splunk-client 0.8.0 → 0.8.1

data/Gemfile.lock

@@ -1,24 +1,18 @@
 PATH
   remote: .
   specs:
-    splunk-client (0.7.0)
+    splunk-client (0.8.1)
       nokogiri
 
 GEM
   remote: https://rubygems.org/
   specs:
-    columnize (0.3.6)
-    debugger (1.1.3)
-      columnize (>= 0.3.1)
-      debugger-linecache (~> 1.1.1)
-      debugger-ruby_core_source (~> 1.1.2)
-    debugger-linecache (1.1.1)
-      debugger-ruby_core_source (>= 1.1.1)
-    debugger-ruby_core_source (1.1.3)
     diff-lcs (1.1.3)
     json (1.7.3)
+    mini_portile (0.5.0)
     multi_json (1.3.5)
-    nokogiri (1.5.3)
+    nokogiri (1.6.0)
+      mini_portile (~> 0.5.0)
     rake (0.9.2.2)
     rspec (2.10.0)
       rspec-core (~> 2.10.0)
@@ -39,7 +33,6 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  debugger
   json
   rake
   rspec

data/README.md

@@ -43,7 +43,7 @@ Working with Splunk alerts:
 	splunk = SplunkClient.new("username", "password", "hostname")
 	
 	# Fetch all the open alerts
-	alertEntries = splunk.get_alarm_list.entries
+	alertEntries = splunk.get_alert_list.entries
 	
 	# What's the name of this alert?
 	alertEntries[1].alert.title
@@ -71,6 +71,28 @@ Working with Splunk alerts:
       `result = search.parsedResults`
       `puts result[0].fieldName`
 
+## FAQ
+
+#### What is Splunk?
+
+I'm making an assumption that if you are looking for a Ruby client to interact with Splunk's REST API, you have some idea of what Splunk does. If not, you should totally check it out. It makes working with logs awesome. 
+
+http://www.splunk.com
+
+#### Where can I find information on Splunk's REST API and the methods available in this gem?
+
+The Splunk REST API reference can be found here:
+http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTsearch
+
+This gem currently only provides access to the /search/ and /alerts/ APIs. The gem attempts to make use of `method_missing` to implement ruby methods where fields are returned from a given Splunk search. 
+
+#### Why do I get an exception when using `wait` on a search?
+
+Very little excetption handling occurs with-in the gem. It is up to consumers to ensure they have appropriate network connectivity to their splunk endpoint, and that the credentials are correct. 
+
+Insufficient network connectivity will raise a `TimeOut` exception. 
+
+Incorrect credentials will raise a Nokogiri error referencing `Undefined namespace prefix: //s:key[@name='isDone']`
 
 ## Revision History
 

data/VERSION

@@ -1 +1 @@
-0.8.0
+0.8.1

data/lib/splunk_client/splunk_client.rb

@@ -13,8 +13,14 @@ class SplunkClient
 
   def initialize(username, password, host, port=8089)
     @USER=username; @PASS=password; @HOST=host; @PORT=port
-
-    @SESSION_KEY = { 'authorization' => "Splunk #{get_session_key}" }
+    
+    sessionKey = get_session_key
+    
+    if (sessionKey == "")
+      raise SplunkSessionError, 'Session key is invalid. Please check your username, password and host' 
+    else
+      @SESSION_KEY = { 'authorization' => "Splunk #{sessionKey}" }
+    end
   end
 
   def search(search)
@@ -44,8 +50,8 @@ class SplunkClient
     splunk_get_request(url)
   end
   
-  def get_alert_list(user="nobody")
-    xml = splunk_get_request("/servicesNS/#{user}/search/alerts/fired_alerts")
+  def get_alert_list(user="nobody", count=30)
+    xml = splunk_get_request("/servicesNS/#{user}/search/alerts/fired_alerts?count=#{count}")
     SplunkAlertFeed.new(Nokogiri::Slop(xml), self)
   end
   
@@ -71,7 +77,7 @@ class SplunkClient
   end
 
   def splunk_get_request(path)
-    splunk_http_request.get(path, @SESSION_KEY).body
+    splunk_http_request.get(path, @SESSION_KEY.merge({'Content-Type' => 'application/x-www-form-urlencoded'})).body
   end
 
   def splunk_post_request(path, data=nil, headers=nil)
@@ -86,3 +92,8 @@ class SplunkClient
   end
 
 end #class SplunkClient
+
+class SplunkSessionError < SecurityError
+  # Exception class for handling invalid session tokens received by the gem
+end
+

data/lib/splunk_client/splunk_results.rb

@@ -16,6 +16,10 @@ class SplunkResults
 
     nokoResults = Nokogiri::Slop(rawResults)
 
+    if ((nokoResults.children.first.children.nil?) ||(nokoResults.children.first.children.count == 0))
+      return @results
+    end
+    
     if nokoResults.results.result.respond_to?("length")
       # Multiple Results, build array
       nokoResults.results.result.each do |resultObj|

data/spec/splunk_client_spec.rb

@@ -3,13 +3,17 @@ require File.expand_path File.join(File.dirname(__FILE__), 'spec_helper')
 describe SplunkClient do
 
   let(:splunk_client) { SplunkClient.new(splunk_user, splunk_passwd, splunk_host) }
-  let(:search) { 'sourcetype="syslog" "kernel" earliest=-30m' }
+  let(:search) { 'sourcetype="syslog" earliest=-1m' }
 
   context "initialization" do
 
+    it "should raise an exception" do
+      expect { SplunkClient.new("bad_user", "bad_passwd", splunk_host) }.to raise_error
+    end
+
     it "creates a session key" do
       splunk_client.send(:get_session_key).should_not be(nil)
-    end
+    end    
 
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: splunk-client
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.8.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-01-16 00:00:00.000000000 Z
+date: 2013-06-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -92,7 +92,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 description: splunk-client is a simple Ruby library for interfacing with Splunk's
-  REST API. It supports the retrieving of results via native Ruby methods.
+  REST API. It is API 5 compatable and provides an elegant native Ruby iterface for
+  working with Splunk results and alerts.
 email:
 - cbrito@gmail.com
 executables: []