splunker 0.0.1 → 0.0.2

data/README.md

@@ -101,3 +101,7 @@ The API client raises an exception when a non-2XX [response codes](http://docs.s
 * Token Auth
 * Resource creation handling, blocking & polling options, with a timeout.
 * Build console into gem (bin/)
+* Search all models in addition to getting by ID
+* Support search paramters (or, validate support)
+* Strat for acknowledge, dispatch, history, etc.
+* XML parsing -- detect nodes with children, detect types?

data/VERSION

@@ -1 +1 @@
-0.0.1
+0.0.2

data/lib/splunker.rb

@@ -2,6 +2,7 @@ require 'logger'
 require "splunker/version"
 require "splunker/client"
 require "splunker/errors"
+require "splunker/models"
 
 # The parent Splunker module can directly invoke any method invokable by the 
 # client returned in Splunker.client, so long as Splunker.client has been

data/lib/splunker/faraday_middleware.rb

@@ -6,7 +6,7 @@ module Splunker
     end
 
     def on_complete(env)
-      env[:body] = Nokogiri::Slop(env[:body])
+      env[:body] = Nokogiri::XML(env[:body])
       Splunker.logger.debug("Response Body: #{env[:body]}")
       Splunker::Errors.raise_error_for_status!(env[:status], env[:body])
       Splunker.logger.debug "Request successful!"

data/lib/splunker/models.rb

@@ -0,0 +1,4 @@
+require 'splunker/models/resource'
+Dir[File.dirname(__FILE__) + '/models/*/*.rb'].each do |file| 
+  require file 
+end

data/lib/splunker/models/finders.rb

@@ -1,7 +1,8 @@
-module Models
+module Splunker::Models
   module Finders
     module ClassMethods
       def where(options={})
+        raise NotImplemented, "Not yet implemented!"
         find(:all, options)
       end
 
@@ -19,12 +20,13 @@ module Models
       end
 
       def find_all(options)
+        raise NotImplemented, "Not yet implemented!"
         self.client.get @service_path, options
       end
 
-      def find_by_id(object_id, options)
-        object_path = assemble_path("#{@service_path}/#{escape_object_id(id)}")
-        self.client.get object_path
+      def find_by_id(object_id, options={})
+        object_path = "#{@service_path}/#{escape_object_id(object_id)}"
+        self.new(self.client.get(object_path))
       end
     end
 

data/lib/splunker/models/resource.rb

@@ -1,9 +1,13 @@
 module Splunker
   module Models
     require 'cgi'
+    require 'splunker/models/finders'
+    require 'splunker/models/xml_processor'
 
     class Resource 
 
+      attr_accessor :attributes
+
       include Finders
 
       def self.service_path(path)
@@ -14,12 +18,57 @@ module Splunker
         Splunker.client
       end
 
+      def initialize(xml_doc)
+        self.attributes = XmlProcessor.hashify(xml_doc)
+      end
+
+      def method_missing(method_symbol, *arguments)
+        method_name = method_symbol.to_s
+        if method_name =~ /(=|\?)$/
+          case $1
+          when "=" 
+            write_attribute($`, arguments.first)
+          when "?" 
+            if attributes.include?($`)
+              attributes[$`] ? true : false
+            else
+              raise NoMethodError
+            end
+          end 
+        elsif attributes.include?(method_name)
+          return attributes[method_name]
+        else
+          super
+        end
+      end
+      
+      def respond_to?(method_symbol, include_private=false)
+        if super
+          return true
+        else
+          method_name = method_symbol.to_s
+
+          if method_name =~ /=$/
+            true
+          elsif method_name =~ /(\?)$/
+            attributes.include?($`)
+          else
+            attributes.include?(method_name)
+          end
+
+        end
+      end
+
       protected
 
       # Escapes a object ID for use in a URI
       def self.escape_object_id(id_str)
         CGI.escape(id_str)
       end
+
+      def write_attribute(attribute,  value)
+        attributes[attribute] = value
+      end
     end
   end
 end

data/lib/splunker/models/search/job.rb

@@ -0,0 +1,8 @@
+module Splunker::Models
+  module Search 
+    class Job < Splunker::Models::Resource
+      # http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTsearch#search.2Fjobs.2F.7Bsearch_id.7D
+      service_path "jobs"
+    end
+  end
+end

data/lib/splunker/models/search/saved.rb

@@ -1,17 +1,16 @@
-module Splunker
-  module Models
-    class Search::Saved < Resource
-      # http://docs.splunk.com/Documentation/Splunk/4.3.3/RESTAPI/RESTsearch#search.2Fjobs
+module Splunker::Models
+  module Search 
+    class Saved < Splunker::Models::Resource
+      # http://docs.splunk.com/Documentation/Splunk/4.3.4/RESTAPI/RESTsearch#saved.2Fsearches.2F.7Bname.7D
       service_path "saved/searches"
-      # service_path
-      # service_path/id
 
-      # Dispatch these?
+=begin Can these actions be standardized?
       def acknowledge; end
       def dispatch; end
       def history; end
       def scheduled_times; end
       def suppress; end
+=end
     end
   end
 end

data/lib/splunker/models/xml_processor.rb

@@ -0,0 +1,77 @@
+module Splunker
+  module Models
+    module XmlProcessor
+      # TODO: Process dates as dates.
+      # How to handle, in hash, things like action.email = 0 when
+      #   action.email also needs to == hash...
+      # Process links and other non hash nodes as NOT text.
+      def hashify(xml_doc)
+        hash = {}
+        top_node(xml_doc).children.each do |t_node|
+          hash = self.send("process_#{t_node.name}".to_sym, hash, t_node)
+        end
+        hash
+      end
+
+      ###
+      # Defined custom processors here.  Hopefully, there ain't many!
+      ###
+      def process_content(hash, node)
+        # So far, looks like content == dict.
+        node.xpath("./s:dict/s:key").each do |key|
+          hash = place_in_nested_hash(key.attribute("name").value, 
+                   key.text, hash)
+        end
+        hash
+      end
+
+      def process_text(hash, node)
+        hash
+      end
+
+      def place_in_nested_hash(name, text, hash)
+        nested_hash(name.split("."), text, hash)
+        hash
+      end
+
+      def nested_hash(name_array, text, hash)
+        e = name_array.shift
+        return text if e.nil?
+        #hash[e] ||= {} TODO!
+        hash[e] = {} unless hash[e].is_a?(Hash)
+        hash[e] = nested_hash(name_array, text, hash[e])
+        hash
+      end
+
+      def top_node(xml_doc)
+        # Handle the various types of XML structure
+        ["/xmlns:feed/xmlns:entry",
+         "/xmlns:entry"].each do |path|
+          begin
+            if xml_doc.xpath("#{path}/*").size > 0
+              return xml_doc.xpath(path)
+            end
+          rescue Nokogiri::XML::XPath::SyntaxError => e
+            # Ignore...
+          end
+        end
+
+        xml_doc
+      end
+
+      def method_missing(method, *args, &block)
+        if self.respond_to?(method)
+          self.send(method, *args, &block)
+        else
+          hash = args.first
+          node = args[1]
+          # TODO: Only text nodes
+          hash[node.name] = node.text
+          hash
+        end
+      end
+
+      extend self
+    end
+  end
+end

data/spec/fixtures/job_mysearch.xml

@@ -0,0 +1,211 @@
+<entry
+       xmlns="http://www.w3.org/2005/Atom"
+       xmlns:s="http://dev.splunk.com/ns/rest"
+       xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
+  <title>search index</title>
+  <id>https://localhost:8089/services/search/jobs/mysearch</id>
+  <updated>2011-07-07T20:49:58.000-07:00</updated>
+  <link href="/services/search/jobs/mysearch" rel="alternate"/>
+  <published>2011-07-07T20:49:57.000-07:00</published>
+  <link href="/services/search/jobs/mysearch/search.log" rel="search.log"/>
+  <link href="/services/search/jobs/mysearch/events" rel="events"/>
+  <link href="/services/search/jobs/mysearch/results" rel="results"/>
+  <link href="/services/search/jobs/mysearch/results_preview" rel="results_preview"/>
+  <link href="/services/search/jobs/mysearch/timeline" rel="timeline"/>
+  <link href="/services/search/jobs/mysearch/summary" rel="summary"/>
+  <link href="/services/search/jobs/mysearch/control" rel="control"/>
+  <author>
+    <name>admin</name>
+  </author>
+  <content type="text/xml">
+    <s:dict>
+      <s:key name="cursorTime">1969-12-31T16:00:00.000-08:00</s:key>
+      <s:key name="delegate"></s:key>
+      <s:key name="diskUsage">2174976</s:key>
+      <s:key name="dispatchState">DONE</s:key>
+      <s:key name="doneProgress">1.00000</s:key>
+      <s:key name="dropCount">0</s:key>
+      <s:key name="earliestTime">2011-07-07T11:18:08.000-07:00</s:key>
+      <s:key name="eventAvailableCount">287</s:key>
+      <s:key name="eventCount">287</s:key>
+      <s:key name="eventFieldCount">6</s:key>
+      <s:key name="eventIsStreaming">1</s:key>
+      <s:key name="eventIsTruncated">0</s:key>
+      <s:key name="eventSearch">search index</s:key>
+      <s:key name="eventSorting">desc</s:key>
+      <s:key name="isDone">1</s:key>
+      <s:key name="isFailed">0</s:key>
+      <s:key name="isFinalized">0</s:key>
+      <s:key name="isPaused">0</s:key>
+      <s:key name="isPreviewEnabled">0</s:key>
+      <s:key name="isRealTimeSearch">0</s:key>
+      <s:key name="isRemoteTimeline">0</s:key>
+      <s:key name="isSaved">0</s:key>
+      <s:key name="isSavedSearch">0</s:key>
+      <s:key name="isZombie">0</s:key>
+      <s:key name="keywords">index</s:key>
+      <s:key name="label"></s:key>
+      <s:key name="latestTime">1969-12-31T16:00:00.000-08:00</s:key>
+      <s:key name="numPreviews">0</s:key>
+      <s:key name="priority">5</s:key>
+      <s:key name="remoteSearch">litsearch index | fields  keepcolorder=t "host" "index" "linecount" "source" "sourcetype" "splunk_server"</s:key>
+      <s:key name="reportSearch"></s:key>
+      <s:key name="resultCount">287</s:key>
+      <s:key name="resultIsStreaming">1</s:key>
+      <s:key name="resultPreviewCount">287</s:key>
+      <s:key name="runDuration">1.004000</s:key>
+      <s:key name="scanCount">287</s:key>
+      <s:key name="sid">mysearch</s:key>
+      <s:key name="statusBuckets">0</s:key>
+      <s:key name="ttl">516</s:key>
+      <s:key name="performance">
+        <s:dict>
+          <s:key name="command.fields">
+            <s:dict>
+              <s:key name="duration_secs">0.004</s:key>
+              <s:key name="invocations">4</s:key>
+              <s:key name="input_count">287</s:key>
+              <s:key name="output_count">287</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="command.search">
+            <s:dict>
+              <s:key name="duration_secs">0.089</s:key>
+              <s:key name="invocations">4</s:key>
+              <s:key name="input_count">0</s:key>
+              <s:key name="output_count">287</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="command.search.fieldalias">
+            <s:dict>
+              <s:key name="duration_secs">0.002</s:key>
+              <s:key name="invocations">2</s:key>
+              <s:key name="input_count">287</s:key>
+              <s:key name="output_count">287</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="command.search.index">
+            <s:dict>
+              <s:key name="duration_secs">0.005</s:key>
+              <s:key name="invocations">4</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="command.search.kv">
+            <s:dict>
+              <s:key name="duration_secs">0.002</s:key>
+              <s:key name="invocations">2</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="command.search.lookups">
+            <s:dict>
+              <s:key name="duration_secs">0.002</s:key>
+              <s:key name="invocations">2</s:key>
+              <s:key name="input_count">287</s:key>
+              <s:key name="output_count">287</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="command.search.rawdata">
+            <s:dict>
+              <s:key name="duration_secs">0.083</s:key>
+              <s:key name="invocations">2</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="command.search.tags">
+            <s:dict>
+              <s:key name="duration_secs">0.004</s:key>
+              <s:key name="invocations">4</s:key>
+              <s:key name="input_count">287</s:key>
+              <s:key name="output_count">287</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="command.search.typer">
+            <s:dict>
+              <s:key name="duration_secs">0.004</s:key>
+              <s:key name="invocations">4</s:key>
+              <s:key name="input_count">287</s:key>
+              <s:key name="output_count">287</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="dispatch.createProviderQueue">
+            <s:dict>
+              <s:key name="duration_secs">0.059</s:key>
+              <s:key name="invocations">1</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="dispatch.evaluate">
+            <s:dict>
+              <s:key name="duration_secs">0.037</s:key>
+              <s:key name="invocations">1</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="dispatch.evaluate.search">
+            <s:dict>
+              <s:key name="duration_secs">0.036</s:key>
+              <s:key name="invocations">1</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="dispatch.fetch">
+            <s:dict>
+              <s:key name="duration_secs">0.092</s:key>
+              <s:key name="invocations">5</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="dispatch.readEventsInResults">
+            <s:dict>
+              <s:key name="duration_secs">0.110</s:key>
+              <s:key name="invocations">1</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="dispatch.stream.local">
+            <s:dict>
+              <s:key name="duration_secs">0.089</s:key>
+              <s:key name="invocations">4</s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="dispatch.timeline">
+            <s:dict>
+              <s:key name="duration_secs">0.359</s:key>
+              <s:key name="invocations">5</s:key>
+            </s:dict>
+          </s:key>
+        </s:dict>
+      </s:key>
+      <s:key name="messages">
+        <s:dict/>
+      </s:key>
+      <s:key name="request">
+        <s:dict>
+          <s:key name="id">mysearch</s:key>
+          <s:key name="search">search index</s:key>
+        </s:dict>
+      </s:key>
+      <s:key name="eai:acl">
+        <s:dict>
+          <s:key name="perms">
+            <s:dict>
+              <s:key name="read">
+                <s:list>
+                  <s:item>admin</s:item>
+                </s:list>
+              </s:key>
+              <s:key name="write">
+                <s:list>
+                  <s:item>admin</s:item>
+                </s:list>
+              </s:key>
+            </s:dict>
+          </s:key>
+          <s:key name="owner">admin</s:key>
+          <s:key name="modifiable">true</s:key>
+          <s:key name="sharing">global</s:key>
+          <s:key name="app">search</s:key>
+          <s:key name="can_write">true</s:key>
+        </s:dict>
+      </s:key>
+      <s:key name="searchProviders">
+        <s:list>
+          <s:item>vgenovese-mbp15.splunk.com</s:item>
+        </s:list>
+      </s:key>
+    </s:dict>
+  </content>

data/spec/fixtures/saved_search.xml

@@ -0,0 +1,267 @@
+<feed xmlns="http://www.w3.org/2005/Atom"
+      xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/"
+      xmlns:s="http://dev.splunk.com/ns/rest">
+  <title>savedsearch</title>
+  <id>https://localhost:8089/servicesNS/admin/search/saved/searches</id>
+  <updated>2011-07-13T11:57:54-07:00</updated>
+  <generator version="102824"/>
+  <author>
+    <name>Splunk</name>
+  </author>
+  <link href="/servicesNS/admin/search/saved/searches/_new" rel="create"/>
+  <link href="/servicesNS/admin/search/saved/searches/_reload" rel="_reload"/>
+  <!-- opensearch nodes elided for brevity. -->
+  <s:messages/>
+  <entry>
+    <title>MySavedSearch</title>
+    <id>https://localhost:8089/servicesNS/admin/search/saved/searches/MySavedSearch</id>
+    <updated>2011-07-13T11:57:54-07:00</updated>
+    <link href="/servicesNS/admin/search/saved/searches/MySavedSearch" rel="alternate"/>
+    <author>
+      <name>admin</name>
+    </author>
+    <link href="/servicesNS/admin/search/saved/searches/MySavedSearch" rel="list"/>
+    <link href="/servicesNS/admin/search/saved/searches/MySavedSearch/_reload" rel="_reload"/>
+    <link href="/servicesNS/admin/search/saved/searches/MySavedSearch" rel="edit"/>
+    <link href="/servicesNS/admin/search/saved/searches/MySavedSearch" rel="remove"/>
+    <link href="/servicesNS/admin/search/saved/searches/MySavedSearch/move" rel="move"/>
+    <link href="/servicesNS/admin/search/saved/searches/MySavedSearch/disable" rel="disable"/>
+    <link href="/servicesNS/admin/search/saved/searches/MySavedSearch/dispatch" rel="dispatch"/>
+    <link href="/servicesNS/admin/search/saved/searches/MySavedSearch/history" rel="history"/>
+    <content type="text/xml">
+      <s:dict>
+        <s:key name="action.email">0</s:key>
+        <s:key name="action.email.auth_password"/>
+        <s:key name="action.email.auth_username"/>
+        <s:key name="action.email.bcc"/>
+        <s:key name="action.email.cc"/>
+        <s:key name="action.email.command">
+      <![CDATA[$action.email.preprocess_results{default=""}$
+     | sendemail "server=$action.email.mailserver{default=localhost}$" "use_ssl=$action.email.use_ssl{default=false}$"
+      "use_tls=$action.email.use_tls{default=false}$" "to=$action.email.to$" "cc=$action.email.cc$"
+      "bcc=$action.email.bcc$" "from=$action.email.from{default=splunk@localhost}$" "subject=$action.email.subject{recurse=yes}$"
+      "format=$action.email.format{default=csv}$" "sssummary=Saved Search [$name$]: $counttype$($results.count$)"
+      "sslink=$results.url$" "ssquery=$search$" "ssname=$name$" "inline=$action.email.inline{default=False}$"
+      "sendresults=$action.email.sendresults{default=False}$" "sendpdf=$action.email.sendpdf{default=False}$"
+      "pdfview=$action.email.pdfview$" "searchid=$search_id$" "graceful=$graceful{default=True}$"
+      maxinputs="$action.email.maxresults{default=10000}$" maxtime="$action.email.maxtime{default=5m}$"]]>
+        </s:key>
+        <s:key name="action.email.format">html</s:key>
+        <s:key name="action.email.from">splunk</s:key>
+        <s:key name="action.email.hostname"/>
+        <s:key name="action.email.inline">0</s:key>
+        <s:key name="action.email.mailserver">localhost</s:key>
+        <s:key name="action.email.maxresults">10000</s:key>
+        <s:key name="action.email.maxtime">5m</s:key>
+        <s:key name="action.email.preprocess_results"/>
+        <s:key name="action.email.reportPaperOrientation">portrait</s:key>
+        <s:key name="action.email.reportPaperSize">letter</s:key>
+        <s:key name="action.email.reportServerEnabled">0</s:key>
+        <s:key name="action.email.reportServerURL"/>
+        <s:key name="action.email.sendpdf">0</s:key>
+        <s:key name="action.email.sendresults">0</s:key>
+        <s:key name="action.email.subject">Splunk Alert: $name$</s:key>
+        <s:key name="action.email.to"/>
+        <s:key name="action.email.track_alert">1</s:key>
+        <s:key name="action.email.ttl">86400</s:key>
+        <s:key name="action.email.use_ssl">0</s:key>
+        <s:key name="action.email.use_tls">0</s:key>
+        <s:key name="action.populate_lookup">0</s:key>
+        <s:key name="action.populate_lookup.command">
+          copyresults dest="$action.populate_lookup.dest$"  sid="$search_id$"
+        </s:key>
+        <s:key name="action.populate_lookup.hostname"/>
+        <s:key name="action.populate_lookup.maxresults">10000</s:key>
+        <s:key name="action.populate_lookup.maxtime">5m</s:key>
+        <s:key name="action.populate_lookup.track_alert">0</s:key>
+        <s:key name="action.populate_lookup.ttl">120</s:key>
+        <s:key name="action.rss">0</s:key>
+        <s:key name="action.rss.command">
+          createrss "path=$name$.xml" "name=$name$" "link=$results.url$"
+          "descr=Alert trigger: $name$, results.count=$results.count$ " "count=30"
+          "graceful=$graceful{default=1}$" maxtime="$action.rss.maxtime{default=1m}$"
+        </s:key>
+        <s:key name="action.rss.hostname"/>
+        <s:key name="action.rss.maxresults">10000</s:key>
+        <s:key name="action.rss.maxtime">1m</s:key>
+        <s:key name="action.rss.track_alert">0</s:key>
+        <s:key name="action.rss.ttl">86400</s:key>
+        <s:key name="action.script">0</s:key>
+        <s:key name="action.script.command">runshellscript "$action.script.filename$"
+          "$results.count$" "$search$" "$search$" "$name$"
+          "Saved Search [$name$] $counttype$($results.count$)" "$results.url$"
+          "$deprecated_arg$" "$search_id$"
+          maxtime="$action.script.maxtime{default=5m}$"
+        </s:key>
+        <s:key name="action.script.hostname"/>
+        <s:key name="action.script.maxresults">10000</s:key>
+        <s:key name="action.script.maxtime">5m</s:key>
+        <s:key name="action.script.track_alert">1</s:key>
+        <s:key name="action.script.ttl">600</s:key>
+        <s:key name="action.summary_index">0</s:key>
+        <s:key name="action.summary_index._name">summary</s:key>
+        <s:key name="action.summary_index.command">
+          <![CDATA[summaryindex spool=t uselb=t addtime=t index="$action.summary_index._name{required=yes}$"
+          file="$name$_$#random$.stash_new" name="$name$"
+          marker="$action.summary_index*{format=$KEY=\\\"$VAL\\\",
+            key_regex="action.summary_index.(?!(?:command|inline|maxresults|maxtime|ttl|track_alert|(?:_.*))$)(.*)"}$"]]>
+        </s:key>
+        <s:key name="action.summary_index.hostname"/>
+        <s:key name="action.summary_index.inline">1</s:key>
+        <s:key name="action.summary_index.maxresults">10000</s:key>
+        <s:key name="action.summary_index.maxtime">5m</s:key>
+        <s:key name="action.summary_index.track_alert">0</s:key>
+        <s:key name="action.summary_index.ttl">120</s:key>
+        <s:key name="alert.digest_mode">1</s:key>
+        <s:key name="alert.expires">24h</s:key>
+        <s:key name="alert.severity">3</s:key>
+        <s:key name="alert.suppress"/>
+        <s:key name="alert.suppress.period"/>
+        <s:key name="alert.track">auto</s:key>
+        <s:key name="alert_comparator"/>
+        <s:key name="alert_condition"/>
+        <s:key name="alert_threshold"/>
+        <s:key name="alert_type">always</s:key>
+        <s:key name="cron_schedule"/>
+        <s:key name="description"/>
+        <s:key name="disabled">0</s:key>
+        <s:key name="dispatch.buckets">0</s:key>
+        <s:key name="dispatch.earliest_time"/>
+        <s:key name="dispatch.latest_time"/>
+        <s:key name="dispatch.lookups">1</s:key>
+        <s:key name="dispatch.max_count">500000</s:key>
+        <s:key name="dispatch.max_time">0</s:key>
+        <s:key name="dispatch.reduce_freq">10</s:key>
+        <s:key name="dispatch.spawn_process">1</s:key>
+        <s:key name="dispatch.time_format">%FT%T.%Q%:z</s:key>
+        <s:key name="dispatch.ttl">2p</s:key>
+        <s:key name="displayview"/>
+        <!-- eai:acl nodes elided for brevity. -->
+        <s:key name="eai:attributes">
+          <s:dict>
+            <s:key name="optionalFields">
+              <s:list>
+                <s:item>action.email</s:item>
+                <s:item>action.email.auth_password</s:item>
+                <s:item>action.email.auth_username</s:item>
+                <s:item>action.email.bcc</s:item>
+                <s:item>action.email.cc</s:item>
+                <s:item>action.email.command</s:item>
+                <s:item>action.email.format</s:item>
+                <s:item>action.email.from</s:item>
+                <s:item>action.email.hostname</s:item>
+                <s:item>action.email.inline</s:item>
+                <s:item>action.email.mailserver</s:item>
+                <s:item>action.email.maxresults</s:item>
+                <s:item>action.email.maxtime</s:item>
+                <s:item>action.email.preprocess_results</s:item>
+                <s:item>action.email.reportPaperOrientation</s:item>
+                <s:item>action.email.reportPaperSize</s:item>
+                <s:item>action.email.reportServerEnabled</s:item>
+                <s:item>action.email.reportServerURL</s:item>
+                <s:item>action.email.sendpdf</s:item>
+                <s:item>action.email.sendresults</s:item>
+                <s:item>action.email.subject</s:item>
+                <s:item>action.email.to</s:item>
+                <s:item>action.email.track_alert</s:item>
+                <s:item>action.email.ttl</s:item>
+                <s:item>action.email.use_ssl</s:item>
+                <s:item>action.email.use_tls</s:item>
+                <s:item>action.populate_lookup</s:item>
+                <s:item>action.populate_lookup.command</s:item>
+                <s:item>action.populate_lookup.hostname</s:item>
+                <s:item>action.populate_lookup.maxresults</s:item>
+                <s:item>action.populate_lookup.maxtime</s:item>
+                <s:item>action.populate_lookup.track_alert</s:item>
+                <s:item>action.populate_lookup.ttl</s:item>
+                <s:item>action.rss</s:item>
+                <s:item>action.rss.command</s:item>
+                <s:item>action.rss.hostname</s:item>
+                <s:item>action.rss.maxresults</s:item>
+                <s:item>action.rss.maxtime</s:item>
+                <s:item>action.rss.track_alert</s:item>
+                <s:item>action.rss.ttl</s:item>
+                <s:item>action.script</s:item>
+                <s:item>action.script.command</s:item>
+                <s:item>action.script.hostname</s:item>
+                <s:item>action.script.maxresults</s:item>
+                <s:item>action.script.maxtime</s:item>
+                <s:item>action.script.track_alert</s:item>
+                <s:item>action.script.ttl</s:item>
+                <s:item>action.summary_index</s:item>
+                <s:item>action.summary_index._name</s:item>
+                <s:item>action.summary_index.command</s:item>
+                <s:item>action.summary_index.hostname</s:item>
+                <s:item>action.summary_index.inline</s:item>
+                <s:item>action.summary_index.maxresults</s:item>
+                <s:item>action.summary_index.maxtime</s:item>
+                <s:item>action.summary_index.track_alert</s:item>
+                <s:item>action.summary_index.ttl</s:item>
+                <s:item>actions</s:item>
+                <s:item>alert.digest_mode</s:item>
+                <s:item>alert.expires</s:item>
+                <s:item>alert.severity</s:item>
+                <s:item>alert.suppress</s:item>
+                <s:item>alert.suppress.period</s:item>
+                <s:item>alert.track</s:item>
+                <s:item>alert_comparator</s:item>
+                <s:item>alert_condition</s:item>
+                <s:item>alert_threshold</s:item>
+                <s:item>alert_type</s:item>
+                <s:item>cron_schedule</s:item>
+                <s:item>description</s:item>
+                <s:item>disabled</s:item>
+                <s:item>dispatch.buckets</s:item>
+                <s:item>dispatch.earliest_time</s:item>
+                <s:item>dispatch.latest_time</s:item>
+                <s:item>dispatch.lookups</s:item>
+                <s:item>dispatch.max_count</s:item>
+                <s:item>dispatch.max_time</s:item>
+                <s:item>dispatch.reduce_freq</s:item>
+                <s:item>dispatch.spawn_process</s:item>
+                <s:item>dispatch.time_format</s:item>
+                <s:item>dispatch.ttl</s:item>
+                <s:item>displayview</s:item>
+                <s:item>is_scheduled</s:item>
+                <s:item>is_visible</s:item>
+                <s:item>max_concurrent</s:item>
+                <s:item>next_scheduled_time</s:item>
+                <s:item>qualifiedSearch</s:item>
+                <s:item>realtime_schedule</s:item>
+                <s:item>request.ui_dispatch_app</s:item>
+                <s:item>request.ui_dispatch_view</s:item>
+                <s:item>restart_on_searchpeer_add</s:item>
+                <s:item>run_on_startup</s:item>
+                <s:item>vsid</s:item>
+              </s:list>
+            </s:key>
+            <s:key name="requiredFields">
+              <s:list>
+                <s:item>search</s:item>
+              </s:list>
+            </s:key>
+            <s:key name="wildcardFields">
+              <s:list>
+                <s:item>action\..*</s:item>
+                <s:item>args\..*</s:item>
+                <s:item>dispatch\..*</s:item>
+              </s:list>
+            </s:key>
+          </s:dict>
+        </s:key>
+        <s:key name="is_scheduled">0</s:key>
+        <s:key name="is_visible">1</s:key>
+        <s:key name="max_concurrent">1</s:key>
+        <s:key name="next_scheduled_time"/>
+        <s:key name="qualifiedSearch">search  index</s:key>
+        <s:key name="realtime_schedule">1</s:key>
+        <s:key name="request.ui_dispatch_app"/>
+        <s:key name="request.ui_dispatch_view"/>
+        <s:key name="restart_on_searchpeer_add">1</s:key>
+        <s:key name="run_on_startup">0</s:key>
+        <s:key name="search">index</s:key>
+        <s:key name="vsid"/>
+      </s:dict>
+    </content>
+  </entry>
+</feed>

data/spec/spec_helper.rb

@@ -11,7 +11,7 @@ RSpec.configure do |config|
 end
 
 def fixture(file)
-  File.new( File.expand_path('../fixtures', __FILE__) + "/" + file)
+  File.new( File.expand_path('../fixtures', __FILE__) + "/" + file).read
 end
 
 def basic_auth_resource_builder(client, resource)

data/spec/unit/models/finders_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe Splunker::Models::Finders do
+  let(:resource) do
+    Splunker::Models::Search::Saved
+  end
+
+  let(:search_fixture) do
+    Nokogiri::XML(fixture("saved_search.xml"))
+  end
+
+  before(:each) do
+    object_path = "saved/searches/MyFinderTestSavedSearch"
+    resource.client.stub(:get).with(object_path).and_return(search_fixture)
+  end
+
+  it "should find_by_id" do
+    a = resource.find_by_id("MyFinderTestSavedSearch")
+    a.should be_a(Splunker::Models::Search::Saved)
+    a.title.should eq("MySavedSearch")
+  end
+
+  it "should find by id by default" do
+    a = resource.find("MyFinderTestSavedSearch")
+    a.should be_a(Splunker::Models::Search::Saved)
+    a.title.should eq("MySavedSearch")
+  end
+end
+

data/spec/unit/models/resource_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+
+describe Splunker::Models::Resource do
+
+  let(:model) do
+    xml = Nokogiri::XML(fixture("saved_search.xml"))
+    Splunker::Models::Resource.new(xml)
+  end
+
+  it "should reference a client" do
+    model.class.client.should be_a(Splunker::Client)
+  end
+
+  it "should act on attribute methods" do
+    model.title.should eq("MySavedSearch")
+  end
+
+  it "should write to attributes through assignment methods" do
+    model.title = "josh's search"
+    model.title.should eq("josh's search")
+  end
+
+  it "should respond to attribute methods" do
+    model.respond_to?(:updated).should be_true
+  end
+
+  it "should not respond to missing methods" do
+    model.respond_to?(:fake_method).should be_false
+  end
+
+  it "should raise a NoMethodError when accessing missing methods" do
+    expect {
+      model.fake_method
+    }.to raise_exception NoMethodError
+  end
+
+end

data/spec/unit/models/search/job_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+describe Splunker::Models::Search::Job do
+  let(:resource) do
+    Splunker::Models::Search::Job
+  end
+
+  let(:job_fixture) do
+    Nokogiri::XML(fixture("job_mysearch.xml"))
+  end
+
+  # Covered in finders_spec, but I'm feeling redundant this morning. 
+  context "searching" do
+    before(:each) do
+      object_path = "jobs/MyFinderTestJob"
+      resource.client.stub(:get).with(object_path).and_return(job_fixture)
+    end
+
+    it "should find by id by default" do
+      a = resource.find("MyFinderTestJob")
+      a.should be_a(Splunker::Models::Search::Job)
+      a.title.should eq("search index")
+    end
+  end
+end

data/spec/unit/models/search/saved_spec.rb

@@ -0,0 +1,4 @@
+require 'spec_helper'
+
+describe Splunker::Models::Search::Saved do
+end

data/spec/unit/models/xml_processor_spec.rb

@@ -0,0 +1,83 @@
+require 'spec_helper'
+
+describe Splunker::Models::XmlProcessor do
+
+  let(:processor) do
+    Splunker::Models::XmlProcessor
+  end
+
+  let(:xml) do
+    Nokogiri::Slop(fixture("saved_search.xml"))
+  end
+
+  context "hashify xml" do
+    let(:hash) do
+      processor.hashify(xml)
+    end
+
+    it "should find top level attributes" do
+      hash["id"].should eq("https://localhost:8089/servicesNS/admin/search/saved/searches/MySavedSearch")
+      hash["title"].should eq("MySavedSearch")
+    end
+
+    it "should process the inner dict of content" do
+      hash["action"]["email"]["mailserver"].should eq("localhost")
+    end
+  end
+
+  context "top node detection" do
+    it "should return the feed node if available" do
+      node = processor.top_node(xml)
+      # TODO: I'm aware this is dumb.
+      node.children.each do |n|
+        if n.name == "title"  
+          n.text.should eq("MySavedSearch")
+          break
+        end
+      end
+    end
+
+    it "should return the entry node if no feed is found" do
+      entry = Nokogiri::XML(xml.xpath("//xmlns:author").to_xml)
+      node = processor.top_node(entry)
+      node.text.strip.should eq("Splunk")
+    end
+  end
+
+  context "dictionary builders" do
+    it "should build a nested hash from a string in dot notation" do
+      h = {
+        "action" => {
+          "email" => {
+            "format" => "html"
+          }
+        }
+      }
+
+      h = processor.place_in_nested_hash("action.fun.times", "yes", h)
+      h = processor.place_in_nested_hash("joshua", "murray", h)
+      h["action"]["email"]["format"].should eq("html")
+      h["action"]["fun"]["times"].should eq("yes")
+      h["joshua"].should eq("murray")
+    end
+
+    it "should have the power of recursion with nested_hash" do
+      h = {
+        "action" => {
+          "email" => {
+            "format" => "html"
+          }
+        }
+      }
+
+      processor.nested_hash(["action","email","maxtime"], "5m", h)
+      processor.nested_hash(["action","populate_lookup","maxresults"], 10000, h)
+      processor.nested_hash(["dispatch", "buckets"], 0, h)
+
+      h["action"]["email"]["format"].should eq("html")
+      h["action"]["email"]["maxtime"].should eq("5m")
+      h["action"]["populate_lookup"]["maxresults"].should eq(10000)
+      h["dispatch"]["buckets"].should eq(0)
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: splunker
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-09-20 00:00:00.000000000 Z
+date: 2012-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -132,14 +132,17 @@ files:
 - lib/splunker/connection.rb
 - lib/splunker/errors.rb
 - lib/splunker/faraday_middleware.rb
+- lib/splunker/models.rb
 - lib/splunker/models/finders.rb
 - lib/splunker/models/resource.rb
-- lib/splunker/models/search/jobs.rb
-- lib/splunker/models/search/results.rb
+- lib/splunker/models/search/job.rb
 - lib/splunker/models/search/saved.rb
+- lib/splunker/models/xml_processor.rb
 - lib/splunker/request.rb
 - lib/splunker/version.rb
 - script/console
+- spec/fixtures/job_mysearch.xml
+- spec/fixtures/saved_search.xml
 - spec/fixtures/search_results_from_job.xml
 - spec/functional/request_spec.rb
 - spec/rspec_let_definitions.rb
@@ -149,6 +152,11 @@ files:
 - spec/unit/client_spec.rb
 - spec/unit/configuration_spec.rb
 - spec/unit/errors_spec.rb
+- spec/unit/models/finders_spec.rb
+- spec/unit/models/resource_spec.rb
+- spec/unit/models/search/job_spec.rb
+- spec/unit/models/search/saved_spec.rb
+- spec/unit/models/xml_processor_spec.rb
 - spec/unit/request_spec.rb
 - spec/unit/splunker_spec.rb
 - splunker.gemspec
@@ -177,6 +185,8 @@ signing_key:
 specification_version: 3
 summary: A Ruby client for the Splunk API
 test_files:
+- spec/fixtures/job_mysearch.xml
+- spec/fixtures/saved_search.xml
 - spec/fixtures/search_results_from_job.xml
 - spec/functional/request_spec.rb
 - spec/rspec_let_definitions.rb
@@ -186,5 +196,10 @@ test_files:
 - spec/unit/client_spec.rb
 - spec/unit/configuration_spec.rb
 - spec/unit/errors_spec.rb
+- spec/unit/models/finders_spec.rb
+- spec/unit/models/resource_spec.rb
+- spec/unit/models/search/job_spec.rb
+- spec/unit/models/search/saved_spec.rb
+- spec/unit/models/xml_processor_spec.rb
 - spec/unit/request_spec.rb
 - spec/unit/splunker_spec.rb

data/lib/splunker/models/search/jobs.rb

@@ -1,12 +0,0 @@
-module Splunker
-  module Models
-    class Search::Jobs < Resource
-      # http://docs.splunk.com/Documentation/Splunk/4.3.3/RESTAPI/RESTsearch#search.2Fjobs
-      # Jobs are a data structure in themselves
-      # Jobs have subresources for:
-      # * scheduled search results
-      def self.results(scheduled_search_id)
-      end
-    end
-  end
-end

data/lib/splunker/models/search/results.rb

@@ -1,6 +0,0 @@
-module Splunker
-  module Models
-    class Search::Results < Resource
-    end
-  end
-end