splunk-client 0.7.0 → 0.8.0

data/README.md

@@ -6,6 +6,7 @@ Ruby library for dealing with Splunk searches and results using the Splunk REST
 
 * Session based authentication to Splunk REST interface
 * Create and check on the status of Splunk Jobs
+* Retrieve Splunk alerts
 * Natural Ruby methods for interacting with search results (no need to parse XML or JSON or use Ruby Hashes)
 
 ## Installation
@@ -36,6 +37,29 @@ Creating and using a client is easy:
 		puts result.host + " : " + result.time
 	end
 
+Working with Splunk alerts:
+
+    # Create the client
+	splunk = SplunkClient.new("username", "password", "hostname")
+	
+	# Fetch all the open alerts
+	alertEntries = splunk.get_alarm_list.entries
+	
+	# What's the name of this alert?
+	alertEntries[1].alert.title
+	
+	# What time did a particular alert trigger?
+	alertEntries[1].alert.trigger_time_rendered
+	
+	# How many times has a particular alert fired?
+	alertEntries[1].alert.triggered_alerts
+	
+	# Fetch the raw XML results of the alert
+	alertEntries[1].alert.results
+	
+	# Work with the results as a Ruby object
+	alertEntries[1].alert.parsedResults
+
 ## Tips
 
 * Want to spawn multiple jobs without blocking on each? Use `search.complete?` to poll for job status. 
@@ -50,6 +74,12 @@ Creating and using a client is easy:
 
 ## Revision History
 
+#### 0.8
+
+* Added preliminary GET support for alarms within the Splunk REST API
+
+TODO: Write test-cases for alerts methods.
+
 #### 0.7
 
 * Added alias support for raw field 

data/VERSION

@@ -1 +1 @@
-0.7.0
+0.8.0

data/lib/splunk_client/splunk_alert.rb

@@ -0,0 +1,65 @@
+# Author::        Christopher Brito (cbrito@gmail.com)
+# Original Repo:: https://github.com/cbrito/splunk-client
+
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_results')
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_job')
+
+
+class SplunkAlert
+
+  def initialize(alertXml, clientPointer=nil)
+    @alertXml = alertXml
+    @client = clientPointer #SplunkClient object pointer for use with self.results
+  end
+
+  def title
+    @alertXml.css("title").text
+  end
+  
+  def alertId
+    @alertXml.css("id").text
+  end
+
+  def author
+    @alertXml.css("author > name").text
+  end
+
+  def published
+    @alertXml.css("published").text
+  end
+  
+  def updated
+    @alertXml.css("updated").text
+  end
+
+  def results
+    # Return the raw Splunk XML results associated with a given fired alert.
+    SplunkJob.new(self.sid, @client).results
+  end
+  
+  def parsedResults
+    # Returns an array of SplunkResult objects
+    SplunkJob.new(self.sid, @client).parsedResults
+  end
+
+  # Use method_missing magic to return Splunk field names. API documentation here:
+  # http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTsearch#GET_alerts.2Ffired_alerts 
+  #
+  # Ex: splunkalert.triggered_alerts => @alertXml.css("entry")[0].xpath(".//s:key[@name='triggered_alerts']").text
+  def method_missing(name, *args, &blk)
+    if args.empty? && blk.nil? && @alertXml.xpath(".//s:key[@name='#{name}']").text
+      @alertXml.xpath(".//s:key[@name='#{name}']").text
+    else
+      super
+    end
+  end
+
+  def respond_to?(name)
+    begin
+      unless @alertXml.xpath(".//s:key[@name='#{name}']").nil? then true else super end
+    rescue NoMethodError
+      super
+    end
+  end
+  
+end #class SplunkAlert

data/lib/splunk_client/splunk_alert_feed.rb

@@ -0,0 +1,38 @@
+# Author::        Christopher Brito (cbrito@gmail.com)
+# Original Repo:: https://github.com/cbrito/splunk-client
+
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_results')
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_job')
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_alert_feed_entry')
+
+
+class SplunkAlertFeed
+
+  def initialize(alertFeedXml, clientPointer=nil)
+    @alertFeedXml = alertFeedXml
+    @client = clientPointer #SplunkClient object pointer for use with self.results
+  end
+
+  def totalResults
+    @alertXml.css("*totalResults").text
+  end
+  
+  def itemsPerPage
+    @alertXml.css("*itemsPerPage").text
+  end
+
+  def startIndex
+    @alertXml.css("*startIndex").text
+  end
+  
+  def entries
+    alertEntries = Array.new
+    
+    @alertFeedXml.css("entry").each do |entry|
+      alertEntries.push SplunkAlertFeedEntry.new(entry, @client)
+    end
+    
+    return alertEntries
+  end
+  
+end #class SplunkAlertFeed

data/lib/splunk_client/splunk_alert_feed_entry.rb

@@ -0,0 +1,57 @@
+# Author::        Christopher Brito (cbrito@gmail.com)
+# Original Repo:: https://github.com/cbrito/splunk-client
+
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_results')
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_job')
+
+
+class SplunkAlertFeedEntry
+
+  def initialize(alertEntryXml, clientPointer=nil)
+    @alertEntryXml = alertEntryXml
+    @client = clientPointer #SplunkClient object pointer for use with self.results
+  end
+
+  def title
+    @alertEntryXml.css("title").text
+  end
+  
+  def alertId
+    @alertEntryXml.css("id").text
+  end
+
+  def author
+    @alertEntryXml.css("author > name").text
+  end
+  
+  def updated
+    @alertEntryXml.css("updated").text
+  end
+
+  def alert
+    # Return the raw Splunk XML results associated with a given fired alert.
+    @client.get_alert(URI.encode(title))
+    #@client.get_alert(@alertEntryXml.css("link[rel='list']")[0].attributes["href"].value)
+  end
+
+  # Use method_missing magic to return Splunk field names. API documentation here:
+  # http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTsearch#GET_alerts.2Ffired_alerts 
+  #
+  # Ex: splunkalert.triggered_alerts => @alertXml.css("entry")[0].xpath(".//s:key[@name='triggered_alerts']").text
+  def method_missing(name, *args, &blk)
+    if args.empty? && blk.nil? && @alertEntryXml.xpath(".//s:key[@name='#{name}']").text
+      @alertEntryXml.xpath(".//s:key[@name='#{name}']").text
+    else
+      super
+    end
+  end
+
+  def respond_to?(name)
+    begin
+      unless @alertEntryXml.xpath(".//s:key[@name='#{name}']").nil? then true else super end
+    rescue NoMethodError
+      super
+    end
+  end
+  
+end #class SplunkAlertFeedEntry

data/lib/splunk_client/splunk_client.rb

@@ -6,6 +6,8 @@ require 'cgi'
 require 'rubygems'
 require 'nokogiri'
 require File.expand_path File.join(File.dirname(__FILE__), 'splunk_job')
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_alert')
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_alert_feed')
 
 class SplunkClient
 
@@ -41,6 +43,16 @@ class SplunkClient
     url += "&output_mode=#{mode}" unless mode.nil?
     splunk_get_request(url)
   end
+  
+  def get_alert_list(user="nobody")
+    xml = splunk_get_request("/servicesNS/#{user}/search/alerts/fired_alerts")
+    SplunkAlertFeed.new(Nokogiri::Slop(xml), self)
+  end
+  
+  def get_alert(alarmName, user="nobody")
+    xml = splunk_get_request("/servicesNS/#{user}/search/alerts/fired_alerts/#{alarmName}")
+    SplunkAlert.new(Nokogiri::Slop(xml).css("entry")[0], self)
+  end
 
   def control_job(sid, action)
     xml = splunk_post_request("/services/search/jobs/#{sid}/control",

metadata

@@ -1,103 +1,108 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: splunk-client
-version: !ruby/object:Gem::Version 
-  hash: 3
+version: !ruby/object:Gem::Version
+  version: 0.8.0
   prerelease: 
-  segments: 
-  - 0
-  - 7
-  - 0
-  version: 0.7.0
 platform: ruby
-authors: 
+authors:
 - Christopher Brito
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-06-11 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2013-01-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: nokogiri
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: rake
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: rspec
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: simplecov-rcov
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov-rcov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: json
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id005
-description: splunk-client is a simple Ruby library for interfacing with Splunk's REST API. It supports the retrieving of results via native Ruby methods.
-email: 
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: splunk-client is a simple Ruby library for interfacing with Splunk's
+  REST API. It supports the retrieving of results via native Ruby methods.
+email:
 - cbrito@gmail.com
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - lib/splunk-client.rb
+- lib/splunk_client/splunk_alert.rb
+- lib/splunk_client/splunk_alert_feed.rb
+- lib/splunk_client/splunk_alert_feed_entry.rb
 - lib/splunk_client/splunk_client.rb
 - lib/splunk_client/splunk_job.rb
 - lib/splunk_client/splunk_result.rb
@@ -112,37 +117,28 @@ files:
 - Gemfile.lock
 homepage: http://github.com/cbrito/splunk-client
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.8.15
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: Ruby Library for interfacing with Splunk's REST API
-test_files: 
+test_files:
 - spec/spec_helper.rb
 - spec/splunk_client_spec.rb