splunk-sdk-ruby 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.md +160 -0
- data/Gemfile +8 -0
- data/LICENSE +177 -0
- data/README.md +310 -0
- data/Rakefile +40 -0
- data/examples/1_connect.rb +51 -0
- data/examples/2_manage.rb +103 -0
- data/examples/3_blocking_searches.rb +82 -0
- data/examples/4_asynchronous_searches.rb +79 -0
- data/examples/5_stream_data_to_splunk.rb +79 -0
- data/lib/splunk-sdk-ruby.rb +47 -0
- data/lib/splunk-sdk-ruby/ambiguous_entity_reference.rb +28 -0
- data/lib/splunk-sdk-ruby/atomfeed.rb +323 -0
- data/lib/splunk-sdk-ruby/collection.rb +417 -0
- data/lib/splunk-sdk-ruby/collection/apps.rb +35 -0
- data/lib/splunk-sdk-ruby/collection/case_insensitive_collection.rb +58 -0
- data/lib/splunk-sdk-ruby/collection/configuration_file.rb +50 -0
- data/lib/splunk-sdk-ruby/collection/configurations.rb +80 -0
- data/lib/splunk-sdk-ruby/collection/jobs.rb +136 -0
- data/lib/splunk-sdk-ruby/collection/messages.rb +51 -0
- data/lib/splunk-sdk-ruby/context.rb +522 -0
- data/lib/splunk-sdk-ruby/entity.rb +260 -0
- data/lib/splunk-sdk-ruby/entity/index.rb +191 -0
- data/lib/splunk-sdk-ruby/entity/job.rb +339 -0
- data/lib/splunk-sdk-ruby/entity/message.rb +36 -0
- data/lib/splunk-sdk-ruby/entity/saved_search.rb +71 -0
- data/lib/splunk-sdk-ruby/entity/stanza.rb +45 -0
- data/lib/splunk-sdk-ruby/entity_not_ready.rb +26 -0
- data/lib/splunk-sdk-ruby/illegal_operation.rb +27 -0
- data/lib/splunk-sdk-ruby/namespace.rb +239 -0
- data/lib/splunk-sdk-ruby/resultsreader.rb +716 -0
- data/lib/splunk-sdk-ruby/service.rb +339 -0
- data/lib/splunk-sdk-ruby/splunk_http_error.rb +49 -0
- data/lib/splunk-sdk-ruby/synonyms.rb +50 -0
- data/lib/splunk-sdk-ruby/version.rb +27 -0
- data/lib/splunk-sdk-ruby/xml_shim.rb +117 -0
- data/splunk-sdk-ruby.gemspec +27 -0
- data/test/atom_test_data.rb +472 -0
- data/test/data/atom/atom_feed_with_message.xml +19 -0
- data/test/data/atom/atom_with_feed.xml +99 -0
- data/test/data/atom/atom_with_several_entries.xml +101 -0
- data/test/data/atom/atom_with_simple_entries.xml +30 -0
- data/test/data/atom/atom_without_feed.xml +248 -0
- data/test/data/export/4.2.5/export_results.xml +88 -0
- data/test/data/export/4.3.5/export_results.xml +87 -0
- data/test/data/export/5.0.1/export_results.xml +78 -0
- data/test/data/export/5.0.1/nonreporting.xml +232 -0
- data/test/data/results/4.2.5/results-empty.xml +0 -0
- data/test/data/results/4.2.5/results-preview.xml +255 -0
- data/test/data/results/4.2.5/results.xml +336 -0
- data/test/data/results/4.3.5/results-empty.xml +0 -0
- data/test/data/results/4.3.5/results-preview.xml +1057 -0
- data/test/data/results/4.3.5/results.xml +626 -0
- data/test/data/results/5.0.2/results-empty.xml +1 -0
- data/test/data/results/5.0.2/results-empty_preview.xml +1 -0
- data/test/data/results/5.0.2/results-preview.xml +448 -0
- data/test/data/results/5.0.2/results.xml +501 -0
- data/test/export_test_data.json +360 -0
- data/test/resultsreader_test_data.json +1119 -0
- data/test/services.server.info.xml +43 -0
- data/test/services.xml +111 -0
- data/test/test_atomfeed.rb +71 -0
- data/test/test_collection.rb +278 -0
- data/test/test_configuration_file.rb +124 -0
- data/test/test_context.rb +119 -0
- data/test/test_entity.rb +95 -0
- data/test/test_helper.rb +250 -0
- data/test/test_http_error.rb +52 -0
- data/test/test_index.rb +91 -0
- data/test/test_jobs.rb +319 -0
- data/test/test_messages.rb +17 -0
- data/test/test_namespace.rb +188 -0
- data/test/test_restarts.rb +49 -0
- data/test/test_resultsreader.rb +106 -0
- data/test/test_roles.rb +41 -0
- data/test/test_saved_searches.rb +119 -0
- data/test/test_service.rb +65 -0
- data/test/test_users.rb +33 -0
- data/test/test_xml_shim.rb +28 -0
- data/test/testfile.txt +1 -0
- metadata +200 -0
data/Rakefile
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'rubygems' unless ENV['NO_RUBYGEMS']
|
2
|
+
require 'rubygems/package_task'
|
3
|
+
require 'rubygems/specification'
|
4
|
+
require 'rake/testtask'
|
5
|
+
require 'date'
|
6
|
+
|
7
|
+
spec = Gem::Specification.new do |s|
|
8
|
+
s.name = "splunk-sdk"
|
9
|
+
s.version = "0.1.0"
|
10
|
+
s.author = "Splunk"
|
11
|
+
s.email = "devinfo@splunk.com"
|
12
|
+
s.homepage = "http://dev.splunk.com"
|
13
|
+
s.summary = "SDK for easily working with Splunk from Ruby."
|
14
|
+
s.description = s.summary
|
15
|
+
s.has_rdoc = true
|
16
|
+
s.extra_rdoc_files = ["README", "LICENSE", "TODO"]
|
17
|
+
s.require_path = "lib"
|
18
|
+
s.files = %w(LICENSE README Rakefile TODO) + Dir.glob('{lib,test}/**/*')
|
19
|
+
end
|
20
|
+
|
21
|
+
task :default => :help
|
22
|
+
|
23
|
+
desc "Print help on using the Rakefile for the Ruby SDK for Splunk."
|
24
|
+
task :help do
|
25
|
+
puts "Rake commands for the Ruby SDK for Splunk:"
|
26
|
+
puts " rake install: Install the SDK in your current Ruby environment."
|
27
|
+
puts " rake test: Run the unit test suite."
|
28
|
+
puts " rake test COVERAGE=true: Run the unit test suite with code coverage."
|
29
|
+
end
|
30
|
+
|
31
|
+
desc "install the gem locally"
|
32
|
+
task :install => [:package] do
|
33
|
+
sh %{sudo gem install pkg/#{GEM}-#{GEM_VERSION}}
|
34
|
+
end
|
35
|
+
|
36
|
+
Rake::TestTask.new do |t|
|
37
|
+
t.libs << "test"
|
38
|
+
t.pattern = "test/test_*.rb"
|
39
|
+
t.verbose = true
|
40
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
#--
|
2
|
+
# Copyright 2011-2012 Splunk, Inc.
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License"): you may
|
5
|
+
# not use this file except in compliance with the License. You may obtain
|
6
|
+
# a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
12
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
13
|
+
# License for the specific language governing permissions and limitations
|
14
|
+
# under the License.
|
15
|
+
#++
|
16
|
+
|
17
|
+
require 'splunk-sdk-ruby'
|
18
|
+
|
19
|
+
# How to get to the Splunk server. Edit this to match your
|
20
|
+
# own Splunk install.
|
21
|
+
config = {
|
22
|
+
:scheme => :https,
|
23
|
+
:host => "localhost",
|
24
|
+
:port => 8089,
|
25
|
+
:username => "admin",
|
26
|
+
:password => "changeme"
|
27
|
+
}
|
28
|
+
|
29
|
+
# Create a Service logged into Splunk, and print the authentication token
|
30
|
+
# that Splunk sent us.
|
31
|
+
service0 = Splunk::connect(config)
|
32
|
+
puts "Logged in service 0. Token: #{service0.token}"
|
33
|
+
|
34
|
+
# connect is a synonym for creating a Service by hand and calling login.
|
35
|
+
service1 = Splunk::Service.new(config)
|
36
|
+
service1.login()
|
37
|
+
puts "Logged in. Token: #{service1.token}"
|
38
|
+
|
39
|
+
# However, we don't always want to call login. If we have already obtained a
|
40
|
+
# valid token, we can use it instead of a username or password. In this case
|
41
|
+
# we must create the Service manually.
|
42
|
+
token_config = {
|
43
|
+
:scheme => config[:scheme],
|
44
|
+
:host => config[:host],
|
45
|
+
:port => config[:port],
|
46
|
+
:token => service1.token
|
47
|
+
}
|
48
|
+
|
49
|
+
service2 = Splunk::Service.new(token_config)
|
50
|
+
puts "Theoretically logged in. Token: #{service2.token}"
|
51
|
+
|
@@ -0,0 +1,103 @@
|
|
1
|
+
#--
|
2
|
+
# Copyright 2011-2012 Splunk, Inc.
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License"): you may
|
5
|
+
# not use this file except in compliance with the License. You may obtain
|
6
|
+
# a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
12
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
13
|
+
# License for the specific language governing permissions and limitations
|
14
|
+
# under the License.
|
15
|
+
#++
|
16
|
+
|
17
|
+
require 'splunk-sdk-ruby'
|
18
|
+
|
19
|
+
# How to get to the Splunk server. Edit this to match your
|
20
|
+
# own Splunk install.
|
21
|
+
config = {
|
22
|
+
:scheme => :https,
|
23
|
+
:host => "localhost",
|
24
|
+
:port => 8089,
|
25
|
+
:username => "admin",
|
26
|
+
:password => "changeme"
|
27
|
+
}
|
28
|
+
|
29
|
+
# First we connect to Splunk. We'll use this service for all the work in this
|
30
|
+
# example.
|
31
|
+
service = Splunk::connect(config)
|
32
|
+
|
33
|
+
# Service provides convenience methods to get to the various collections in
|
34
|
+
# Splunk. For example, we'll list all the apps, all the users, and all the
|
35
|
+
# search jobs.
|
36
|
+
puts "Apps:"
|
37
|
+
service.apps.each do |app|
|
38
|
+
puts " #{app.name}"
|
39
|
+
end
|
40
|
+
|
41
|
+
puts
|
42
|
+
puts "User:"
|
43
|
+
service.users.each do |user|
|
44
|
+
puts " #{user.name}"
|
45
|
+
end
|
46
|
+
|
47
|
+
puts "Jobs:"
|
48
|
+
service.jobs.each do |job|
|
49
|
+
puts " #{job.sid}: #{job["eventSearch"]}"
|
50
|
+
end
|
51
|
+
|
52
|
+
# Collections have most of the methods you would expect from Hash.
|
53
|
+
puts
|
54
|
+
puts "Apps starting with s:"
|
55
|
+
service.apps.select do |app|
|
56
|
+
app.name.start_with?("s")
|
57
|
+
end.each do |app|
|
58
|
+
puts " #{app.name}"
|
59
|
+
end
|
60
|
+
|
61
|
+
# Collections have create and delete methods which do what you would expect.
|
62
|
+
# create methods all take the name of the entity to create as the sole
|
63
|
+
# positional argument, and a hash of other arguments, and returns an object
|
64
|
+
# representing the new entity.
|
65
|
+
new_user = service.users.create("a-new-user",
|
66
|
+
:password => "some password",
|
67
|
+
:email => "harry@nowhere.com",
|
68
|
+
:roles => ["power"])
|
69
|
+
|
70
|
+
puts
|
71
|
+
puts "User in collection: #{service.users.member?("a-new-user")}"
|
72
|
+
matches = service.users["a-new-user"].name == new_user.name
|
73
|
+
puts "User returned by create matches user fetched: #{matches}"
|
74
|
+
|
75
|
+
service.users.delete("a-new-user")
|
76
|
+
puts "User still in collection after delete: #{service.users.member?("a-new-user")}"
|
77
|
+
|
78
|
+
# You can access the fields on entites returned from collections as if
|
79
|
+
# they were keys in a dictionary.
|
80
|
+
new_user = service.users.create("a-new-user",
|
81
|
+
:password => "some password",
|
82
|
+
:email => "harry@nowhere.com",
|
83
|
+
:roles => ["power", "admin"])
|
84
|
+
|
85
|
+
puts
|
86
|
+
puts "Roles on a-new-user: #{new_user["roles"]}"
|
87
|
+
puts "Email of a-new-user: #{new_user["email"]}"
|
88
|
+
|
89
|
+
# To update fields, call the update method (or you can use []= if you only want
|
90
|
+
# to update a single field, but each call to it makes a round trip to the
|
91
|
+
# Splunk server, while update makes one call).
|
92
|
+
new_user["email"] = "petunia@nowhere.com"
|
93
|
+
new_user.update("email" => "edward@nowhere.com", "roles" => ["power"])
|
94
|
+
|
95
|
+
# If you immediately fetch the fields, you'll still see the old values, though.
|
96
|
+
# Entities cache their state, and you must call refresh to get the new state.
|
97
|
+
new_user.refresh()
|
98
|
+
puts
|
99
|
+
puts "New email: #{new_user["email"]}"
|
100
|
+
puts "New roles: #{new_user["roles"]}"
|
101
|
+
|
102
|
+
# And finally, we'll delete this user again.
|
103
|
+
service.users.delete("a-new-user")
|
@@ -0,0 +1,82 @@
|
|
1
|
+
#--
|
2
|
+
# Copyright 2011-2012 Splunk, Inc.
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License"): you may
|
5
|
+
# not use this file except in compliance with the License. You may obtain
|
6
|
+
# a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
12
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
13
|
+
# License for the specific language governing permissions and limitations
|
14
|
+
# under the License.
|
15
|
+
#++
|
16
|
+
|
17
|
+
require 'splunk-sdk-ruby'
|
18
|
+
|
19
|
+
# How to get to the Splunk server. Edit this to match your
|
20
|
+
# own Splunk install.
|
21
|
+
config = {
|
22
|
+
:scheme => :https,
|
23
|
+
:host => "localhost",
|
24
|
+
:port => 8089,
|
25
|
+
:username => "admin",
|
26
|
+
:password => "changeme"
|
27
|
+
}
|
28
|
+
|
29
|
+
# First open a connection to Splunk.
|
30
|
+
service = Splunk::connect(config)
|
31
|
+
|
32
|
+
# The simplest way to get data out of Splunk is with a oneshot search. A oneshot
|
33
|
+
# search creates a synchronous search. The call blocks until the search finishes
|
34
|
+
# and then returns a stream containing the events.
|
35
|
+
stream = service.create_oneshot("search index=_internal | head 1")
|
36
|
+
|
37
|
+
# By default the stream contains XML, which you can parse into proper events
|
38
|
+
# with the Ruby SDK's ResultsReader class. You can call fields on the
|
39
|
+
# ResultsReader to get an Array of Strings giving the names of all the fields
|
40
|
+
# that may appear in any of the events, or call each on it to iterate over
|
41
|
+
# the results.
|
42
|
+
results = Splunk::ResultsReader.new(stream)
|
43
|
+
|
44
|
+
puts "Fields: #{results.fields}"
|
45
|
+
results.each do |result|
|
46
|
+
puts "#{result["_raw"]}"
|
47
|
+
end
|
48
|
+
puts
|
49
|
+
|
50
|
+
# You can also tell create_oneshot to return JSON or CSV by specifying the
|
51
|
+
# :output_mode argument to be "json" or "csv", respectively, but the Ruby SDK
|
52
|
+
# provides no support beyond what is already available in Ruby to parse either
|
53
|
+
# of these formats.
|
54
|
+
stream = service.create_oneshot("search index=_internal | head 1",
|
55
|
+
:output_mode => "json")
|
56
|
+
puts stream
|
57
|
+
puts
|
58
|
+
|
59
|
+
# Hash arguments like :output_mode are how you set various parameters to the
|
60
|
+
# search, as :earliest_time and :latest_time.
|
61
|
+
stream = service.create_oneshot("search index=_internal | head 1",
|
62
|
+
:earliest_time => "-1h",
|
63
|
+
:latest_time => "now")
|
64
|
+
results = Splunk::ResultsReader.new(stream)
|
65
|
+
results.each do |result|
|
66
|
+
puts "#{result["_raw"]}"
|
67
|
+
end
|
68
|
+
|
69
|
+
# If you only need the events Splunk has returned, without any of the
|
70
|
+
# transforming search commands, you can call create_stream instead. It is
|
71
|
+
# identical to create_oneshot, but returns the events produced before any
|
72
|
+
# transforming search commands, and will thus run somewhat faster.
|
73
|
+
stream = service.create_export("search index=_internal | head 1",
|
74
|
+
:earliest_time => "-1h",
|
75
|
+
:latest_time => "now")
|
76
|
+
results = Splunk::ResultsReader.new(stream)
|
77
|
+
results.each do |result|
|
78
|
+
puts "#{result["_raw"]}"
|
79
|
+
end
|
80
|
+
|
81
|
+
|
82
|
+
|
@@ -0,0 +1,79 @@
|
|
1
|
+
#--
|
2
|
+
# Copyright 2011-2012 Splunk, Inc.
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License"): you may
|
5
|
+
# not use this file except in compliance with the License. You may obtain
|
6
|
+
# a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
12
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
13
|
+
# License for the specific language governing permissions and limitations
|
14
|
+
# under the License.
|
15
|
+
#++
|
16
|
+
|
17
|
+
require 'splunk-sdk-ruby'
|
18
|
+
|
19
|
+
# How to get to the Splunk server. Edit this to match your
|
20
|
+
# own Splunk install.
|
21
|
+
config = {
|
22
|
+
:scheme => :https,
|
23
|
+
:host => "localhost",
|
24
|
+
:port => 8089,
|
25
|
+
:username => "admin",
|
26
|
+
:password => "changeme"
|
27
|
+
}
|
28
|
+
|
29
|
+
# First open a connection to Splunk.
|
30
|
+
service = Splunk::connect(config)
|
31
|
+
|
32
|
+
# For longer running jobs, you don't want to wait until the job finishes, as
|
33
|
+
# create_oneshot in 3_blocking_searches.rb does. In this case, use the
|
34
|
+
# create_search method of Service. Instead of returning a stream, it creates
|
35
|
+
# an asynchronous job on the server and returns a Job object referencing it.
|
36
|
+
job = service.create_search("search index=_internal | head 1",
|
37
|
+
:earliest_time => "-1d",
|
38
|
+
:latest_time => "now")
|
39
|
+
|
40
|
+
# Before you can do anything with a Job, you must wait for it to be ready.
|
41
|
+
# Before it is, you cannot do anything with it, even read its state.
|
42
|
+
while !job.is_ready?()
|
43
|
+
sleep(0.1)
|
44
|
+
end
|
45
|
+
|
46
|
+
# More typically you will want to wait until the job is done and its events
|
47
|
+
# ready to retrieve. For that, use the is_done? method instead. Note that a
|
48
|
+
# job is always ready before it's done.
|
49
|
+
while !job.is_done?()
|
50
|
+
sleep(0.1)
|
51
|
+
end
|
52
|
+
|
53
|
+
# If you want the transformed results (equivalent to what create_oneshot would
|
54
|
+
# return), call the results method on the Job. If you want the untransformed
|
55
|
+
# results, call events. You can optionally pass an offset and total count,
|
56
|
+
# which are useful to get hunks of large sets of results.
|
57
|
+
stream = job.results(:count => 1, :offset => 0)
|
58
|
+
# Or: stream = job.events(:count => 3, :offset => 0)
|
59
|
+
results = Splunk::ResultsReader.new(stream)
|
60
|
+
results.each do |result|
|
61
|
+
puts result["_raw"]
|
62
|
+
end
|
63
|
+
|
64
|
+
# If you want to run a real time search, it must be asynchronous, and it is
|
65
|
+
# never done, so neither results or events will work. Instead, you must call
|
66
|
+
# preview (which takes the same arguments as the other two).
|
67
|
+
rt_job = service.create_search("search index=_internal | head 1",
|
68
|
+
:earliest_time => "rt-1h",
|
69
|
+
:latest_time => "rt")
|
70
|
+
|
71
|
+
while !rt_job.is_ready?()
|
72
|
+
sleep(0.1)
|
73
|
+
end
|
74
|
+
|
75
|
+
stream = rt_job.preview()
|
76
|
+
results = Splunk::ResultsReader.new(stream)
|
77
|
+
results.each do |result|
|
78
|
+
puts result["_raw"]
|
79
|
+
end
|
@@ -0,0 +1,79 @@
|
|
1
|
+
#--
|
2
|
+
# Copyright 2011-2012 Splunk, Inc.
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License"): you may
|
5
|
+
# not use this file except in compliance with the License. You may obtain
|
6
|
+
# a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
12
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
13
|
+
# License for the specific language governing permissions and limitations
|
14
|
+
# under the License.
|
15
|
+
#++
|
16
|
+
|
17
|
+
require 'splunk-sdk-ruby'
|
18
|
+
|
19
|
+
# How to get to the Splunk server. Edit this to match your
|
20
|
+
# own Splunk install.
|
21
|
+
config = {
|
22
|
+
:scheme => :https,
|
23
|
+
:host => "localhost",
|
24
|
+
:port => 8089,
|
25
|
+
:username => "admin",
|
26
|
+
:password => "changeme"
|
27
|
+
}
|
28
|
+
|
29
|
+
# First open a connection to Splunk.
|
30
|
+
service = Splunk::connect(config)
|
31
|
+
|
32
|
+
# Data written to Splunk with the Ruby SDK must be written to a particular
|
33
|
+
# index, so we first create an index to write to if it doesn't already
|
34
|
+
# exist.
|
35
|
+
INDEX_NAME = "my_index"
|
36
|
+
|
37
|
+
if !service.indexes.has_key?(INDEX_NAME)
|
38
|
+
example_index = service.indexes.create(INDEX_NAME)
|
39
|
+
else
|
40
|
+
example_index = service.indexes[INDEX_NAME]
|
41
|
+
end
|
42
|
+
|
43
|
+
# We can write single events to the index with the Index#submit method.
|
44
|
+
example_index.submit("This is a test event.")
|
45
|
+
|
46
|
+
# And we'll wait until it has probably been indexed.
|
47
|
+
sleep(1) # Indexing isn't instantaneous.
|
48
|
+
stream = service.create_oneshot("search index=#{INDEX_NAME}")
|
49
|
+
results = Splunk::ResultsReader.new(stream)
|
50
|
+
results.each do |result|
|
51
|
+
puts result["_raw"]
|
52
|
+
end
|
53
|
+
|
54
|
+
# If you need to send more than one event, use the attach method to get an
|
55
|
+
# open socket to the index again. Sending multiple events via attach is
|
56
|
+
# significantly faster than calling submit. However, Splunk only indexes data
|
57
|
+
# from attach when either the socket is closed or it has accumulated 1MB
|
58
|
+
# of input.
|
59
|
+
socket = example_index.attach()
|
60
|
+
begin
|
61
|
+
socket.write("The first event.\r\n")
|
62
|
+
socket.write("The second event.\r\n")
|
63
|
+
ensure
|
64
|
+
socket.close() # You must make sure the socket gets closed.
|
65
|
+
end
|
66
|
+
|
67
|
+
# Again we'll wait until it's probably been indexed.
|
68
|
+
sleep(3) # Indexing isn't instantaneous.
|
69
|
+
stream = service.create_oneshot("search index=#{INDEX_NAME}")
|
70
|
+
results = Splunk::ResultsReader.new(stream)
|
71
|
+
results.each do |result|
|
72
|
+
puts result["_raw"]
|
73
|
+
end
|
74
|
+
|
75
|
+
# Finally, if we're running a version of Splunk where we can delete indexes
|
76
|
+
# (anything since 5.0), we'll delete the index we created.
|
77
|
+
if service.splunk_version[0] >= 5
|
78
|
+
service.indexes.delete(INDEX_NAME)
|
79
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# :title:Splunk SDK for Ruby
|
2
|
+
#--
|
3
|
+
# Copyright 2011-2013 Splunk, Inc.
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License"): you may
|
6
|
+
# not use this file except in compliance with the License. You may obtain
|
7
|
+
# a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
13
|
+
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
14
|
+
# License for the specific language governing permissions and limitations
|
15
|
+
# under the License.
|
16
|
+
#++
|
17
|
+
#
|
18
|
+
# The Splunk SDK for Ruby provides an idiomatic interface to Splunk from
|
19
|
+
# Ruby. To use it, add
|
20
|
+
#
|
21
|
+
# require 'splunk-sdk-ruby'
|
22
|
+
#
|
23
|
+
# to the top of your source file. All the code in the SDK is in the +Splunk+
|
24
|
+
# module. Once you have included the SDK, create a connection to your Splunk
|
25
|
+
# instance with the following (changing host, port, username, and password to
|
26
|
+
# your values):
|
27
|
+
#
|
28
|
+
# service = Splunk::Service.new(:host => "localhost",
|
29
|
+
# :port => 8089,
|
30
|
+
# :username => "admin",
|
31
|
+
# :password => "changeme").login()
|
32
|
+
#
|
33
|
+
|
34
|
+
require_relative 'splunk-sdk-ruby/atomfeed'
|
35
|
+
require_relative 'splunk-sdk-ruby/version'
|
36
|
+
require_relative 'splunk-sdk-ruby/namespace'
|
37
|
+
require_relative 'splunk-sdk-ruby/xml_shim'
|
38
|
+
require_relative 'splunk-sdk-ruby/resultsreader'
|
39
|
+
require_relative 'splunk-sdk-ruby/context'
|
40
|
+
require_relative 'splunk-sdk-ruby/service'
|
41
|
+
require_relative 'splunk-sdk-ruby/ambiguous_entity_reference'
|
42
|
+
require_relative 'splunk-sdk-ruby/entity_not_ready'
|
43
|
+
require_relative 'splunk-sdk-ruby/illegal_operation'
|
44
|
+
require_relative 'splunk-sdk-ruby/splunk_http_error'
|
45
|
+
|
46
|
+
module Splunk
|
47
|
+
end
|