+
|
55
|
+
* Added alias support for raw field
|
56
|
+
* Added test cases for all Splunk meta fields
|
57
|
+
|
53
58
|
#### 0.6
|
59
|
+
|
54
60
|
* Added two new objects: SplunkResults and SplunkResult for to support:
|
55
61
|
* Accessing Splunk fields via method calls
|
56
62
|
|
57
63
|
|
58
|
-
|
64
|
+
search.parsedResults.each {|result| puts result.$$FIELD_NAME$$}
|
59
65
|
|
60
66
|
|
61
67
|
|
@@ -65,4 +71,16 @@ WARNING: Compatibility with prior versions will break as SplunkClient no longer
|
|
65
71
|
* Separated SplunkClient and SplunkJob into two separate objects.
|
66
72
|
|
67
73
|
#### 0.1
|
74
|
+
|
68
75
|
* Initial Release
|
76
|
+
|
77
|
+
|
78
|
+
## Versioning
|
79
|
+
|
80
|
+
As of 0.5, this software uses [Semantic Versioning](http://semver.org/). Basically, this means that any given minor release number is backwards compatible. Patch releases are just that, and major releases **may** break compatibility.
|
81
|
+
|
82
|
+
If you contribute to this software, and I hope you do, please leave the VERSION file alone. Alternatively, update the VERSION file in a commit on it's own, so that we can cherry-pick around it when merging code.
|
83
|
+
|
84
|
+
# License
|
85
|
+
|
86
|
+
This software is released under the MIT License (ref: LICENSE)
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.
|
1
|
+
0.7.0
|
@@ -8,12 +8,17 @@ class SplunkResult
|
|
8
8
|
def initialize(nokogiriNode)
|
9
9
|
@result = nokogiriNode
|
10
10
|
end
|
11
|
-
|
12
|
-
# Ex: splunkResult.time => nokogiriNode.result.field("[@k=\"_time\"]").value.text
|
11
|
+
|
12
|
+
# Ex: splunkResult.time => nokogiriNode.result.field("[@k=\"_time\"]").value.text
|
13
13
|
def time
|
14
14
|
@result.field("[@k=\"_time\"]").value.text
|
15
15
|
end
|
16
16
|
|
17
|
+
# Ex: splunkResult.raw => nokogiriNode.result.field("[@k=\"_raw\"]").v.text
|
18
|
+
def raw
|
19
|
+
@result.field("[@k=\"_raw\"]").v.text
|
20
|
+
end
|
21
|
+
|
17
22
|
# Ex: splunkResult.sourceIp => nokogiriNode.field("[@k=\"sourceIp\"]").value.text
|
18
23
|
def method_missing(name, *args, &blk)
|
19
24
|
if args.empty? && blk.nil? && @result.field("[@k=\"#{name}\"]")
|
@@ -22,7 +27,7 @@ class SplunkResult
|
|
22
27
|
super
|
23
28
|
end
|
24
29
|
end
|
25
|
-
|
30
|
+
|
26
31
|
def respond_to?(name)
|
27
32
|
begin
|
28
33
|
unless @result.field("[@k=\"#{name}\"]").nil? then true else super end
|
@@ -30,5 +35,5 @@ class SplunkResult
|
|
30
35
|
super
|
31
36
|
end
|
32
37
|
end
|
33
|
-
|
38
|
+
|
34
39
|
end #class SplunkResult
|
@@ -10,9 +10,12 @@ class SplunkResults
|
|
10
10
|
attr_reader :results
|
11
11
|
|
12
12
|
def initialize(rawResults)
|
13
|
-
nokoResults = Nokogiri::Slop(rawResults)
|
14
13
|
@results = Array.new
|
15
|
-
|
14
|
+
|
15
|
+
return @results if rawResults.strip.empty?
|
16
|
+
|
17
|
+
nokoResults = Nokogiri::Slop(rawResults)
|
18
|
+
|
16
19
|
if nokoResults.results.result.respond_to?("length")
|
17
20
|
# Multiple Results, build array
|
18
21
|
nokoResults.results.result.each do |resultObj|
|
data/spec/spec_helper.rb
CHANGED
@@ -13,3 +13,21 @@ require 'rspec/autorun'
|
|
13
13
|
|
14
14
|
require 'json'
|
15
15
|
require File.expand_path File.join(File.dirname(__FILE__), '../lib/splunk-client')
|
16
|
+
|
17
|
+
# Source Type | Log file
|
18
|
+
# "syslog" | "/var/log/kernel.log"
|
19
|
+
# "syslog" | "/var/log/system.log"
|
20
|
+
|
21
|
+
# The following are the Splunk login details.
|
22
|
+
def splunk_user
|
23
|
+
ENV['SPLUNK_USER'] ||= "admin"
|
24
|
+
end
|
25
|
+
|
26
|
+
def splunk_passwd
|
27
|
+
ENV['SPLUNK_PASSWD'] ||= "changeme"
|
28
|
+
end
|
29
|
+
|
30
|
+
def splunk_host
|
31
|
+
ENV['SPLUNK_HOST'] ||= "localhost"
|
32
|
+
end
|
33
|
+
|
data/spec/splunk_client_spec.rb
CHANGED
@@ -2,18 +2,12 @@ require File.expand_path File.join(File.dirname(__FILE__), 'spec_helper')
|
|
2
2
|
|
3
3
|
describe SplunkClient do
|
4
4
|
|
5
|
-
|
6
|
-
|
7
|
-
@pass = ENV['SPLUNK_PASSWD']
|
8
|
-
@host = ENV['SPLUNK_HOST']
|
9
|
-
@splunk_client = SplunkClient.new(@user, @pass, @host)
|
10
|
-
end
|
5
|
+
let(:splunk_client) { SplunkClient.new(splunk_user, splunk_passwd, splunk_host) }
|
6
|
+
let(:search) { 'sourcetype="syslog" "kernel" earliest=-30m' }
|
11
7
|
|
12
8
|
context "initialization" do
|
13
9
|
|
14
10
|
it "creates a session key" do
|
15
|
-
splunk_client = @splunk_client
|
16
|
-
splunk_client.should_not be(nil)
|
17
11
|
splunk_client.send(:get_session_key).should_not be(nil)
|
18
12
|
end
|
19
13
|
|
@@ -21,38 +15,37 @@ describe SplunkClient do
|
|
21
15
|
|
22
16
|
context "searching" do
|
23
17
|
|
24
|
-
it "creates a search job
|
25
|
-
splunk_client
|
26
|
-
splunk_client.
|
27
|
-
search
|
18
|
+
it "creates a search job" do
|
19
|
+
splunk_client.stub(:create_search).and_return("A search job")
|
20
|
+
splunk_client.should_receive(:create_search).with(search)
|
21
|
+
splunk_client.search(search).should eq("A search job")
|
22
|
+
end
|
23
|
+
|
24
|
+
it "executing the job returns search results" do
|
28
25
|
job = splunk_client.search(search)
|
29
|
-
job.should_not be(nil)
|
30
26
|
job.wait
|
31
|
-
job.results(0, 'json')
|
32
|
-
job.cancel
|
27
|
+
job.results(0, 'json').should_not be_nil
|
33
28
|
end
|
34
29
|
|
35
30
|
end
|
36
|
-
|
37
|
-
context "
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
results = job.parsedResults
|
46
|
-
|
47
|
-
# Test the auto generated methods
|
48
|
-
results.each do |result|
|
49
|
-
result.respond_to?("time").should be(true)
|
50
|
-
result.respond_to?("host").should be(true)
|
51
|
-
result.time.should_not be(nil)
|
52
|
-
result.host.should_not be(nil)
|
31
|
+
|
32
|
+
context "parsing search results" do
|
33
|
+
|
34
|
+
let(:parsed_results) { job = splunk_client.search(search); job.wait; job.parsedResults }
|
35
|
+
|
36
|
+
it "parses the results into an array of Splunk Result" do
|
37
|
+
parsed_results.should be_kind_of(Array)
|
38
|
+
parsed_results.each do |result|
|
39
|
+
result.should be_kind_of(SplunkResult)
|
53
40
|
end
|
41
|
+
end
|
54
42
|
|
43
|
+
it "responds to method calls by the name of meta fields in the results" do
|
44
|
+
%w[raw sourcetype time host index linecount source splunk_server].each do |method_call|
|
45
|
+
parsed_results.first.respond_to?(method_call).should be_true
|
46
|
+
parsed_results.first.send(method_call.to_sym).should_not be_nil
|
47
|
+
end
|
55
48
|
end
|
56
|
-
end
|
57
49
|
|
50
|
+
end
|
58
51
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: splunk-client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 3
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
-
-
|
9
|
-
-
|
10
|
-
version: 0.
|
8
|
+
- 7
|
9
|
+
- 0
|
10
|
+
version: 0.7.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Christopher Brito
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2012-
|
18
|
+
date: 2012-06-11 00:00:00 Z
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
21
|
name: nokogiri
|
@@ -87,7 +87,7 @@ dependencies:
|
|
87
87
|
version: "0"
|
88
88
|
type: :development
|
89
89
|
version_requirements: *id005
|
90
|
-
description:
|
90
|
+
description: splunk-client is a simple Ruby library for interfacing with Splunk's REST API. It supports the retrieving of results via native Ruby methods.
|
91
91
|
email:
|
92
92
|
- cbrito@gmail.com
|
93
93
|
executables: []
|
@@ -105,6 +105,7 @@ files:
|
|
105
105
|
- spec/spec_helper.rb
|
106
106
|
- spec/splunk_client_spec.rb
|
107
107
|
- VERSION
|
108
|
+
- LICENSE
|
108
109
|
- README.md
|
109
110
|
- Rakefile
|
110
111
|
- Gemfile
|