splunk-client 0.8.0 → 0.8.1
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.lock +4 -11
- data/README.md +23 -1
- data/VERSION +1 -1
- data/lib/splunk_client/splunk_client.rb +16 -5
- data/lib/splunk_client/splunk_results.rb +4 -0
- data/spec/splunk_client_spec.rb +6 -2
- metadata +4 -3
data/Gemfile.lock
CHANGED
@@ -1,24 +1,18 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
splunk-client (0.
|
4
|
+
splunk-client (0.8.1)
|
5
5
|
nokogiri
|
6
6
|
|
7
7
|
GEM
|
8
8
|
remote: https://rubygems.org/
|
9
9
|
specs:
|
10
|
-
columnize (0.3.6)
|
11
|
-
debugger (1.1.3)
|
12
|
-
columnize (>= 0.3.1)
|
13
|
-
debugger-linecache (~> 1.1.1)
|
14
|
-
debugger-ruby_core_source (~> 1.1.2)
|
15
|
-
debugger-linecache (1.1.1)
|
16
|
-
debugger-ruby_core_source (>= 1.1.1)
|
17
|
-
debugger-ruby_core_source (1.1.3)
|
18
10
|
diff-lcs (1.1.3)
|
19
11
|
json (1.7.3)
|
12
|
+
mini_portile (0.5.0)
|
20
13
|
multi_json (1.3.5)
|
21
|
-
nokogiri (1.
|
14
|
+
nokogiri (1.6.0)
|
15
|
+
mini_portile (~> 0.5.0)
|
22
16
|
rake (0.9.2.2)
|
23
17
|
rspec (2.10.0)
|
24
18
|
rspec-core (~> 2.10.0)
|
@@ -39,7 +33,6 @@ PLATFORMS
|
|
39
33
|
ruby
|
40
34
|
|
41
35
|
DEPENDENCIES
|
42
|
-
debugger
|
43
36
|
json
|
44
37
|
rake
|
45
38
|
rspec
|
data/README.md
CHANGED
@@ -43,7 +43,7 @@ Working with Splunk alerts:
|
|
43
43
|
splunk = SplunkClient.new("username", "password", "hostname")
|
44
44
|
|
45
45
|
# Fetch all the open alerts
|
46
|
-
alertEntries = splunk.
|
46
|
+
alertEntries = splunk.get_alert_list.entries
|
47
47
|
|
48
48
|
# What's the name of this alert?
|
49
49
|
alertEntries[1].alert.title
|
@@ -71,6 +71,28 @@ Working with Splunk alerts:
|
|
71
71
|
`result = search.parsedResults`
|
72
72
|
`puts result[0].fieldName`
|
73
73
|
|
74
|
+
## FAQ
|
75
|
+
|
76
|
+
#### What is Splunk?
|
77
|
+
|
78
|
+
I'm making an assumption that if you are looking for a Ruby client to interact with Splunk's REST API, you have some idea of what Splunk does. If not, you should totally check it out. It makes working with logs awesome.
|
79
|
+
|
80
|
+
http://www.splunk.com
|
81
|
+
|
82
|
+
#### Where can I find information on Splunk's REST API and the methods available in this gem?
|
83
|
+
|
84
|
+
The Splunk REST API reference can be found here:
|
85
|
+
http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTsearch
|
86
|
+
|
87
|
+
This gem currently only provides access to the /search/ and /alerts/ APIs. The gem attempts to make use of `method_missing` to implement ruby methods where fields are returned from a given Splunk search.
|
88
|
+
|
89
|
+
#### Why do I get an exception when using `wait` on a search?
|
90
|
+
|
91
|
+
Very little excetption handling occurs with-in the gem. It is up to consumers to ensure they have appropriate network connectivity to their splunk endpoint, and that the credentials are correct.
|
92
|
+
|
93
|
+
Insufficient network connectivity will raise a `TimeOut` exception.
|
94
|
+
|
95
|
+
Incorrect credentials will raise a Nokogiri error referencing `Undefined namespace prefix: //s:key[@name='isDone']`
|
74
96
|
|
75
97
|
## Revision History
|
76
98
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.8.
|
1
|
+
0.8.1
|
@@ -13,8 +13,14 @@ class SplunkClient
|
|
13
13
|
|
14
14
|
def initialize(username, password, host, port=8089)
|
15
15
|
@USER=username; @PASS=password; @HOST=host; @PORT=port
|
16
|
-
|
17
|
-
|
16
|
+
|
17
|
+
sessionKey = get_session_key
|
18
|
+
|
19
|
+
if (sessionKey == "")
|
20
|
+
raise SplunkSessionError, 'Session key is invalid. Please check your username, password and host'
|
21
|
+
else
|
22
|
+
@SESSION_KEY = { 'authorization' => "Splunk #{sessionKey}" }
|
23
|
+
end
|
18
24
|
end
|
19
25
|
|
20
26
|
def search(search)
|
@@ -44,8 +50,8 @@ class SplunkClient
|
|
44
50
|
splunk_get_request(url)
|
45
51
|
end
|
46
52
|
|
47
|
-
def get_alert_list(user="nobody")
|
48
|
-
xml = splunk_get_request("/servicesNS/#{user}/search/alerts/fired_alerts")
|
53
|
+
def get_alert_list(user="nobody", count=30)
|
54
|
+
xml = splunk_get_request("/servicesNS/#{user}/search/alerts/fired_alerts?count=#{count}")
|
49
55
|
SplunkAlertFeed.new(Nokogiri::Slop(xml), self)
|
50
56
|
end
|
51
57
|
|
@@ -71,7 +77,7 @@ class SplunkClient
|
|
71
77
|
end
|
72
78
|
|
73
79
|
def splunk_get_request(path)
|
74
|
-
splunk_http_request.get(path, @SESSION_KEY).body
|
80
|
+
splunk_http_request.get(path, @SESSION_KEY.merge({'Content-Type' => 'application/x-www-form-urlencoded'})).body
|
75
81
|
end
|
76
82
|
|
77
83
|
def splunk_post_request(path, data=nil, headers=nil)
|
@@ -86,3 +92,8 @@ class SplunkClient
|
|
86
92
|
end
|
87
93
|
|
88
94
|
end #class SplunkClient
|
95
|
+
|
96
|
+
class SplunkSessionError < SecurityError
|
97
|
+
# Exception class for handling invalid session tokens received by the gem
|
98
|
+
end
|
99
|
+
|
@@ -16,6 +16,10 @@ class SplunkResults
|
|
16
16
|
|
17
17
|
nokoResults = Nokogiri::Slop(rawResults)
|
18
18
|
|
19
|
+
if ((nokoResults.children.first.children.nil?) ||(nokoResults.children.first.children.count == 0))
|
20
|
+
return @results
|
21
|
+
end
|
22
|
+
|
19
23
|
if nokoResults.results.result.respond_to?("length")
|
20
24
|
# Multiple Results, build array
|
21
25
|
nokoResults.results.result.each do |resultObj|
|
data/spec/splunk_client_spec.rb
CHANGED
@@ -3,13 +3,17 @@ require File.expand_path File.join(File.dirname(__FILE__), 'spec_helper')
|
|
3
3
|
describe SplunkClient do
|
4
4
|
|
5
5
|
let(:splunk_client) { SplunkClient.new(splunk_user, splunk_passwd, splunk_host) }
|
6
|
-
let(:search) { 'sourcetype="syslog"
|
6
|
+
let(:search) { 'sourcetype="syslog" earliest=-1m' }
|
7
7
|
|
8
8
|
context "initialization" do
|
9
9
|
|
10
|
+
it "should raise an exception" do
|
11
|
+
expect { SplunkClient.new("bad_user", "bad_passwd", splunk_host) }.to raise_error
|
12
|
+
end
|
13
|
+
|
10
14
|
it "creates a session key" do
|
11
15
|
splunk_client.send(:get_session_key).should_not be(nil)
|
12
|
-
end
|
16
|
+
end
|
13
17
|
|
14
18
|
end
|
15
19
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: splunk-client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-
|
12
|
+
date: 2013-06-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: nokogiri
|
@@ -92,7 +92,8 @@ dependencies:
|
|
92
92
|
- !ruby/object:Gem::Version
|
93
93
|
version: '0'
|
94
94
|
description: splunk-client is a simple Ruby library for interfacing with Splunk's
|
95
|
-
REST API. It
|
95
|
+
REST API. It is API 5 compatable and provides an elegant native Ruby iterface for
|
96
|
+
working with Splunk results and alerts.
|
96
97
|
email:
|
97
98
|
- cbrito@gmail.com
|
98
99
|
executables: []
|