sumologic-query 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e4adfba9fe6b1417e51cfcd3e1b5697a8ed208687ae17e8a114716c71711cdc0
+  data.tar.gz: 331efc0e06d844ea82fada1bf97d5a4183189b9330437e5aab03a8d145a30e57
+SHA512:
+  metadata.gz: bacec0ea516f5d0d8d5ba06ffe70887aefb9e4dc8df6fda259d21817d37ecbece1ed57f0806e3c61f1e3a5bc934c1adfb779048e1b57c3ba1ac121b6bb7a2392
+  data.tar.gz: 0f6af034374a1b3f417437a8cb691246393161be4f1b194441afc61128c1bf75c239f537a90aab883ed724e84add224c393437a23ef0d3cd23e2596f01f2c665

data/CHANGELOG.md

@@ -0,0 +1,34 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.0] - 2025-11-13
+
+### Added
+- Initial release of sumologic-query CLI tool
+- Core `Sumologic::Client` class for Search Job API
+- Command-line interface with query, time range, and output options
+- Automatic job polling with 20-second intervals
+- Automatic pagination for large result sets (10K messages per request)
+- Support for multiple Sumo Logic deployments (us1, us2, eu, au)
+- Environment variable configuration (SUMO_ACCESS_ID, SUMO_ACCESS_KEY, SUMO_DEPLOYMENT)
+- Debug mode for troubleshooting (SUMO_DEBUG)
+- JSON output format with metadata
+- Zero external dependencies (stdlib only)
+- Comprehensive error handling and user-friendly messages
+- MIT license
+- Complete documentation and examples
+
+### Features
+- Query historical logs via Search Job API
+- Time range filtering (ISO 8601 format)
+- Message limiting
+- Timezone support
+- File or stdout output
+- 5-minute default timeout
+- Graceful cleanup of search jobs
+
+[1.0.0]: https://github.com/patrick204nqh/sumologic-query/releases/tag/v1.0.0

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 patrick204nqh
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,368 @@
+# Sumo Logic Query Tool
+
+> A lightweight Ruby CLI for querying Sumo Logic logs quickly. Simple, fast, read-only access to your logs.
+
+[![Gem Version](https://badge.fury.io/rb/sumologic-query.svg)](https://badge.fury.io/rb/sumologic-query)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## Why This Tool?
+
+- **Zero dependencies**: Uses only Ruby stdlib - no external gems required
+- **Fast queries**: Efficient polling and automatic pagination
+- **Simple interface**: Just query, get results, done
+- **Read-only**: No write operations, perfect for safe log access
+- **Lightweight**: ~300 lines of code total
+
+All existing Ruby Sumo Logic gems are unmaintained (2-9 years dormant). This tool provides a fresh, minimal approach focused solely on querying logs.
+
+## Installation
+
+### Via RubyGems
+
+```bash
+gem install sumologic-query
+```
+
+### Via Homebrew
+
+```bash
+brew tap patrick204nqh/tap
+brew install sumologic-query
+```
+
+### From Source
+
+```bash
+git clone https://github.com/patrick204nqh/sumologic-query.git
+cd sumologic-query
+bundle install
+bundle exec rake install
+```
+
+## Quick Start
+
+### 1. Set Up Credentials
+
+Export your Sumo Logic API credentials:
+
+```bash
+export SUMO_ACCESS_ID="your_access_id"
+export SUMO_ACCESS_KEY="your_access_key"
+export SUMO_DEPLOYMENT="us2"  # Optional: us1, us2 (default), eu, au
+```
+
+**Getting credentials:**
+1. Log in to Sumo Logic
+2. Go to **Administration → Security → Access Keys**
+3. Create a new access key or use existing
+4. Copy the Access ID and Access Key
+
+### 2. Run Your First Query
+
+```bash
+sumo-query --query 'error' \
+  --from '2025-11-13T14:00:00' \
+  --to '2025-11-13T15:00:00' \
+  --limit 10
+```
+
+## Usage
+
+### Basic Command Structure
+
+```bash
+sumo-query --query "YOUR_QUERY" \
+  --from "START_TIME" \
+  --to "END_TIME" \
+  [--output FILE] \
+  [--limit N] \
+  [--time-zone TZ]
+```
+
+### Required Options
+
+- `-q, --query QUERY` - Sumo Logic query string
+- `-f, --from TIME` - Start time in ISO 8601 format
+- `-t, --to TIME` - End time in ISO 8601 format
+
+### Optional Options
+
+- `-z, --time-zone TZ` - Time zone (default: UTC)
+- `-l, --limit N` - Limit number of messages
+- `-o, --output FILE` - Save results to file (default: stdout)
+- `-d, --debug` - Enable debug output
+- `-h, --help` - Show help message
+- `-v, --version` - Show version
+
+## Common Query Patterns
+
+### Error Analysis
+
+```bash
+# Find all errors in a time window
+sumo-query --query 'error' \
+  --from '2025-11-13T14:00:00' \
+  --to '2025-11-13T15:00:00' \
+  --output errors.json
+
+# Error timeline with 5-minute buckets
+sumo-query --query 'error | timeslice 5m | count by _timeslice' \
+  --from '2025-11-13T14:00:00' \
+  --to '2025-11-13T15:00:00'
+```
+
+### Text Search
+
+```bash
+# Search for specific text
+sumo-query --query '"connection timeout"' \
+  --from '2025-11-13T14:00:00' \
+  --to '2025-11-13T15:00:00'
+
+# Case-insensitive search
+sumo-query --query 'timeout OR failure OR exception' \
+  --from '2025-11-13T14:00:00' \
+  --to '2025-11-13T15:00:00'
+```
+
+### Filtering by Source
+
+```bash
+# Filter by source category
+sumo-query --query '_sourceCategory=prod/api error' \
+  --from '2025-11-13T14:00:00' \
+  --to '2025-11-13T15:00:00'
+
+# Multiple sources
+sumo-query --query '(_sourceCategory=prod/api OR _sourceCategory=prod/web) AND error' \
+  --from '2025-11-13T14:00:00' \
+  --to '2025-11-13T15:00:00'
+```
+
+### Aggregation Queries
+
+```bash
+# Count by field
+sumo-query --query '* | count by status_code' \
+  --from '2025-11-13T14:00:00' \
+  --to '2025-11-13T15:00:00'
+
+# Top 10 slowest requests
+sumo-query --query 'duration_ms > 1000 | sort by duration_ms desc | limit 10' \
+  --from '2025-11-13T14:00:00' \
+  --to '2025-11-13T15:00:00'
+```
+
+### Parsing and Field Extraction
+
+```bash
+# Parse specific fields
+sumo-query --query '* | parse "user_id=* " as user_id | count by user_id' \
+  --from '2025-11-13T14:00:00' \
+  --to '2025-11-13T15:00:00'
+```
+
+## Output Format
+
+Results are returned as JSON:
+
+```json
+{
+  "query": "error",
+  "from": "2025-11-13T14:00:00",
+  "to": "2025-11-13T15:00:00",
+  "time_zone": "UTC",
+  "message_count": 42,
+  "messages": [
+    {
+      "map": {
+        "_messagetime": "1731506400123",
+        "_sourceCategory": "prod/api",
+        "_sourceName": "api-server-01",
+        "message": "Error processing request: timeout"
+      }
+    }
+  ]
+}
+```
+
+## Time Formats
+
+Use ISO 8601 format for timestamps:
+
+```bash
+# UTC timestamps (default)
+--from "2025-11-13T14:30:00"
+--to "2025-11-13T15:00:00"
+
+# With timezone
+--from "2025-11-13T14:30:00" --time-zone "America/New_York"
+
+# Alternative: Relative times (in your shell)
+--from "$(date -u -v-1H '+%Y-%m-%dT%H:%M:%S')"  # 1 hour ago
+--to "$(date -u '+%Y-%m-%dT%H:%M:%S')"         # now
+```
+
+## Performance
+
+Query execution time depends on data volume:
+
+- **Small queries** (<10K messages): ~30-60 seconds
+- **Medium queries** (10K-100K): ~1-2 minutes
+- **Large queries** (100K+): ~2-5 minutes
+
+Default timeout: 5 minutes
+
+To improve performance:
+- Narrow your time range
+- Add specific `_sourceCategory` filters
+- Use `--limit` to cap results
+- Use aggregation queries instead of fetching raw messages
+
+## Troubleshooting
+
+### Authentication Error
+
+```
+Error: SUMO_ACCESS_ID not set
+```
+
+**Solution**: Export your credentials:
+```bash
+export SUMO_ACCESS_ID="your_access_id"
+export SUMO_ACCESS_KEY="your_access_key"
+```
+
+### Timeout Error
+
+```
+Timeout Error: Search job timed out after 300 seconds
+```
+
+**Solutions**:
+- Reduce time range
+- Add more specific filters (`_sourceCategory`, `_sourceName`)
+- Use `--limit` to cap results
+- Consider using aggregation instead of raw messages
+
+### Empty Results
+
+```json
+{
+  "message_count": 0,
+  "messages": []
+}
+```
+
+**Check**:
+- Time range matches your expected data
+- Query syntax is valid (test in Sumo Logic UI first)
+- Source categories are correct
+- Time zone is correct (default is UTC)
+
+### Rate Limit Error
+
+```
+HTTP 429: Rate limit exceeded
+```
+
+**Solution**: Wait 1-2 minutes between queries. Sumo Logic enforces rate limits per account.
+
+## Development
+
+### Running Tests
+
+```bash
+bundle install
+bundle exec rake spec
+```
+
+### Code Quality
+
+```bash
+bundle exec rubocop
+bundle exec rubocop -A  # Auto-fix issues
+```
+
+### Running Locally
+
+```bash
+# Without installing
+bundle exec bin/sumo-query --query "error" \
+  --from "2025-11-13T14:00:00" \
+  --to "2025-11-13T15:00:00"
+
+# With debug output
+SUMO_DEBUG=1 bundle exec bin/sumo-query --query "error" \
+  --from "2025-11-13T14:00:00" \
+  --to "2025-11-13T15:00:00"
+```
+
+## How It Works
+
+This tool uses the Sumo Logic Search Job API:
+
+1. **Create Job** - POST to `/api/v1/search/jobs` with your query
+2. **Poll Status** - GET `/api/v1/search/jobs/:id` every 20 seconds until complete
+3. **Fetch Messages** - GET `/api/v1/search/jobs/:id/messages` (automatically paginated)
+4. **Clean Up** - DELETE `/api/v1/search/jobs/:id`
+
+All steps are handled automatically. You just provide the query and get results.
+
+## API Reference
+
+### Ruby Library Usage
+
+You can also use the library directly in your Ruby code:
+
+```ruby
+require 'sumologic'
+
+client = Sumologic::Client.new(
+  access_id: 'your_access_id',
+  access_key: 'your_access_key',
+  deployment: 'us2'
+)
+
+results = client.search(
+  query: 'error',
+  from_time: '2025-11-13T14:00:00',
+  to_time: '2025-11-13T15:00:00',
+  time_zone: 'UTC',
+  limit: 1000
+)
+
+results.each do |message|
+  puts message['map']['message']
+end
+```
+
+## Contributing
+
+Contributions are welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details.
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b feature/amazing-feature`)
+3. Commit your changes (`git commit -m 'Add amazing feature'`)
+4. Push to the branch (`git push origin feature/amazing-feature`)
+5. Open a Pull Request
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
+
+## Resources
+
+- **Sumo Logic API Docs**: https://help.sumologic.com/docs/api/search-job/
+- **Query Language**: https://help.sumologic.com/docs/search/
+- **Bug Reports**: https://github.com/patrick204nqh/sumologic-query/issues
+- **Feature Requests**: https://github.com/patrick204nqh/sumologic-query/issues
+
+## Support
+
+- **Issues**: [GitHub Issues](https://github.com/patrick204nqh/sumologic-query/issues)
+- **Discussions**: [GitHub Discussions](https://github.com/patrick204nqh/sumologic-query/discussions)
+
+---
+
+**Note**: This tool provides read-only access to Sumo Logic logs. It does not modify any data or configuration.

data/bin/sumo-query

@@ -0,0 +1,121 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+# Simple CLI wrapper for querying Sumo Logic logs
+# Usage: sumo-query --query "error" --from "2025-11-13T14:00:00" --to "2025-11-13T15:00:00"
+
+require_relative '../lib/sumologic'
+require 'optparse'
+require 'json'
+
+options = {
+  time_zone: 'UTC'
+}
+
+OptionParser.new do |opts|
+  opts.banner = <<~BANNER
+    Sumo Logic Query Tool - Fast, read-only log access
+
+    Usage: sumo-query [options]
+
+    Examples:
+      # Error timeline with 5-minute buckets
+      sumo-query --query 'error | timeslice 5m | count' \\
+        --from '2025-11-13T14:00:00' --to '2025-11-13T15:00:00'
+
+      # Search for specific text
+      sumo-query --query '"connection timeout"' \\
+        --from '2025-11-13T14:00:00' --to '2025-11-13T15:00:00' \\
+        --limit 100
+
+      # Filter by source category
+      sumo-query --query '_sourceCategory=prod/api error' \\
+        --from '2025-11-13T14:00:00' --to '2025-11-13T15:00:00' \\
+        --output results.json
+
+    Options:
+  BANNER
+
+  opts.on('-q', '--query QUERY', 'Search query (required)') { |v| options[:query] = v }
+  opts.on('-f', '--from TIME', 'Start time in ISO 8601 format (required)') { |v| options[:from] = v }
+  opts.on('-t', '--to TIME', 'End time in ISO 8601 format (required)') { |v| options[:to] = v }
+  opts.on('-z', '--time-zone TZ', 'Time zone (default: UTC)') { |v| options[:time_zone] = v }
+  opts.on('-l', '--limit N', Integer, 'Limit number of messages') { |v| options[:limit] = v }
+  opts.on('-o', '--output FILE', 'Output file (default: stdout)') { |v| options[:output] = v }
+  opts.on('-d', '--debug', 'Enable debug output') { $DEBUG = true }
+  opts.on('-h', '--help', 'Show this help') do
+    puts opts
+    exit
+  end
+  opts.on('-v', '--version', 'Show version') do
+    puts "sumologic-query v#{Sumologic::VERSION}"
+    exit
+  end
+end.parse!
+
+# Validate required options
+unless options[:query] && options[:from] && options[:to]
+  warn 'Error: --query, --from, and --to are required'
+  warn 'Run with --help for usage information'
+  exit 1
+end
+
+begin
+  # Create client
+  client = Sumologic::Client.new
+
+  warn "Querying Sumo Logic: #{options[:from]} to #{options[:to]}"
+  warn "Query: #{options[:query]}"
+  warn 'This may take 1-3 minutes depending on data volume...'
+  $stderr.puts
+
+  # Execute search
+  results = client.search(
+    query: options[:query],
+    from_time: options[:from],
+    to_time: options[:to],
+    time_zone: options[:time_zone],
+    limit: options[:limit]
+  )
+
+  # Format output
+  output = {
+    query: options[:query],
+    from: options[:from],
+    to: options[:to],
+    time_zone: options[:time_zone],
+    message_count: results.size,
+    messages: results
+  }
+
+  json_output = JSON.pretty_generate(output)
+
+  # Write to file or stdout
+  if options[:output]
+    File.write(options[:output], json_output)
+    warn "\nResults saved to: #{options[:output]}"
+    warn "Message count: #{results.size}"
+  else
+    puts json_output
+  end
+rescue Sumologic::AuthenticationError => e
+  warn "\nAuthentication Error: #{e.message}"
+  warn "\nPlease set environment variables:"
+  warn "  export SUMO_ACCESS_ID='your_access_id'"
+  warn "  export SUMO_ACCESS_KEY='your_access_key'"
+  warn "  export SUMO_DEPLOYMENT='us2'  # Optional, defaults to us2"
+  exit 1
+rescue Sumologic::TimeoutError => e
+  warn "\nTimeout Error: #{e.message}"
+  warn "\nTry:"
+  warn '  - Reducing time range'
+  warn '  - Using more specific filters in your query'
+  warn '  - Adding --limit to cap results'
+  exit 1
+rescue Sumologic::Error => e
+  warn "\nError: #{e.message}"
+  exit 1
+rescue Interrupt
+  warn "\nInterrupted by user"
+  exit 130
+end

data/lib/sumologic/client.rb

@@ -0,0 +1,203 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'json'
+require 'uri'
+require 'base64'
+
+module Sumologic
+  # Lightweight Sumo Logic Search Job API client
+  # Handles historical log queries with automatic polling and pagination
+  class Client
+    API_VERSION = 'v1'
+    DEFAULT_POLL_INTERVAL = 20 # seconds
+    DEFAULT_TIMEOUT = 300 # seconds (5 minutes)
+    MAX_MESSAGES_PER_REQUEST = 10_000
+
+    attr_reader :access_id, :access_key, :deployment, :base_url
+
+    def initialize(access_id: nil, access_key: nil, deployment: nil)
+      @access_id = access_id || ENV.fetch('SUMO_ACCESS_ID', nil)
+      @access_key = access_key || ENV.fetch('SUMO_ACCESS_KEY', nil)
+      @deployment = deployment || ENV['SUMO_DEPLOYMENT'] || 'us2'
+      @base_url = deployment_url(@deployment)
+
+      validate_credentials!
+    end
+
+    # Main search method
+    # Returns array of messages/records as JSON
+    def search(query:, from_time:, to_time:, time_zone: 'UTC', limit: nil)
+      job_id = create_job(query, from_time, to_time, time_zone)
+      poll_until_complete(job_id)
+      messages = fetch_all_messages(job_id, limit)
+      delete_job(job_id)
+      messages
+    rescue StandardError => e
+      delete_job(job_id) if job_id
+      raise Error, "Search failed: #{e.message}"
+    end
+
+    private
+
+    def validate_credentials!
+      raise AuthenticationError, 'SUMO_ACCESS_ID not set' unless @access_id
+      raise AuthenticationError, 'SUMO_ACCESS_KEY not set' unless @access_key
+    end
+
+    def deployment_url(deployment)
+      case deployment
+      when /^http/
+        deployment # Full URL provided
+      when 'us1'
+        'https://api.sumologic.com/api/v1'
+      when 'us2'
+        'https://api.us2.sumologic.com/api/v1'
+      when 'eu'
+        'https://api.eu.sumologic.com/api/v1'
+      when 'au'
+        'https://api.au.sumologic.com/api/v1'
+      else
+        "https://api.#{deployment}.sumologic.com/api/v1"
+      end
+    end
+
+    def auth_header
+      encoded = Base64.strict_encode64("#{@access_id}:#{@access_key}")
+      "Basic #{encoded}"
+    end
+
+    def create_job(query, from_time, to_time, time_zone)
+      uri = URI("#{@base_url}/search/jobs")
+      request = Net::HTTP::Post.new(uri)
+      request['Authorization'] = auth_header
+      request['Content-Type'] = 'application/json'
+      request['Accept'] = 'application/json'
+
+      body = {
+        query: query,
+        from: from_time,
+        to: to_time,
+        timeZone: time_zone
+      }
+      request.body = body.to_json
+
+      response = http_request(uri, request)
+      data = JSON.parse(response.body)
+
+      raise Error, "Failed to create job: #{data['message']}" unless data['id']
+
+      log_info "Created search job: #{data['id']}"
+      data['id']
+    end
+
+    def poll_until_complete(job_id, timeout: DEFAULT_TIMEOUT)
+      uri = URI("#{@base_url}/search/jobs/#{job_id}")
+      start_time = Time.now
+      interval = DEFAULT_POLL_INTERVAL
+
+      loop do
+        raise TimeoutError, "Search job timed out after #{timeout} seconds" if Time.now - start_time > timeout
+
+        request = Net::HTTP::Get.new(uri)
+        request['Authorization'] = auth_header
+        request['Accept'] = 'application/json'
+
+        response = http_request(uri, request)
+        data = JSON.parse(response.body)
+
+        state = data['state']
+        log_info "Job state: #{state} (#{data['messageCount']} messages, #{data['recordCount']} records)"
+
+        case state
+        when 'DONE GATHERING RESULTS'
+          return data
+        when 'CANCELLED', 'FORCE PAUSED'
+          raise Error, "Search job #{state.downcase}"
+        end
+
+        sleep interval
+      end
+    end
+
+    def fetch_all_messages(job_id, limit = nil)
+      messages = []
+      offset = 0
+      total_fetched = 0
+
+      loop do
+        batch_limit = if limit
+                        [MAX_MESSAGES_PER_REQUEST, limit - total_fetched].min
+                      else
+                        MAX_MESSAGES_PER_REQUEST
+                      end
+
+        break if batch_limit <= 0
+
+        uri = URI("#{@base_url}/search/jobs/#{job_id}/messages")
+        uri.query = URI.encode_www_form(offset: offset, limit: batch_limit)
+
+        request = Net::HTTP::Get.new(uri)
+        request['Authorization'] = auth_header
+        request['Accept'] = 'application/json'
+
+        response = http_request(uri, request)
+        data = JSON.parse(response.body)
+
+        batch = data['messages'] || []
+        messages.concat(batch)
+        total_fetched += batch.size
+
+        log_info "Fetched #{batch.size} messages (total: #{total_fetched})"
+
+        break if batch.size < batch_limit # No more messages
+        break if limit && total_fetched >= limit
+
+        offset += batch.size
+      end
+
+      messages
+    end
+
+    def delete_job(job_id)
+      return unless job_id
+
+      uri = URI("#{@base_url}/search/jobs/#{job_id}")
+      request = Net::HTTP::Delete.new(uri)
+      request['Authorization'] = auth_header
+
+      http_request(uri, request)
+      log_info "Deleted search job: #{job_id}"
+    rescue StandardError => e
+      log_error "Failed to delete job #{job_id}: #{e.message}"
+    end
+
+    def http_request(uri, request)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true
+      http.read_timeout = 60
+      http.open_timeout = 10
+
+      response = http.request(request)
+
+      case response.code.to_i
+      when 200..299
+        response
+      when 401, 403
+        raise AuthenticationError, "Authentication failed: #{response.body}"
+      when 429
+        raise Error, "Rate limit exceeded: #{response.body}"
+      else
+        raise Error, "HTTP #{response.code}: #{response.body}"
+      end
+    end
+
+    def log_info(message)
+      warn "[Sumologic::Client] #{message}" if ENV['SUMO_DEBUG'] || $DEBUG
+    end
+
+    def log_error(message)
+      warn "[Sumologic::Client ERROR] #{message}"
+    end
+  end
+end

data/lib/sumologic/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Sumologic
+  VERSION = '1.0.0'
+end

data/lib/sumologic.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require_relative 'sumologic/version'
+require_relative 'sumologic/client'
+
+module Sumologic
+  class Error < StandardError; end
+  class TimeoutError < Error; end
+  class AuthenticationError < Error; end
+end

metadata

@@ -0,0 +1,115 @@
+--- !ruby/object:Gem::Specification
+name: sumologic-query
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- patrick204nqh
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2025-11-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+description: |
+  Simple, fast, read-only access to Sumo Logic logs via the Search Job API.
+  No complex features, just quick log queries with automatic pagination and polling.
+  Perfect for DevOps, incident investigation, and log analysis workflows.
+email:
+- patrick204nqh@gmail.com
+executables:
+- sumo-query
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE
+- README.md
+- bin/sumo-query
+- lib/sumologic.rb
+- lib/sumologic/client.rb
+- lib/sumologic/version.rb
+homepage: https://github.com/patrick204nqh/sumologic-query
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/patrick204nqh/sumologic-query
+  source_code_uri: https://github.com/patrick204nqh/sumologic-query
+  bug_tracker_uri: https://github.com/patrick204nqh/sumologic-query/issues
+  changelog_uri: https://github.com/patrick204nqh/sumologic-query/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.22
+signing_key:
+specification_version: 4
+summary: A lightweight Ruby CLI for querying Sumo Logic logs quickly
+test_files: []