sumologic-query 1.1.0 → 1.1.2

data/lib/sumologic/cli.rb

@@ -0,0 +1,208 @@
+# frozen_string_literal: true
+
+require 'thor'
+require 'json'
+
+module Sumologic
+  # Thor-based CLI for Sumo Logic query tool
+  class CLI < Thor
+    class_option :debug, type: :boolean, aliases: '-d', desc: 'Enable debug output'
+    class_option :output, type: :string, aliases: '-o', desc: 'Output file (default: stdout)'
+
+    def self.exit_on_failure?
+      true
+    end
+
+    desc 'search', 'Search Sumo Logic logs'
+    long_desc <<~DESC
+      Search Sumo Logic logs using a query string.
+
+      Examples:
+        # Error timeline with 5-minute buckets
+        sumo-query search --query 'error | timeslice 5m | count' \\
+          --from '2025-11-13T14:00:00' --to '2025-11-13T15:00:00'
+
+        # Search for specific text
+        sumo-query search --query '"connection timeout"' \\
+          --from '2025-11-13T14:00:00' --to '2025-11-13T15:00:00' \\
+          --limit 100
+    DESC
+    option :query, type: :string, required: true, aliases: '-q', desc: 'Search query'
+    option :from, type: :string, required: true, aliases: '-f', desc: 'Start time (ISO 8601)'
+    option :to, type: :string, required: true, aliases: '-t', desc: 'End time (ISO 8601)'
+    option :time_zone, type: :string, default: 'UTC', aliases: '-z', desc: 'Time zone'
+    option :limit, type: :numeric, aliases: '-l', desc: 'Limit number of messages'
+    def search
+      $DEBUG = true if options[:debug]
+
+      client = create_client
+
+      log_search_info
+      results = execute_search(client)
+      output_search_results(results)
+
+      warn "\nMessage count: #{results.size}"
+    end
+
+    desc 'list-collectors', 'List all Sumo Logic collectors'
+    long_desc <<~DESC
+      List all collectors in your Sumo Logic account.
+
+      Example:
+        sumo-query list-collectors --output collectors.json
+    DESC
+    def list_collectors
+      $DEBUG = true if options[:debug]
+
+      client = create_client
+
+      warn 'Fetching collectors...'
+      collectors = client.list_collectors
+
+      output_json(
+        total: collectors.size,
+        collectors: collectors.map { |c| format_collector(c) }
+      )
+    end
+
+    desc 'list-sources', 'List sources from collectors'
+    long_desc <<~DESC
+      List all sources from all collectors, or sources from a specific collector.
+
+      Examples:
+        # List all sources
+        sumo-query list-sources
+
+        # List sources for specific collector
+        sumo-query list-sources --collector-id 12345
+    DESC
+    option :collector_id, type: :string, desc: 'Collector ID to list sources for'
+    def list_sources
+      $DEBUG = true if options[:debug]
+
+      client = create_client
+
+      if options[:collector_id]
+        list_sources_for_collector(client, options[:collector_id])
+      else
+        list_all_sources(client)
+      end
+    end
+
+    desc 'version', 'Show version information'
+    def version
+      puts "sumo-query version #{Sumologic::VERSION}"
+    end
+    map %w[-v --version] => :version
+
+    default_task :search
+
+    private
+
+    def create_client
+      Client.new
+    rescue AuthenticationError => e
+      error "Authentication Error: #{e.message}"
+      error "\nPlease set environment variables:"
+      error "  export SUMO_ACCESS_ID='your_access_id'"
+      error "  export SUMO_ACCESS_KEY='your_access_key'"
+      error "  export SUMO_DEPLOYMENT='us2'  # Optional, defaults to us2"
+      exit 1
+    rescue Error => e
+      error "Error: #{e.message}"
+      exit 1
+    end
+
+    def list_sources_for_collector(client, collector_id)
+      warn "Fetching sources for collector: #{collector_id}"
+      sources = client.list_sources(collector_id: collector_id)
+
+      output_json(
+        collector_id: collector_id,
+        total: sources.size,
+        sources: sources.map { |s| format_source(s) }
+      )
+    end
+
+    def list_all_sources(client)
+      warn 'Fetching all sources from all collectors...'
+      warn 'This may take a minute...'
+
+      all_sources = client.list_all_sources
+
+      output_json(
+        total_collectors: all_sources.size,
+        total_sources: all_sources.sum { |c| c['sources'].size },
+        data: all_sources.map do |item|
+          {
+            collector: item['collector'],
+            sources: item['sources'].map { |s| format_source(s) }
+          }
+        end
+      )
+    end
+
+    def format_collector(collector)
+      {
+        id: collector['id'],
+        name: collector['name'],
+        collectorType: collector['collectorType'],
+        alive: collector['alive'],
+        category: collector['category']
+      }
+    end
+
+    def format_source(source)
+      {
+        id: source['id'],
+        name: source['name'],
+        category: source['category'],
+        sourceType: source['sourceType'],
+        alive: source['alive']
+      }
+    end
+
+    def output_json(data)
+      json_output = JSON.pretty_generate(data)
+
+      if options[:output]
+        File.write(options[:output], json_output)
+        warn "\nResults saved to: #{options[:output]}"
+      else
+        puts json_output
+      end
+    end
+
+    def error(message)
+      warn message
+    end
+
+    def log_search_info
+      warn "Querying Sumo Logic: #{options[:from]} to #{options[:to]}"
+      warn "Query: #{options[:query]}"
+      warn 'This may take 1-3 minutes depending on data volume...'
+      $stderr.puts
+    end
+
+    def execute_search(client)
+      client.search(
+        query: options[:query],
+        from_time: options[:from],
+        to_time: options[:to],
+        time_zone: options[:time_zone],
+        limit: options[:limit]
+      )
+    end
+
+    def output_search_results(results)
+      output_json(
+        query: options[:query],
+        from: options[:from],
+        to: options[:to],
+        time_zone: options[:time_zone],
+        message_count: results.size,
+        messages: results
+      )
+    end
+  end
+end

data/lib/sumologic/client.rb

@@ -1,215 +1,59 @@
 # frozen_string_literal: true
 
-require 'net/http'
-require 'json'
-require 'uri'
-require 'base64'
-
 module Sumologic
-  # Lightweight Sumo Logic Search Job API client
-  # Handles historical log queries with automatic polling and pagination
+  # Facade for Sumo Logic API operations
+  # Coordinates HTTP, Search, and Metadata components
   class Client
-    API_VERSION = 'v1'
-    INITIAL_POLL_INTERVAL = 5 # seconds - start fast for small queries
-    MAX_POLL_INTERVAL = 20 # seconds - slow down for large queries
-    POLL_BACKOFF_FACTOR = 1.5 # increase interval by 50% each time
-    DEFAULT_TIMEOUT = 300 # seconds (5 minutes)
-    MAX_MESSAGES_PER_REQUEST = 10_000
-
-    attr_reader :access_id, :access_key, :deployment, :base_url
-
-    def initialize(access_id: nil, access_key: nil, deployment: nil)
-      @access_id = access_id || ENV.fetch('SUMO_ACCESS_ID', nil)
-      @access_key = access_key || ENV.fetch('SUMO_ACCESS_KEY', nil)
-      @deployment = deployment || ENV['SUMO_DEPLOYMENT'] || 'us2'
-      @base_url = deployment_url(@deployment)
-
-      validate_credentials!
-    end
-
-    # Main search method
-    # Returns array of messages/records as JSON
+    attr_reader :config
+
+    def initialize(config = nil)
+      @config = config || Configuration.new
+      @config.validate!
+
+      # Initialize HTTP layer
+      authenticator = Http::Authenticator.new(
+        access_id: @config.access_id,
+        access_key: @config.access_key
+      )
+      @http = Http::Client.new(
+        base_url: @config.base_url,
+        authenticator: authenticator
+      )
+
+      # Initialize domain components
+      @search = Search::Job.new(http_client: @http, config: @config)
+      @collector = Metadata::Collector.new(http_client: @http)
+      @source = Metadata::Source.new(http_client: @http, collector_client: @collector)
+    end
+
+    # Search logs with query
+    # Returns array of messages
     def search(query:, from_time:, to_time:, time_zone: 'UTC', limit: nil)
-      job_id = create_job(query, from_time, to_time, time_zone)
-      poll_until_complete(job_id)
-      messages = fetch_all_messages(job_id, limit)
-      delete_job(job_id)
-      messages
-    rescue StandardError => e
-      delete_job(job_id) if job_id
-      raise Error, "Search failed: #{e.message}"
-    end
-
-    private
-
-    def validate_credentials!
-      raise AuthenticationError, 'SUMO_ACCESS_ID not set' unless @access_id
-      raise AuthenticationError, 'SUMO_ACCESS_KEY not set' unless @access_key
-    end
-
-    def deployment_url(deployment)
-      case deployment
-      when /^http/
-        deployment # Full URL provided
-      when 'us1'
-        'https://api.sumologic.com/api/v1'
-      when 'us2'
-        'https://api.us2.sumologic.com/api/v1'
-      when 'eu'
-        'https://api.eu.sumologic.com/api/v1'
-      when 'au'
-        'https://api.au.sumologic.com/api/v1'
-      else
-        "https://api.#{deployment}.sumologic.com/api/v1"
-      end
-    end
-
-    def auth_header
-      encoded = Base64.strict_encode64("#{@access_id}:#{@access_key}")
-      "Basic #{encoded}"
-    end
-
-    def create_job(query, from_time, to_time, time_zone)
-      uri = URI("#{@base_url}/search/jobs")
-      request = Net::HTTP::Post.new(uri)
-      request['Authorization'] = auth_header
-      request['Content-Type'] = 'application/json'
-      request['Accept'] = 'application/json'
-
-      body = {
+      @search.execute(
         query: query,
-        from: from_time,
-        to: to_time,
-        timeZone: time_zone
-      }
-      request.body = body.to_json
-
-      response = http_request(uri, request)
-      data = JSON.parse(response.body)
-
-      raise Error, "Failed to create job: #{data['message']}" unless data['id']
-
-      log_info "Created search job: #{data['id']}"
-      data['id']
-    end
-
-    def poll_until_complete(job_id, timeout: DEFAULT_TIMEOUT)
-      uri = URI("#{@base_url}/search/jobs/#{job_id}")
-      start_time = Time.now
-      interval = INITIAL_POLL_INTERVAL
-      poll_count = 0
-
-      loop do
-        raise TimeoutError, "Search job timed out after #{timeout} seconds" if Time.now - start_time > timeout
-
-        request = Net::HTTP::Get.new(uri)
-        request['Authorization'] = auth_header
-        request['Accept'] = 'application/json'
-
-        response = http_request(uri, request)
-        data = JSON.parse(response.body)
-
-        state = data['state']
-        msg_count = data['messageCount']
-        rec_count = data['recordCount']
-        log_info "Job state: #{state} (#{msg_count} messages, #{rec_count} records) [interval: #{interval}s]"
-
-        case state
-        when 'DONE GATHERING RESULTS'
-          elapsed = Time.now - start_time
-          log_info "Job completed in #{elapsed.round(1)} seconds after #{poll_count + 1} polls"
-          return data
-        when 'CANCELLED', 'FORCE PAUSED'
-          raise Error, "Search job #{state.downcase}"
-        end
-
-        sleep interval
-        poll_count += 1
-
-        # Adaptive backoff: gradually increase interval for long-running jobs
-        # This reduces API calls while maintaining responsiveness for quick jobs
-        interval = [interval * POLL_BACKOFF_FACTOR, MAX_POLL_INTERVAL].min
-      end
+        from_time: from_time,
+        to_time: to_time,
+        time_zone: time_zone,
+        limit: limit
+      )
     end
 
-    def fetch_all_messages(job_id, limit = nil)
-      messages = []
-      offset = 0
-      total_fetched = 0
-
-      loop do
-        batch_limit = if limit
-                        [MAX_MESSAGES_PER_REQUEST, limit - total_fetched].min
-                      else
-                        MAX_MESSAGES_PER_REQUEST
-                      end
-
-        break if batch_limit <= 0
-
-        uri = URI("#{@base_url}/search/jobs/#{job_id}/messages")
-        uri.query = URI.encode_www_form(offset: offset, limit: batch_limit)
-
-        request = Net::HTTP::Get.new(uri)
-        request['Authorization'] = auth_header
-        request['Accept'] = 'application/json'
-
-        response = http_request(uri, request)
-        data = JSON.parse(response.body)
-
-        batch = data['messages'] || []
-        messages.concat(batch)
-        total_fetched += batch.size
-
-        log_info "Fetched #{batch.size} messages (total: #{total_fetched})"
-
-        break if batch.size < batch_limit # No more messages
-        break if limit && total_fetched >= limit
-
-        offset += batch.size
-      end
-
-      messages
-    end
-
-    def delete_job(job_id)
-      return unless job_id
-
-      uri = URI("#{@base_url}/search/jobs/#{job_id}")
-      request = Net::HTTP::Delete.new(uri)
-      request['Authorization'] = auth_header
-
-      http_request(uri, request)
-      log_info "Deleted search job: #{job_id}"
-    rescue StandardError => e
-      log_error "Failed to delete job #{job_id}: #{e.message}"
-    end
-
-    def http_request(uri, request)
-      http = Net::HTTP.new(uri.host, uri.port)
-      http.use_ssl = true
-      http.read_timeout = 60
-      http.open_timeout = 10
-
-      response = http.request(request)
-
-      case response.code.to_i
-      when 200..299
-        response
-      when 401, 403
-        raise AuthenticationError, "Authentication failed: #{response.body}"
-      when 429
-        raise Error, "Rate limit exceeded: #{response.body}"
-      else
-        raise Error, "HTTP #{response.code}: #{response.body}"
-      end
+    # List all collectors
+    # Returns array of collector objects
+    def list_collectors
+      @collector.list
     end
 
-    def log_info(message)
-      warn "[Sumologic::Client] #{message}" if ENV['SUMO_DEBUG'] || $DEBUG
+    # List sources for a specific collector
+    # Returns array of source objects
+    def list_sources(collector_id:)
+      @source.list(collector_id: collector_id)
     end
 
-    def log_error(message)
-      warn "[Sumologic::Client ERROR] #{message}"
+    # List all sources from all collectors
+    # Returns array of hashes with collector and sources
+    def list_all_sources
+      @source.list_all
     end
   end
 end

data/lib/sumologic/configuration.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Sumologic
+  # Centralized configuration for Sumo Logic client
+  class Configuration
+    attr_accessor :access_id, :access_key, :deployment, :timeout, :initial_poll_interval, :max_poll_interval,
+                  :poll_backoff_factor, :max_messages_per_request
+
+    API_VERSION = 'v1'
+
+    def initialize
+      # Authentication
+      @access_id = ENV.fetch('SUMO_ACCESS_ID', nil)
+      @access_key = ENV.fetch('SUMO_ACCESS_KEY', nil)
+      @deployment = ENV['SUMO_DEPLOYMENT'] || 'us2'
+
+      # Search job polling
+      @initial_poll_interval = 5 # seconds - start fast for small queries
+      @max_poll_interval = 20 # seconds - slow down for large queries
+      @poll_backoff_factor = 1.5 # increase interval by 50% each time
+
+      # Timeouts and limits
+      @timeout = 300 # seconds (5 minutes)
+      @max_messages_per_request = 10_000
+    end
+
+    def base_url
+      @base_url ||= build_base_url
+    end
+
+    def validate!
+      raise AuthenticationError, 'SUMO_ACCESS_ID not set' unless @access_id
+      raise AuthenticationError, 'SUMO_ACCESS_KEY not set' unless @access_key
+    end
+
+    private
+
+    def build_base_url
+      case @deployment
+      when /^http/
+        @deployment # Full URL provided
+      when 'us1'
+        "https://api.sumologic.com/api/#{API_VERSION}"
+      when 'us2'
+        "https://api.us2.sumologic.com/api/#{API_VERSION}"
+      when 'eu'
+        "https://api.eu.sumologic.com/api/#{API_VERSION}"
+      when 'au'
+        "https://api.au.sumologic.com/api/#{API_VERSION}"
+      else
+        "https://api.#{@deployment}.sumologic.com/api/#{API_VERSION}"
+      end
+    end
+  end
+end

data/lib/sumologic/http/authenticator.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'base64'
+
+module Sumologic
+  module Http
+    # Handles authentication header generation for Sumo Logic API
+    class Authenticator
+      def initialize(access_id:, access_key:)
+        @access_id = access_id
+        @access_key = access_key
+      end
+
+      def auth_header
+        encoded = Base64.strict_encode64("#{@access_id}:#{@access_key}")
+        "Basic #{encoded}"
+      end
+    end
+  end
+end

data/lib/sumologic/http/client.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'json'
+require 'uri'
+
+module Sumologic
+  module Http
+    # Handles HTTP communication with Sumo Logic API
+    # Responsibilities: request execution, error handling, SSL configuration
+    class Client
+      READ_TIMEOUT = 60
+      OPEN_TIMEOUT = 10
+
+      def initialize(base_url:, authenticator:)
+        @base_url = base_url
+        @authenticator = authenticator
+      end
+
+      # Execute HTTP request with error handling
+      def request(method:, path:, body: nil, query_params: nil)
+        uri = build_uri(path, query_params)
+        request = build_request(method, uri, body)
+
+        response = execute_request(uri, request)
+        handle_response(response)
+      end
+
+      private
+
+      def build_uri(path, query_params)
+        uri = URI("#{@base_url}#{path}")
+        uri.query = URI.encode_www_form(query_params) if query_params
+        uri
+      end
+
+      def build_request(method, uri, body)
+        request_class = case method
+                        when :get then Net::HTTP::Get
+                        when :post then Net::HTTP::Post
+                        when :delete then Net::HTTP::Delete
+                        else raise ArgumentError, "Unsupported HTTP method: #{method}"
+                        end
+
+        request = request_class.new(uri)
+        request['Authorization'] = @authenticator.auth_header
+        request['Accept'] = 'application/json'
+
+        if body
+          request['Content-Type'] = 'application/json'
+          request.body = body.to_json
+        end
+
+        request
+      end
+
+      def execute_request(uri, request)
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+        http.read_timeout = READ_TIMEOUT
+        http.open_timeout = OPEN_TIMEOUT
+
+        http.request(request)
+      end
+
+      def handle_response(response)
+        case response.code.to_i
+        when 200..299
+          JSON.parse(response.body)
+        when 401, 403
+          raise AuthenticationError, "Authentication failed: #{response.body}"
+        when 429
+          raise Error, "Rate limit exceeded: #{response.body}"
+        else
+          raise Error, "HTTP #{response.code}: #{response.body}"
+        end
+      end
+    end
+  end
+end

data/lib/sumologic/metadata/collector.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Sumologic
+  module Metadata
+    # Handles collector metadata operations
+    class Collector
+      def initialize(http_client:)
+        @http = http_client
+      end
+
+      # List all collectors
+      # Returns array of collector objects
+      def list
+        data = @http.request(
+          method: :get,
+          path: '/collectors'
+        )
+
+        collectors = data['collectors'] || []
+        log_info "Found #{collectors.size} collectors"
+        collectors
+      rescue StandardError => e
+        raise Error, "Failed to list collectors: #{e.message}"
+      end
+
+      private
+
+      def log_info(message)
+        warn "[Sumologic::Metadata::Collector] #{message}" if ENV['SUMO_DEBUG'] || $DEBUG
+      end
+    end
+  end
+end