splunk-sdk-ruby 0.1.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. checksums.yaml +15 -0
  2. data/CHANGELOG.md +28 -0
  3. data/README.md +5 -17
  4. data/examples/6_work_with_modular_inputs.rb +96 -0
  5. data/examples/example_modular_inputs.spl +0 -0
  6. data/lib/splunk-sdk-ruby/atomfeed.rb +1 -1
  7. data/lib/splunk-sdk-ruby/collection.rb +112 -109
  8. data/lib/splunk-sdk-ruby/collection/input_kinds.rb +136 -0
  9. data/lib/splunk-sdk-ruby/collection/jobs.rb +9 -1
  10. data/lib/splunk-sdk-ruby/context.rb +7 -4
  11. data/lib/splunk-sdk-ruby/entity.rb +37 -29
  12. data/lib/splunk-sdk-ruby/entity/job.rb +12 -4
  13. data/lib/splunk-sdk-ruby/entity/modular_input_kind.rb +47 -0
  14. data/lib/splunk-sdk-ruby/resultsreader.rb +71 -17
  15. data/lib/splunk-sdk-ruby/service.rb +37 -5
  16. data/lib/splunk-sdk-ruby/version.rb +1 -1
  17. data/lib/splunk-sdk-ruby/xml_shim.rb +11 -0
  18. data/splunk-sdk-ruby.gemspec +3 -2
  19. data/test/data/atom_test_data.json +457 -0
  20. data/test/{export_test_data.json → data/export_test_data.json} +302 -182
  21. data/test/data/resultsreader_test_data.json +1693 -0
  22. data/test/test_atomfeed.rb +20 -9
  23. data/test/test_configuration_file.rb +22 -0
  24. data/test/test_context.rb +1 -1
  25. data/test/test_helper.rb +27 -15
  26. data/test/test_index.rb +2 -3
  27. data/test/test_inputs.rb +211 -0
  28. data/test/test_jobs.rb +73 -2
  29. data/test/test_modular_input_kinds.rb +46 -0
  30. data/test/test_restarts.rb +10 -0
  31. data/test/test_resultsreader.rb +22 -7
  32. data/test/test_users.rb +8 -0
  33. data/test/test_xml_shim.rb +10 -0
  34. metadata +104 -101
  35. data/test/atom_test_data.rb +0 -472
  36. data/test/resultsreader_test_data.json +0 -1119
data/test/{export_test_data.json → data/export_test_data.json} RENAMED
@@ -1,57 +1,53 @@
1
1
  {
2
- "4.2.5": {
2
+ "5.0.1": {
3
3
  "with_preview": [
4
4
  {
5
- "is_preview": true,
6
- "fields": ["method", "count(_raw)"],
7
- "messages": [
8
- {
9
- "type": "DEBUG",
10
- "value": "base lispy: [ AND index::_internal ]"
11
- },
12
- {
13
- "type": "DEBUG",
14
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
15
- }
5
+ "fields": [
6
+ "method",
7
+ "count(_raw)"
16
8
  ],
17
9
  "results": [
18
10
  {
19
- "method": "GET",
20
- "count(_raw)": "16"
11
+ "fields": {
12
+ "count(_raw)": "3544",
13
+ "method": "GET"
14
+ }
21
15
  },
22
16
  {
23
- "method": "POST",
24
- "count(_raw)": "3"
17
+ "fields": {
18
+ "count(_raw)": "437",
19
+ "method": "POST"
20
+ }
25
21
  }
26
- ]
22
+ ],
23
+ "is_preview": true
27
24
  },
28
25
  {
29
- "is_preview": true,
30
- "fields": ["method", "count(_raw)"],
31
- "messages": [
32
- {
33
- "type": "DEBUG",
34
- "value": "base lispy: [ AND index::_internal ]"
35
- },
36
- {
37
- "type": "DEBUG",
38
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
39
- }
26
+ "fields": [
27
+ "method",
28
+ "count(_raw)"
40
29
  ],
41
30
  "results": [
42
31
  {
43
- "method": "GET",
44
- "count(_raw)": "16"
32
+ "fields": {
33
+ "count(_raw)": "3544",
34
+ "method": "GET"
35
+ }
45
36
  },
46
37
  {
47
- "method": "POST",
48
- "count(_raw)": "7"
38
+ "fields": {
39
+ "count(_raw)": "437",
40
+ "method": "POST"
41
+ }
49
42
  }
50
- ]
43
+ ],
44
+ "is_preview": true
51
45
  },
52
46
  {
53
- "is_preview": false,
54
- "fields": ["method", "count(_raw)"],
47
+ "fields": [
48
+ "method",
49
+ "count(_raw)"
50
+ ],
55
51
  "messages": [
56
52
  {
57
53
  "type": "DEBUG",
@@ -59,24 +55,145 @@
59
55
  },
60
56
  {
61
57
  "type": "DEBUG",
62
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
58
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-5.0.2/etc\""
63
59
  }
64
60
  ],
65
61
  "results": [
66
62
  {
67
- "method": "GET",
68
- "count(_raw)": "16"
63
+ "fields": {
64
+ "count(_raw)": "3544",
65
+ "method": "GET"
66
+ }
69
67
  },
70
68
  {
71
- "method": "POST",
72
- "count(_raw)": "7"
69
+ "fields": {
70
+ "count(_raw)": "437",
71
+ "method": "POST"
72
+ }
73
73
  }
74
- ]
74
+ ],
75
+ "is_preview": false
75
76
  }
76
77
  ],
78
+ "nonreporting": {
79
+ "fields": [
80
+ "_bkt",
81
+ "_cd",
82
+ "_indextime",
83
+ "_raw",
84
+ "_serial",
85
+ "_si",
86
+ "_sourcetype",
87
+ "_subsecond",
88
+ "_time",
89
+ "host",
90
+ "index",
91
+ "linecount",
92
+ "source",
93
+ "sourcetype",
94
+ "splunk_server"
95
+ ],
96
+ "results": [
97
+ {
98
+ "RAW_XML": "<v xml:space=\"preserve\" trunc=\"0\">02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=indexertpool, qsize=0, workers=6, qwork_units=0</v>",
99
+ "fields": {
100
+ "_si": [
101
+ "fross-mbp15.local",
102
+ "_internal"
103
+ ],
104
+ "index": "_internal",
105
+ "sourcetype": "splunkd",
106
+ "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/metrics.log",
107
+ "_subsecond": ".060",
108
+ "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
109
+ "splunk_server": "fross-mbp15.local",
110
+ "_time": "2013-02-11 10:43:01.060 PST",
111
+ "linecount": "1",
112
+ "_sourcetype": "splunkd",
113
+ "_indextime": "1360608181",
114
+ "_raw": "02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=indexertpool, qsize=0, workers=6, qwork_units=0",
115
+ "host": "fross-mbp15.local",
116
+ "_serial": "0",
117
+ "_cd": "1:4419005"
118
+ }
119
+ },
120
+ {
121
+ "RAW_XML": "<v xml:space=\"preserve\" trunc=\"0\">02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=bundlereplthreadpool, qsize=0, workers=0, qwork_units=0</v>",
122
+ "fields": {
123
+ "_si": [
124
+ "fross-mbp15.local",
125
+ "_internal"
126
+ ],
127
+ "index": "_internal",
128
+ "sourcetype": "splunkd",
129
+ "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/metrics.log",
130
+ "_subsecond": ".060",
131
+ "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
132
+ "splunk_server": "fross-mbp15.local",
133
+ "_time": "2013-02-11 10:43:01.060 PST",
134
+ "linecount": "1",
135
+ "_sourcetype": "splunkd",
136
+ "_indextime": "1360608181",
137
+ "_raw": "02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=bundlereplthreadpool, qsize=0, workers=0, qwork_units=0",
138
+ "host": "fross-mbp15.local",
139
+ "_serial": "1",
140
+ "_cd": "1:4418999"
141
+ }
142
+ },
143
+ {
144
+ "RAW_XML": "<v xml:space=\"preserve\" trunc=\"0\">127.0.0.1 - admin [11/Feb/2013:10:42:49.790 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 440404 - - - 257ms</v>",
145
+ "fields": {
146
+ "_si": [
147
+ "fross-mbp15.local",
148
+ "_internal"
149
+ ],
150
+ "index": "_internal",
151
+ "sourcetype": "splunkd_access",
152
+ "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/splunkd_access.log",
153
+ "_subsecond": ".790",
154
+ "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
155
+ "splunk_server": "fross-mbp15.local",
156
+ "_time": "2013-02-11 10:42:49.790 PST",
157
+ "linecount": "1",
158
+ "_sourcetype": "splunkd_access",
159
+ "_indextime": "1360608170",
160
+ "_raw": "127.0.0.1 - admin [11/Feb/2013:10:42:49.790 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 440404 - - - 257ms",
161
+ "host": "fross-mbp15.local",
162
+ "_serial": "51",
163
+ "_cd": "1:4418632"
164
+ }
165
+ },
166
+ {
167
+ "RAW_XML": "<v xml:space=\"preserve\" trunc=\"0\">127.0.0.1 - admin [11/Feb/2013:10:42:36.527 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 4937 - - - 219ms</v>",
168
+ "fields": {
169
+ "_si": [
170
+ "fross-mbp15.local",
171
+ "_internal"
172
+ ],
173
+ "index": "_internal",
174
+ "sourcetype": "splunkd_access",
175
+ "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/splunkd_access.log",
176
+ "_subsecond": ".527",
177
+ "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
178
+ "splunk_server": "fross-mbp15.local",
179
+ "_time": "2013-02-11 10:42:36.527 PST",
180
+ "linecount": "1",
181
+ "_sourcetype": "splunkd_access",
182
+ "_indextime": "1360608157",
183
+ "_raw": "127.0.0.1 - admin [11/Feb/2013:10:42:36.527 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 4937 - - - 219ms",
184
+ "host": "fross-mbp15.local",
185
+ "_serial": "52",
186
+ "_cd": "1:4418626"
187
+ }
188
+ }
189
+ ],
190
+ "is_preview": false
191
+ },
77
192
  "without_preview": {
78
- "is_preview": false,
79
- "fields": ["method", "count(_raw)"],
193
+ "fields": [
194
+ "method",
195
+ "count(_raw)"
196
+ ],
80
197
  "messages": [
81
198
  {
82
199
  "type": "DEBUG",
@@ -84,26 +201,33 @@
84
201
  },
85
202
  {
86
203
  "type": "DEBUG",
87
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
204
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-5.0.2/etc\""
88
205
  }
89
206
  ],
90
207
  "results": [
91
208
  {
92
- "method": "GET",
93
- "count(_raw)": "16"
209
+ "fields": {
210
+ "count(_raw)": "3544",
211
+ "method": "GET"
212
+ }
94
213
  },
95
214
  {
96
- "method": "POST",
97
- "count(_raw)": "7"
215
+ "fields": {
216
+ "count(_raw)": "437",
217
+ "method": "POST"
218
+ }
98
219
  }
99
- ]
220
+ ],
221
+ "is_preview": false
100
222
  }
101
223
  },
102
224
  "4.3.5": {
103
225
  "with_preview": [
104
226
  {
105
- "is_preview": true,
106
- "fields": ["method", "count(_raw)"],
227
+ "fields": [
228
+ "method",
229
+ "count(_raw)"
230
+ ],
107
231
  "messages": [
108
232
  {
109
233
  "type": "DEBUG",
@@ -116,18 +240,25 @@
116
240
  ],
117
241
  "results": [
118
242
  {
119
- "method": "GET",
120
- "count(_raw)": "37"
243
+ "fields": {
244
+ "count(_raw)": "37",
245
+ "method": "GET"
246
+ }
121
247
  },
122
248
  {
123
- "method": "POST",
124
- "count(_raw)": "5"
249
+ "fields": {
250
+ "count(_raw)": "5",
251
+ "method": "POST"
252
+ }
125
253
  }
126
- ]
254
+ ],
255
+ "is_preview": true
127
256
  },
128
257
  {
129
- "is_preview": true,
130
- "fields": ["method", "count(_raw)"],
258
+ "fields": [
259
+ "method",
260
+ "count(_raw)"
261
+ ],
131
262
  "messages": [
132
263
  {
133
264
  "type": "DEBUG",
@@ -140,18 +271,25 @@
140
271
  ],
141
272
  "results": [
142
273
  {
143
- "method": "GET",
144
- "count(_raw)": "41"
274
+ "fields": {
275
+ "count(_raw)": "41",
276
+ "method": "GET"
277
+ }
145
278
  },
146
279
  {
147
- "method": "POST",
148
- "count(_raw)": "6"
280
+ "fields": {
281
+ "count(_raw)": "6",
282
+ "method": "POST"
283
+ }
149
284
  }
150
- ]
285
+ ],
286
+ "is_preview": true
151
287
  },
152
288
  {
153
- "is_preview": false,
154
- "fields": ["method", "count(_raw)"],
289
+ "fields": [
290
+ "method",
291
+ "count(_raw)"
292
+ ],
155
293
  "messages": [
156
294
  {
157
295
  "type": "DEBUG",
@@ -164,19 +302,26 @@
164
302
  ],
165
303
  "results": [
166
304
  {
167
- "method": "GET",
168
- "count(_raw)": "41"
305
+ "fields": {
306
+ "count(_raw)": "41",
307
+ "method": "GET"
308
+ }
169
309
  },
170
310
  {
171
- "method": "POST",
172
- "count(_raw)": "6"
311
+ "fields": {
312
+ "count(_raw)": "6",
313
+ "method": "POST"
314
+ }
173
315
  }
174
- ]
316
+ ],
317
+ "is_preview": false
175
318
  }
176
319
  ],
177
320
  "without_preview": {
178
- "is_preview": false,
179
- "fields": ["method", "count(_raw)"],
321
+ "fields": [
322
+ "method",
323
+ "count(_raw)"
324
+ ],
180
325
  "messages": [
181
326
  {
182
327
  "type": "DEBUG",
@@ -189,127 +334,90 @@
189
334
  ],
190
335
  "results": [
191
336
  {
192
- "method": "GET",
193
- "count(_raw)": "41"
337
+ "fields": {
338
+ "count(_raw)": "41",
339
+ "method": "GET"
340
+ }
194
341
  },
195
342
  {
196
- "method": "POST",
197
- "count(_raw)": "6"
343
+ "fields": {
344
+ "count(_raw)": "6",
345
+ "method": "POST"
346
+ }
198
347
  }
199
- ]
348
+ ],
349
+ "is_preview": false
200
350
  }
201
351
  },
202
- "5.0.1": {
203
- "nonreporting": [
352
+ "4.2.5": {
353
+ "with_preview": [
204
354
  {
205
- "is_preview": false,
206
- "fields": ["_bkt", "_cd", "_indextime", "_raw", "_serial", "_si",
207
- "_sourcetype", "_subsecond", "_time", "host", "index",
208
- "linecount", "source", "sourcetype", "splunk_server"],
209
- "results": [
355
+ "fields": [
356
+ "method",
357
+ "count(_raw)"
358
+ ],
359
+ "messages": [
210
360
  {
211
- "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
212
- "_cd": "1:4419005",
213
- "_indextime": "1360608181",
214
- "_raw": "02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=indexertpool, qsize=0, workers=6, qwork_units=0",
215
- "_serial": "0",
216
- "_si": ["fross-mbp15.local", "_internal"],
217
- "_sourcetype": "splunkd",
218
- "_subsecond": ".060",
219
- "_time": "2013-02-11 10:43:01.060 PST",
220
- "host": "fross-mbp15.local",
221
- "index": "_internal",
222
- "linecount": "1",
223
- "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/metrics.log",
224
- "sourcetype": "splunkd",
225
- "splunk_server": "fross-mbp15.local"
361
+ "type": "DEBUG",
362
+ "value": "base lispy: [ AND index::_internal ]"
226
363
  },
227
364
  {
228
- "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
229
- "_cd": "1:4418999",
230
- "_indextime": "1360608181",
231
- "_raw": "02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=bundlereplthreadpool, qsize=0, workers=0, qwork_units=0",
232
- "_serial": "1",
233
- "_si": ["fross-mbp15.local", "_internal"],
234
- "_sourcetype": "splunkd",
235
- "_subsecond": ".060",
236
- "_time": "2013-02-11 10:43:01.060 PST",
237
- "host": "fross-mbp15.local",
238
- "index": "_internal",
239
- "linecount": "1",
240
- "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/metrics.log",
241
- "sourcetype": "splunkd",
242
- "splunk_server": "fross-mbp15.local"
243
- },
365
+ "type": "DEBUG",
366
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
367
+ }
368
+ ],
369
+ "results": [
244
370
  {
245
- "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
246
- "_cd": "1:4418632",
247
- "_indextime": "1360608170",
248
- "_raw": "127.0.0.1 - admin [11/Feb/2013:10:42:49.790 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 440404 - - - 257ms",
249
- "_serial": "51",
250
- "_si": ["fross-mbp15.local", "_internal"],
251
- "_sourcetype": "splunkd_access",
252
- "_subsecond": ".790",
253
- "_time": "2013-02-11 10:42:49.790 PST",
254
- "host": "fross-mbp15.local",
255
- "index": "_internal",
256
- "linecount": "1",
257
- "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/splunkd_access.log",
258
- "sourcetype": "splunkd_access",
259
- "splunk_server": "fross-mbp15.local"
371
+ "fields": {
372
+ "count(_raw)": "16",
373
+ "method": "GET"
374
+ }
260
375
  },
261
376
  {
262
- "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
263
- "_cd": "1:4418626",
264
- "_indextime": "1360608157",
265
- "_raw": "127.0.0.1 - admin [11/Feb/2013:10:42:36.527 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 4937 - - - 219ms",
266
- "_serial": "52",
267
- "_si": ["fross-mbp15.local", "_internal"],
268
- "_sourcetype": "splunkd_access",
269
- "_subsecond": ".527",
270
- "_time": "2013-02-11 10:42:36.527 PST",
271
- "host": "fross-mbp15.local",
272
- "index": "_internal",
273
- "linecount": "1",
274
- "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/splunkd_access.log",
275
- "sourcetype": "splunkd_access",
276
- "splunk_server": "fross-mbp15.local"
377
+ "fields": {
378
+ "count(_raw)": "3",
379
+ "method": "POST"
380
+ }
277
381
  }
278
- ]
279
- }
280
- ],
281
- "with_preview": [
382
+ ],
383
+ "is_preview": true
384
+ },
282
385
  {
283
- "is_preview": true,
284
- "fields": ["method", "count(_raw)"],
285
- "results": [
386
+ "fields": [
387
+ "method",
388
+ "count(_raw)"
389
+ ],
390
+ "messages": [
286
391
  {
287
- "method": "GET",
288
- "count(_raw)": "3544"
392
+ "type": "DEBUG",
393
+ "value": "base lispy: [ AND index::_internal ]"
289
394
  },
290
395
  {
291
- "method": "POST",
292
- "count(_raw)": "437"
396
+ "type": "DEBUG",
397
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
293
398
  }
294
- ]
295
- },
296
- {
297
- "is_preview": true,
298
- "fields": ["method", "count(_raw)"],
399
+ ],
299
400
  "results": [
300
401
  {
301
- "method": "GET",
302
- "count(_raw)": "3544"
402
+ "fields": {
403
+ "count(_raw)": "16",
404
+ "method": "GET"
405
+ }
303
406
  },
304
407
  {
305
- "method": "POST",
306
- "count(_raw)": "437"
408
+ "fields": {
409
+ "count(_raw)": "7",
410
+ "method": "POST"
411
+ }
307
412
  }
308
- ]
413
+ ],
414
+ "is_preview": true
309
415
  },
310
416
  {
311
- "is_preview": false,
312
- "fields": ["method", "count(_raw)"],
417
+ "fields": [
418
+ "method",
419
+ "count(_raw)"
420
+ ],
313
421
  "messages": [
314
422
  {
315
423
  "type": "DEBUG",
@@ -317,24 +425,31 @@
317
425
  },
318
426
  {
319
427
  "type": "DEBUG",
320
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-5.0.2/etc\""
428
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
321
429
  }
322
430
  ],
323
431
  "results": [
324
432
  {
325
- "method": "GET",
326
- "count(_raw)": "3544"
433
+ "fields": {
434
+ "count(_raw)": "16",
435
+ "method": "GET"
436
+ }
327
437
  },
328
438
  {
329
- "method": "POST",
330
- "count(_raw)": "437"
439
+ "fields": {
440
+ "count(_raw)": "7",
441
+ "method": "POST"
442
+ }
331
443
  }
332
- ]
444
+ ],
445
+ "is_preview": false
333
446
  }
334
447
  ],
335
448
  "without_preview": {
336
- "is_preview": false,
337
- "fields": ["method", "count(_raw)"],
449
+ "fields": [
450
+ "method",
451
+ "count(_raw)"
452
+ ],
338
453
  "messages": [
339
454
  {
340
455
  "type": "DEBUG",
@@ -342,19 +457,24 @@
342
457
  },
343
458
  {
344
459
  "type": "DEBUG",
345
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-5.0.2/etc\""
460
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
346
461
  }
347
462
  ],
348
463
  "results": [
349
464
  {
350
- "method": "GET",
351
- "count(_raw)": "3544"
465
+ "fields": {
466
+ "count(_raw)": "16",
467
+ "method": "GET"
468
+ }
352
469
  },
353
470
  {
354
- "method": "POST",
355
- "count(_raw)": "437"
471
+ "fields": {
472
+ "count(_raw)": "7",
473
+ "method": "POST"
474
+ }
356
475
  }
357
- ]
476
+ ],
477
+ "is_preview": false
358
478
  }
359
479
  }
360
480
  }