splunk-sdk-ruby 0.1.0 → 0.8.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (36) hide show
  1. checksums.yaml +15 -0
  2. data/CHANGELOG.md +28 -0
  3. data/README.md +5 -17
  4. data/examples/6_work_with_modular_inputs.rb +96 -0
  5. data/examples/example_modular_inputs.spl +0 -0
  6. data/lib/splunk-sdk-ruby/atomfeed.rb +1 -1
  7. data/lib/splunk-sdk-ruby/collection.rb +112 -109
  8. data/lib/splunk-sdk-ruby/collection/input_kinds.rb +136 -0
  9. data/lib/splunk-sdk-ruby/collection/jobs.rb +9 -1
  10. data/lib/splunk-sdk-ruby/context.rb +7 -4
  11. data/lib/splunk-sdk-ruby/entity.rb +37 -29
  12. data/lib/splunk-sdk-ruby/entity/job.rb +12 -4
  13. data/lib/splunk-sdk-ruby/entity/modular_input_kind.rb +47 -0
  14. data/lib/splunk-sdk-ruby/resultsreader.rb +71 -17
  15. data/lib/splunk-sdk-ruby/service.rb +37 -5
  16. data/lib/splunk-sdk-ruby/version.rb +1 -1
  17. data/lib/splunk-sdk-ruby/xml_shim.rb +11 -0
  18. data/splunk-sdk-ruby.gemspec +3 -2
  19. data/test/data/atom_test_data.json +457 -0
  20. data/test/{export_test_data.json → data/export_test_data.json} +302 -182
  21. data/test/data/resultsreader_test_data.json +1693 -0
  22. data/test/test_atomfeed.rb +20 -9
  23. data/test/test_configuration_file.rb +22 -0
  24. data/test/test_context.rb +1 -1
  25. data/test/test_helper.rb +27 -15
  26. data/test/test_index.rb +2 -3
  27. data/test/test_inputs.rb +211 -0
  28. data/test/test_jobs.rb +73 -2
  29. data/test/test_modular_input_kinds.rb +46 -0
  30. data/test/test_restarts.rb +10 -0
  31. data/test/test_resultsreader.rb +22 -7
  32. data/test/test_users.rb +8 -0
  33. data/test/test_xml_shim.rb +10 -0
  34. metadata +104 -101
  35. data/test/atom_test_data.rb +0 -472
  36. data/test/resultsreader_test_data.json +0 -1119
data/test/{export_test_data.json → data/export_test_data.json} RENAMED
@@ -1,57 +1,53 @@
1
1
  {
2
- "4.2.5": {
2
+ "5.0.1": {
3
3
  "with_preview": [
4
4
  {
5
- "is_preview": true,
6
- "fields": ["method", "count(_raw)"],
7
- "messages": [
8
- {
9
- "type": "DEBUG",
10
- "value": "base lispy: [ AND index::_internal ]"
11
- },
12
- {
13
- "type": "DEBUG",
14
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
15
- }
5
+ "fields": [
6
+ "method",
7
+ "count(_raw)"
16
8
  ],
17
9
  "results": [
18
10
  {
19
- "method": "GET",
20
- "count(_raw)": "16"
11
+ "fields": {
12
+ "count(_raw)": "3544",
13
+ "method": "GET"
14
+ }
21
15
  },
22
16
  {
23
- "method": "POST",
24
- "count(_raw)": "3"
17
+ "fields": {
18
+ "count(_raw)": "437",
19
+ "method": "POST"
20
+ }
25
21
  }
26
- ]
22
+ ],
23
+ "is_preview": true
27
24
  },
28
25
  {
29
- "is_preview": true,
30
- "fields": ["method", "count(_raw)"],
31
- "messages": [
32
- {
33
- "type": "DEBUG",
34
- "value": "base lispy: [ AND index::_internal ]"
35
- },
36
- {
37
- "type": "DEBUG",
38
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
39
- }
26
+ "fields": [
27
+ "method",
28
+ "count(_raw)"
40
29
  ],
41
30
  "results": [
42
31
  {
43
- "method": "GET",
44
- "count(_raw)": "16"
32
+ "fields": {
33
+ "count(_raw)": "3544",
34
+ "method": "GET"
35
+ }
45
36
  },
46
37
  {
47
- "method": "POST",
48
- "count(_raw)": "7"
38
+ "fields": {
39
+ "count(_raw)": "437",
40
+ "method": "POST"
41
+ }
49
42
  }
50
- ]
43
+ ],
44
+ "is_preview": true
51
45
  },
52
46
  {
53
- "is_preview": false,
54
- "fields": ["method", "count(_raw)"],
47
+ "fields": [
48
+ "method",
49
+ "count(_raw)"
50
+ ],
55
51
  "messages": [
56
52
  {
57
53
  "type": "DEBUG",
@@ -59,24 +55,145 @@
59
55
  },
60
56
  {
61
57
  "type": "DEBUG",
62
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
58
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-5.0.2/etc\""
63
59
  }
64
60
  ],
65
61
  "results": [
66
62
  {
67
- "method": "GET",
68
- "count(_raw)": "16"
63
+ "fields": {
64
+ "count(_raw)": "3544",
65
+ "method": "GET"
66
+ }
69
67
  },
70
68
  {
71
- "method": "POST",
72
- "count(_raw)": "7"
69
+ "fields": {
70
+ "count(_raw)": "437",
71
+ "method": "POST"
72
+ }
73
73
  }
74
- ]
74
+ ],
75
+ "is_preview": false
75
76
  }
76
77
  ],
78
+ "nonreporting": {
79
+ "fields": [
80
+ "_bkt",
81
+ "_cd",
82
+ "_indextime",
83
+ "_raw",
84
+ "_serial",
85
+ "_si",
86
+ "_sourcetype",
87
+ "_subsecond",
88
+ "_time",
89
+ "host",
90
+ "index",
91
+ "linecount",
92
+ "source",
93
+ "sourcetype",
94
+ "splunk_server"
95
+ ],
96
+ "results": [
97
+ {
98
+ "RAW_XML": "<v xml:space=\"preserve\" trunc=\"0\">02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=indexertpool, qsize=0, workers=6, qwork_units=0</v>",
99
+ "fields": {
100
+ "_si": [
101
+ "fross-mbp15.local",
102
+ "_internal"
103
+ ],
104
+ "index": "_internal",
105
+ "sourcetype": "splunkd",
106
+ "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/metrics.log",
107
+ "_subsecond": ".060",
108
+ "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
109
+ "splunk_server": "fross-mbp15.local",
110
+ "_time": "2013-02-11 10:43:01.060 PST",
111
+ "linecount": "1",
112
+ "_sourcetype": "splunkd",
113
+ "_indextime": "1360608181",
114
+ "_raw": "02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=indexertpool, qsize=0, workers=6, qwork_units=0",
115
+ "host": "fross-mbp15.local",
116
+ "_serial": "0",
117
+ "_cd": "1:4419005"
118
+ }
119
+ },
120
+ {
121
+ "RAW_XML": "<v xml:space=\"preserve\" trunc=\"0\">02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=bundlereplthreadpool, qsize=0, workers=0, qwork_units=0</v>",
122
+ "fields": {
123
+ "_si": [
124
+ "fross-mbp15.local",
125
+ "_internal"
126
+ ],
127
+ "index": "_internal",
128
+ "sourcetype": "splunkd",
129
+ "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/metrics.log",
130
+ "_subsecond": ".060",
131
+ "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
132
+ "splunk_server": "fross-mbp15.local",
133
+ "_time": "2013-02-11 10:43:01.060 PST",
134
+ "linecount": "1",
135
+ "_sourcetype": "splunkd",
136
+ "_indextime": "1360608181",
137
+ "_raw": "02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=bundlereplthreadpool, qsize=0, workers=0, qwork_units=0",
138
+ "host": "fross-mbp15.local",
139
+ "_serial": "1",
140
+ "_cd": "1:4418999"
141
+ }
142
+ },
143
+ {
144
+ "RAW_XML": "<v xml:space=\"preserve\" trunc=\"0\">127.0.0.1 - admin [11/Feb/2013:10:42:49.790 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 440404 - - - 257ms</v>",
145
+ "fields": {
146
+ "_si": [
147
+ "fross-mbp15.local",
148
+ "_internal"
149
+ ],
150
+ "index": "_internal",
151
+ "sourcetype": "splunkd_access",
152
+ "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/splunkd_access.log",
153
+ "_subsecond": ".790",
154
+ "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
155
+ "splunk_server": "fross-mbp15.local",
156
+ "_time": "2013-02-11 10:42:49.790 PST",
157
+ "linecount": "1",
158
+ "_sourcetype": "splunkd_access",
159
+ "_indextime": "1360608170",
160
+ "_raw": "127.0.0.1 - admin [11/Feb/2013:10:42:49.790 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 440404 - - - 257ms",
161
+ "host": "fross-mbp15.local",
162
+ "_serial": "51",
163
+ "_cd": "1:4418632"
164
+ }
165
+ },
166
+ {
167
+ "RAW_XML": "<v xml:space=\"preserve\" trunc=\"0\">127.0.0.1 - admin [11/Feb/2013:10:42:36.527 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 4937 - - - 219ms</v>",
168
+ "fields": {
169
+ "_si": [
170
+ "fross-mbp15.local",
171
+ "_internal"
172
+ ],
173
+ "index": "_internal",
174
+ "sourcetype": "splunkd_access",
175
+ "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/splunkd_access.log",
176
+ "_subsecond": ".527",
177
+ "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
178
+ "splunk_server": "fross-mbp15.local",
179
+ "_time": "2013-02-11 10:42:36.527 PST",
180
+ "linecount": "1",
181
+ "_sourcetype": "splunkd_access",
182
+ "_indextime": "1360608157",
183
+ "_raw": "127.0.0.1 - admin [11/Feb/2013:10:42:36.527 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 4937 - - - 219ms",
184
+ "host": "fross-mbp15.local",
185
+ "_serial": "52",
186
+ "_cd": "1:4418626"
187
+ }
188
+ }
189
+ ],
190
+ "is_preview": false
191
+ },
77
192
  "without_preview": {
78
- "is_preview": false,
79
- "fields": ["method", "count(_raw)"],
193
+ "fields": [
194
+ "method",
195
+ "count(_raw)"
196
+ ],
80
197
  "messages": [
81
198
  {
82
199
  "type": "DEBUG",
@@ -84,26 +201,33 @@
84
201
  },
85
202
  {
86
203
  "type": "DEBUG",
87
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
204
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-5.0.2/etc\""
88
205
  }
89
206
  ],
90
207
  "results": [
91
208
  {
92
- "method": "GET",
93
- "count(_raw)": "16"
209
+ "fields": {
210
+ "count(_raw)": "3544",
211
+ "method": "GET"
212
+ }
94
213
  },
95
214
  {
96
- "method": "POST",
97
- "count(_raw)": "7"
215
+ "fields": {
216
+ "count(_raw)": "437",
217
+ "method": "POST"
218
+ }
98
219
  }
99
- ]
220
+ ],
221
+ "is_preview": false
100
222
  }
101
223
  },
102
224
  "4.3.5": {
103
225
  "with_preview": [
104
226
  {
105
- "is_preview": true,
106
- "fields": ["method", "count(_raw)"],
227
+ "fields": [
228
+ "method",
229
+ "count(_raw)"
230
+ ],
107
231
  "messages": [
108
232
  {
109
233
  "type": "DEBUG",
@@ -116,18 +240,25 @@
116
240
  ],
117
241
  "results": [
118
242
  {
119
- "method": "GET",
120
- "count(_raw)": "37"
243
+ "fields": {
244
+ "count(_raw)": "37",
245
+ "method": "GET"
246
+ }
121
247
  },
122
248
  {
123
- "method": "POST",
124
- "count(_raw)": "5"
249
+ "fields": {
250
+ "count(_raw)": "5",
251
+ "method": "POST"
252
+ }
125
253
  }
126
- ]
254
+ ],
255
+ "is_preview": true
127
256
  },
128
257
  {
129
- "is_preview": true,
130
- "fields": ["method", "count(_raw)"],
258
+ "fields": [
259
+ "method",
260
+ "count(_raw)"
261
+ ],
131
262
  "messages": [
132
263
  {
133
264
  "type": "DEBUG",
@@ -140,18 +271,25 @@
140
271
  ],
141
272
  "results": [
142
273
  {
143
- "method": "GET",
144
- "count(_raw)": "41"
274
+ "fields": {
275
+ "count(_raw)": "41",
276
+ "method": "GET"
277
+ }
145
278
  },
146
279
  {
147
- "method": "POST",
148
- "count(_raw)": "6"
280
+ "fields": {
281
+ "count(_raw)": "6",
282
+ "method": "POST"
283
+ }
149
284
  }
150
- ]
285
+ ],
286
+ "is_preview": true
151
287
  },
152
288
  {
153
- "is_preview": false,
154
- "fields": ["method", "count(_raw)"],
289
+ "fields": [
290
+ "method",
291
+ "count(_raw)"
292
+ ],
155
293
  "messages": [
156
294
  {
157
295
  "type": "DEBUG",
@@ -164,19 +302,26 @@
164
302
  ],
165
303
  "results": [
166
304
  {
167
- "method": "GET",
168
- "count(_raw)": "41"
305
+ "fields": {
306
+ "count(_raw)": "41",
307
+ "method": "GET"
308
+ }
169
309
  },
170
310
  {
171
- "method": "POST",
172
- "count(_raw)": "6"
311
+ "fields": {
312
+ "count(_raw)": "6",
313
+ "method": "POST"
314
+ }
173
315
  }
174
- ]
316
+ ],
317
+ "is_preview": false
175
318
  }
176
319
  ],
177
320
  "without_preview": {
178
- "is_preview": false,
179
- "fields": ["method", "count(_raw)"],
321
+ "fields": [
322
+ "method",
323
+ "count(_raw)"
324
+ ],
180
325
  "messages": [
181
326
  {
182
327
  "type": "DEBUG",
@@ -189,127 +334,90 @@
189
334
  ],
190
335
  "results": [
191
336
  {
192
- "method": "GET",
193
- "count(_raw)": "41"
337
+ "fields": {
338
+ "count(_raw)": "41",
339
+ "method": "GET"
340
+ }
194
341
  },
195
342
  {
196
- "method": "POST",
197
- "count(_raw)": "6"
343
+ "fields": {
344
+ "count(_raw)": "6",
345
+ "method": "POST"
346
+ }
198
347
  }
199
- ]
348
+ ],
349
+ "is_preview": false
200
350
  }
201
351
  },
202
- "5.0.1": {
203
- "nonreporting": [
352
+ "4.2.5": {
353
+ "with_preview": [
204
354
  {
205
- "is_preview": false,
206
- "fields": ["_bkt", "_cd", "_indextime", "_raw", "_serial", "_si",
207
- "_sourcetype", "_subsecond", "_time", "host", "index",
208
- "linecount", "source", "sourcetype", "splunk_server"],
209
- "results": [
355
+ "fields": [
356
+ "method",
357
+ "count(_raw)"
358
+ ],
359
+ "messages": [
210
360
  {
211
- "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
212
- "_cd": "1:4419005",
213
- "_indextime": "1360608181",
214
- "_raw": "02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=indexertpool, qsize=0, workers=6, qwork_units=0",
215
- "_serial": "0",
216
- "_si": ["fross-mbp15.local", "_internal"],
217
- "_sourcetype": "splunkd",
218
- "_subsecond": ".060",
219
- "_time": "2013-02-11 10:43:01.060 PST",
220
- "host": "fross-mbp15.local",
221
- "index": "_internal",
222
- "linecount": "1",
223
- "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/metrics.log",
224
- "sourcetype": "splunkd",
225
- "splunk_server": "fross-mbp15.local"
361
+ "type": "DEBUG",
362
+ "value": "base lispy: [ AND index::_internal ]"
226
363
  },
227
364
  {
228
- "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
229
- "_cd": "1:4418999",
230
- "_indextime": "1360608181",
231
- "_raw": "02-11-2013 10:43:01.060 -0800 INFO Metrics - group=tpool, name=bundlereplthreadpool, qsize=0, workers=0, qwork_units=0",
232
- "_serial": "1",
233
- "_si": ["fross-mbp15.local", "_internal"],
234
- "_sourcetype": "splunkd",
235
- "_subsecond": ".060",
236
- "_time": "2013-02-11 10:43:01.060 PST",
237
- "host": "fross-mbp15.local",
238
- "index": "_internal",
239
- "linecount": "1",
240
- "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/metrics.log",
241
- "sourcetype": "splunkd",
242
- "splunk_server": "fross-mbp15.local"
243
- },
365
+ "type": "DEBUG",
366
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
367
+ }
368
+ ],
369
+ "results": [
244
370
  {
245
- "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
246
- "_cd": "1:4418632",
247
- "_indextime": "1360608170",
248
- "_raw": "127.0.0.1 - admin [11/Feb/2013:10:42:49.790 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 440404 - - - 257ms",
249
- "_serial": "51",
250
- "_si": ["fross-mbp15.local", "_internal"],
251
- "_sourcetype": "splunkd_access",
252
- "_subsecond": ".790",
253
- "_time": "2013-02-11 10:42:49.790 PST",
254
- "host": "fross-mbp15.local",
255
- "index": "_internal",
256
- "linecount": "1",
257
- "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/splunkd_access.log",
258
- "sourcetype": "splunkd_access",
259
- "splunk_server": "fross-mbp15.local"
371
+ "fields": {
372
+ "count(_raw)": "16",
373
+ "method": "GET"
374
+ }
260
375
  },
261
376
  {
262
- "_bkt": "_internal~1~BC03CEFB-A9C5-4DF5-9D8D-2558AD6E6EA9",
263
- "_cd": "1:4418626",
264
- "_indextime": "1360608157",
265
- "_raw": "127.0.0.1 - admin [11/Feb/2013:10:42:36.527 -0800] \"POST /services/search/jobs/export HTTP/1.1\" 200 4937 - - - 219ms",
266
- "_serial": "52",
267
- "_si": ["fross-mbp15.local", "_internal"],
268
- "_sourcetype": "splunkd_access",
269
- "_subsecond": ".527",
270
- "_time": "2013-02-11 10:42:36.527 PST",
271
- "host": "fross-mbp15.local",
272
- "index": "_internal",
273
- "linecount": "1",
274
- "source": "/Users/fross/splunks/splunk-5.0.2/var/log/splunk/splunkd_access.log",
275
- "sourcetype": "splunkd_access",
276
- "splunk_server": "fross-mbp15.local"
377
+ "fields": {
378
+ "count(_raw)": "3",
379
+ "method": "POST"
380
+ }
277
381
  }
278
- ]
279
- }
280
- ],
281
- "with_preview": [
382
+ ],
383
+ "is_preview": true
384
+ },
282
385
  {
283
- "is_preview": true,
284
- "fields": ["method", "count(_raw)"],
285
- "results": [
386
+ "fields": [
387
+ "method",
388
+ "count(_raw)"
389
+ ],
390
+ "messages": [
286
391
  {
287
- "method": "GET",
288
- "count(_raw)": "3544"
392
+ "type": "DEBUG",
393
+ "value": "base lispy: [ AND index::_internal ]"
289
394
  },
290
395
  {
291
- "method": "POST",
292
- "count(_raw)": "437"
396
+ "type": "DEBUG",
397
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
293
398
  }
294
- ]
295
- },
296
- {
297
- "is_preview": true,
298
- "fields": ["method", "count(_raw)"],
399
+ ],
299
400
  "results": [
300
401
  {
301
- "method": "GET",
302
- "count(_raw)": "3544"
402
+ "fields": {
403
+ "count(_raw)": "16",
404
+ "method": "GET"
405
+ }
303
406
  },
304
407
  {
305
- "method": "POST",
306
- "count(_raw)": "437"
408
+ "fields": {
409
+ "count(_raw)": "7",
410
+ "method": "POST"
411
+ }
307
412
  }
308
- ]
413
+ ],
414
+ "is_preview": true
309
415
  },
310
416
  {
311
- "is_preview": false,
312
- "fields": ["method", "count(_raw)"],
417
+ "fields": [
418
+ "method",
419
+ "count(_raw)"
420
+ ],
313
421
  "messages": [
314
422
  {
315
423
  "type": "DEBUG",
@@ -317,24 +425,31 @@
317
425
  },
318
426
  {
319
427
  "type": "DEBUG",
320
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-5.0.2/etc\""
428
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
321
429
  }
322
430
  ],
323
431
  "results": [
324
432
  {
325
- "method": "GET",
326
- "count(_raw)": "3544"
433
+ "fields": {
434
+ "count(_raw)": "16",
435
+ "method": "GET"
436
+ }
327
437
  },
328
438
  {
329
- "method": "POST",
330
- "count(_raw)": "437"
439
+ "fields": {
440
+ "count(_raw)": "7",
441
+ "method": "POST"
442
+ }
331
443
  }
332
- ]
444
+ ],
445
+ "is_preview": false
333
446
  }
334
447
  ],
335
448
  "without_preview": {
336
- "is_preview": false,
337
- "fields": ["method", "count(_raw)"],
449
+ "fields": [
450
+ "method",
451
+ "count(_raw)"
452
+ ],
338
453
  "messages": [
339
454
  {
340
455
  "type": "DEBUG",
@@ -342,19 +457,24 @@
342
457
  },
343
458
  {
344
459
  "type": "DEBUG",
345
- "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-5.0.2/etc\""
460
+ "value": "search context: user=\"admin\", app=\"search\", bs-pathname=\"/Users/fross/splunks/splunk-4.2.5.6/etc\""
346
461
  }
347
462
  ],
348
463
  "results": [
349
464
  {
350
- "method": "GET",
351
- "count(_raw)": "3544"
465
+ "fields": {
466
+ "count(_raw)": "16",
467
+ "method": "GET"
468
+ }
352
469
  },
353
470
  {
354
- "method": "POST",
355
- "count(_raw)": "437"
471
+ "fields": {
472
+ "count(_raw)": "7",
473
+ "method": "POST"
474
+ }
356
475
  }
357
- ]
476
+ ],
477
+ "is_preview": false
358
478
  }
359
479
  }
360
480
  }