RubyGems - splunk-client - Versions diffs - 0.5.1 → 0.6 - Mend

splunk-client 0.5.1 → 0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

data/Gemfile +4 -0
data/Gemfile.lock +38 -0
data/README.md +55 -0
data/Rakefile +9 -0
data/VERSION +1 -0
data/lib/splunk-client.rb +1 -91
data/lib/splunk_client/splunk_client.rb +76 -0
data/lib/splunk_client/splunk_job.rb +43 -0
data/lib/splunk_client/splunk_result.rb +34 -0
data/lib/splunk_client/splunk_results.rb +29 -0
data/spec/spec_helper.rb +15 -0
data/spec/splunk_client_spec.rb +58 -0
metadata +112 -51

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in splunk-client.gemspec
+gemspec

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,38 @@
+PATH
+  remote: .
+  specs:
+    splunk-client (0.5.3)
+      nokogiri
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.1.3)
+    json (1.7.3)
+    multi_json (1.3.5)
+    nokogiri (1.5.2)
+    rake (0.9.2.2)
+    rspec (2.10.0)
+      rspec-core (~> 2.10.0)
+      rspec-expectations (~> 2.10.0)
+      rspec-mocks (~> 2.10.0)
+    rspec-core (2.10.0)
+    rspec-expectations (2.10.0)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.10.1)
+    simplecov (0.6.4)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.5.3)
+    simplecov-html (0.5.3)
+    simplecov-rcov (0.2.3)
+      simplecov (>= 0.4.1)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  json
+  rake
+  rspec
+  simplecov-rcov
+  splunk-client!

data/README.md ADDED Viewed

@@ -0,0 +1,55 @@
+# SplunkClient
+Ruby library for dealing with Splunk searches and results using the Splunk REST API.
+## Installation
+	gem install splunk-client
+## Usage
+Creating and using a client is easy:
+	require 'splunk-client.rb'
+	# Create the client
+	splunk = SplunkClient.new("username", "password", "hostname")
+	# Create the Search
+	search = splunk.search("test_search")
+	# Wait for the Splunk search to complete
+	search.wait # Blocks until the search returns
+	#Print the raw XML results
+	puts search.results
+	#Print the time and host of each result
+	search.parsedResults.each do |result|
+		puts result.host + " : " + result.time
+	end
+## Tips
+* Want to spawn multiple jobs without blocking on each? Use `search.complete?` to poll for job status.
+* Looking for more or less results? Use `search.results(maxResults)` to control how much is returned. (A value of 0 returns all results (this is the default.))
+* Access Splunk fields in results via method calls
+	`result = search.parsedResults`
+	`puts result[0].fieldName`
+## Revision History
+#### 0.6
+* Added two new objects: SplunkResults and SplunkResult for to support:
+* Accessing Splunk fields via method calls
+    `search.parsedResults.each {|result| puts result.$$FIELD_NAME$$}`
+#### 0.5
+WARNING: Compatibility with prior versions will break as SplunkClient no longer returns a sid. It now returns a SplunkJob object.
+* Separated SplunkClient and SplunkJob into two separate objects.
+#### 0.1
+* Initial Release

data/Rakefile ADDED Viewed

@@ -0,0 +1,9 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+desc "Run specs"
+RSpec::Core::RakeTask.new do |t|
+  t.pattern = "./spec/**/*_spec.rb" # don't need this, it's default.
+  # Put spec opts in a file named .rspec in root
+end

data/VERSION ADDED Viewed

	@@ -0,0 +1 @@
1	+ 0.6

data/lib/splunk-client.rb CHANGED Viewed

@@ -1,93 +1,3 @@
 # Author::        Christopher Brito (cbrito@gmail.com)
 # Original Repo:: https://github.com/cbrito/splunk-client
-require 'net/https'
-require 'cgi'
-require 'rubygems'
-require 'nokogiri'
-class SplunkJob
-  attr_reader :jobId
-  def initialize(jobId, clientPointer)
-      @jobId  = jobId
-      @client = clientPointer #SplunkClient object pointer
-  end
-  def wait
-    wait_for_results
-  end
-  def wait_for_results
-    # Wait for the Splunk search to complete
-  	while (@client.get_search_status(@jobId).to_i == 0)
-  	  sleep 2
-  	end
-  end
-  def complete?
-    # Return status of job
-    @client.get_search_status(@jobId).to_i == 0
-  end
-  def results(maxResults=0)
-    # Return search results
-    @client.get_search_results(@jobId, maxResults)
-  end
-end #class SplunkJob
-class SplunkClient
-  def initialize(username, password, host, port=8089)
-    @USER=username; @PASS=password; @HOST=host; @PORT=port
-    @SESSION_KEY = { 'authorization' => "Splunk #{get_session_key}" }
-  end
-  def create_search(search)
-    # Returns a SplunkJob
-    xml = splunk_post_request("/services/search/jobs",
-                              "search=#{CGI::escape("search #{search}")}",
-                              @SESSION_KEY)
-    @doc = Nokogiri::Slop(xml)
-    return SplunkJob.new(@doc.xpath("//sid").text, self)
-  end
-  def get_search_status(sid)
-    xml = splunk_get_request("/services/search/jobs/#{sid}")
-    @doc = Nokogiri::Slop(xml)
-    return @doc.xpath("//s:key[@name='isDone']").text
-  end
-  def get_search_results(sid, maxResults=0)
-    splunk_get_request("/services/search/jobs/#{sid}/results?count=#{maxResults}")
-  end
-  private ###############################################################################
-  def splunk_http_request
-    http = Net::HTTP.new(@HOST, @PORT)
-    http.use_ssl = true
-    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-    return http
-  end
-  def splunk_get_request(path)
-    splunk_http_request.get(path, @SESSION_KEY).body
-  end
-  def splunk_post_request(path, data=nil, headers=nil)
-    splunk_http_request.post(path,data,headers).body
-  end
-  def get_session_key
-    xml = splunk_post_request("/services/auth/login",
-                              "username=#{@USER}&password=#{@PASS}")
-    @doc = Nokogiri::Slop(xml)
-    return @doc.xpath("//sessionKey").text
-  end
-end #class SplunkClient
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_client/splunk_client')

data/lib/splunk_client/splunk_client.rb ADDED Viewed

@@ -0,0 +1,76 @@
+# Author::        Christopher Brito (cbrito@gmail.com)
+# Original Repo:: https://github.com/cbrito/splunk-client
+require 'net/https'
+require 'cgi'
+require 'rubygems'
+require 'nokogiri'
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_job')
+class SplunkClient
+  def initialize(username, password, host, port=8089)
+    @USER=username; @PASS=password; @HOST=host; @PORT=port
+    @SESSION_KEY = { 'authorization' => "Splunk #{get_session_key}" }
+  end
+  def search(search)
+    create_search(search)
+  end
+  def create_search(search)
+    # Returns a SplunkJob
+    xml = splunk_post_request("/services/search/jobs",
+                              "search=#{CGI::escape("search #{search}")}",
+                              @SESSION_KEY)
+    @doc = Nokogiri::Slop(xml)
+    return SplunkJob.new(@doc.xpath("//sid").text, self)
+  end
+  def get_search_status(sid)
+    xml = splunk_get_request("/services/search/jobs/#{sid}")
+    @doc = Nokogiri::Slop(xml)
+    return @doc.xpath("//s:key[@name='isDone']").text
+  end
+  def get_search_results(sid, maxResults=0, mode=nil)
+    url = "/services/search/jobs/#{sid}/results?count=#{maxResults}"
+    url += "&output_mode=#{mode}" unless mode.nil?
+    splunk_get_request(url)
+  end
+  def control_job(sid, action)
+    xml = splunk_post_request("/services/search/jobs/#{sid}/control",
+                              "action=#{CGI::escape(action)}",
+                              @SESSION_KEY)
+    @doc = Nokogiri::Slop(xml)
+  end
+  private ###############################################################################
+  def splunk_http_request
+    http = Net::HTTP.new(@HOST, @PORT)
+    http.use_ssl = true
+    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    return http
+  end
+  def splunk_get_request(path)
+    splunk_http_request.get(path, @SESSION_KEY).body
+  end
+  def splunk_post_request(path, data=nil, headers=nil)
+    splunk_http_request.post(path,data,headers).body
+  end
+  def get_session_key
+    xml = splunk_post_request("/services/auth/login",
+                              "username=#{@USER}&password=#{@PASS}")
+    @doc = Nokogiri::Slop(xml)
+    return @doc.xpath("//sessionKey").text
+  end
+end #class SplunkClient

data/lib/splunk_client/splunk_job.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# Author::        Christopher Brito (cbrito@gmail.com)
+# Original Repo:: https://github.com/cbrito/splunk-client
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_results')
+class SplunkJob
+  attr_reader :jobId
+  def initialize(jobId, clientPointer)
+    @jobId  = jobId
+    @client = clientPointer #SplunkClient object pointer
+  end
+  def wait
+    wait_for_results
+  end
+  def wait_for_results
+    # Wait for the Splunk search to complete
+    sleep 1 until complete?
+  end
+  def complete?
+    # Return status of job
+    @client.get_search_status(@jobId).to_i == 1
+  end
+  def results(maxResults=0, mode=nil)
+    # Return search results
+    @client.get_search_results(@jobId, maxResults, mode)
+  end
+  def cancel
+    @client.control_job(@jobId, 'cancel')
+  end
+  def parsedResults
+    # Return a SplunkResults object with methods for the result fields
+    SplunkResults.new(results).results
+  end
+end #class SplunkJob

data/lib/splunk_client/splunk_result.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# Author::        Christopher Brito (cbrito@gmail.com)
+# Original Repo:: https://github.com/cbrito/splunk-client
+# Simplify the calling of single result data from xpaths into an object
+# http://stackoverflow.com/questions/2240535/how-do-i-use-hash-keys-as-methods-on-a-class
+class SplunkResult
+  def initialize(nokogiriNode)
+    @result = nokogiriNode
+  end
+  # Ex: splunkResult.time => nokogiriNode.result.field("[@k=\"_time\"]").value.text
+  def time
+    @result.field("[@k=\"_time\"]").value.text
+  end
+  # Ex: splunkResult.sourceIp => nokogiriNode.result.field("[@k=\"sourceIp\"]").value.text
+  def method_missing(name, *args, &blk)
+    if args.empty? && blk.nil? && @result.field("[@k=\"#{name}\"]")
+      @result.field("[@k=\"#{name}\"]").value.text
+    else
+      super
+    end
+  end
+  def respond_to?(name)
+    begin
+      unless @result.field("[@k=\"#{name}\"]").nil? then true else super end
+    rescue NoMethodError
+      super
+    end
+  end
+end #class SplunkResult

data/lib/splunk_client/splunk_results.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# Author::        Christopher Brito (cbrito@gmail.com)
+# Original Repo:: https://github.com/cbrito/splunk-client
+require 'rubygems'
+require 'nokogiri'
+require File.expand_path File.join(File.dirname(__FILE__), 'splunk_result')
+# Simplify the calling of single result data from xpaths into an objects
+class SplunkResults
+  attr_reader :results
+  def initialize(rawResults)
+    nokoResults = Nokogiri::Slop(rawResults)
+    @results = Array.new
+    if nokoResults.results.result.respond_to?("length")
+      # Multiple Results, build array
+      nokoResults.results.result.each do |resultObj|
+        @results.push SplunkResult.new(resultObj)
+      end
+    else
+      # Single results object
+      @results.push Splunkresults.new(nokoResults.results.result)
+    end
+    return @results
+  end
+end #class SplunkResults

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,15 @@
+require 'rubygems'
+require 'simplecov'
+require 'simplecov-rcov'
+class SimpleCov::Formatter::MergedFormatter
+  def format(result)
+    SimpleCov::Formatter::HTMLFormatter.new.format(result)
+    SimpleCov::Formatter::RcovFormatter.new.format(result)
+  end
+end
+SimpleCov.formatter = SimpleCov::Formatter::MergedFormatter
+SimpleCov.start
+require 'rspec/autorun'
+require 'json'
+require File.expand_path File.join(File.dirname(__FILE__), '../lib/splunk-client')

data/spec/splunk_client_spec.rb ADDED Viewed

@@ -0,0 +1,58 @@
+require File.expand_path File.join(File.dirname(__FILE__), 'spec_helper')
+describe SplunkClient do
+  before :each do
+    @user = ENV['SPLUNK_USER']
+    @pass = ENV['SPLUNK_PASSWD']
+    @host = ENV['SPLUNK_HOST']
+    @splunk_client = SplunkClient.new(@user, @pass, @host)
+  end
+  context "initialization" do
+    it "creates a session key" do
+      splunk_client = @splunk_client
+      splunk_client.should_not be(nil)
+      splunk_client.send(:get_session_key).should_not be(nil)
+    end
+  end
+  context "searching" do
+    it "creates a search job and returns results" do
+      splunk_client = @splunk_client
+      splunk_client.should_not be(nil)
+      search = 'source="/var/log/messages" "kernel" earliest=-10m'
+      job = splunk_client.search(search)
+      job.should_not be(nil)
+      job.wait
+      job.results(0, 'json')
+      job.cancel
+    end
+  end
+  context "parsing_results" do
+    it "uses the parsedResults 'host' method of a SplunkJob" do
+      splunk_client = @splunk_client
+      splunk_client.should_not be(nil)
+      search = 'source="/var/log/messages" "kernel" earliest=-10m'
+      job = splunk_client.search(search)
+      job.should_not be(nil)
+      job.wait
+      results = job.parsedResults
+      # Test the auto generated methods
+      results.each do |result|
+        result.respond_to?("time").should be(true)
+        result.respond_to?("host").should be(true)
+        result.time.should_not be(nil)
+        result.host.should_not be(nil)
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,78 +1,139 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: splunk-client
-version: !ruby/object:Gem::Version
-  hash: 9
+version: !ruby/object:Gem::Version
+  version: '0.6'
   prerelease:
-  segments:
-  - 0
-  - 5
-  - 1
-  version: 0.5.1
 platform: ruby
-authors:
+authors:
 - Christopher Brito
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-04-24 00:00:00 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2012-05-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: nokogiri
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        hash: 3
-        segments:
-        - 0
-        version: "0"
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id001
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov-rcov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Simple Ruby library for interfacing with Splunk's REST API.
-email: cbrito@gmail.com
+email:
+- cbrito@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
+files:
 - lib/splunk-client.rb
+- lib/splunk_client/splunk_client.rb
+- lib/splunk_client/splunk_job.rb
+- lib/splunk_client/splunk_result.rb
+- lib/splunk_client/splunk_results.rb
+- spec/spec_helper.rb
+- spec/splunk_client_spec.rb
+- VERSION
+- README.md
+- Rakefile
+- Gemfile
+- Gemfile.lock
 homepage: http://github.com/cbrito/splunk-client
 licenses: []
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.15
+rubygems_version: 1.8.24
 signing_key:
 specification_version: 3
 summary: Ruby Library for interfacing with Splunk's REST API
-test_files: []
+test_files:
+- spec/spec_helper.rb
+- spec/splunk_client_spec.rb