sumologic-query 1.4.0 → 1.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5822fc268d1979e97d6993b7f233b720049f832c4d5d921a75c32ecccc16ce68
-  data.tar.gz: f9e1cde6a138f45d70ec4ed2e06b22f87faf9500a6cb4fb7274fe8df787bcba1
+  metadata.gz: 17737642aa1c9244133b4442fd6dccc156cf39b5a35cc05071a4769800ad0501
+  data.tar.gz: 29037e867772bbc70e2cda259879e8b6d55e51b70611b7ef5167c79ab2eee00e
 SHA512:
-  metadata.gz: 661862b1dfbc17a5729fbffc54c459e9b2e52a996346b0c028179002c606689096c0a191a26d7bb06d737c197f50324eb86e574289a093c4a392b9248a3e2647
-  data.tar.gz: fda3e751c1dc953fa10d878288193ffe060dcd9366e9d18e8cad9d8eeaf8a194e0dcaa1f50ca245fdc5ab20a95c7f1b67809add3dbed2aa28341f68130188ffd
+  metadata.gz: 67bd5ba57a5a3ed5739d274a25c29e9ba4c1cd2415976a5bb7cbdfb075276c67b614917a14a312e33fa618c15a665ccb7bf82e34b20602ab800e3c00e65bed8c
+  data.tar.gz: 2c3fff993dcf6d5a2d14b5719a3fd23331477dece5a43cad0dc5d42e4ae7065fb94bda7741ead8e9a678839d8b5d063bb237c9c301585008fdba427737e1abd8

data/CHANGELOG.md

@@ -6,6 +6,42 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and release notes are automatically generated from commit messages.
+## [1.4.2](https://github.com/patrick204nqh/sumologic-query/compare/v1.4.1...v1.4.2) (2026-02-11)
+
+### 🎉 New Features
+
+- add source discovery guidance to skills
+- add filtering options to list-sources
+- add keyword and limit filters to discover-source-metadata
+- add -q/--query and -l/--limit flags to list-collectors
+
+### 🐛 Bug Fixes
+
+- support compound relative time expressions like -1h30m
+
+
+
+## [1.4.1](https://github.com/patrick204nqh/sumologic-query/compare/v1.4.0...v1.4.1) (2026-02-11)
+
+### 🎉 New Features
+
+- add "Open in Sumo Logic" URL to search output
+- add command recipe and CLI command specs
+
+### 🐛 Bug Fixes
+
+- update source_code_uri metadata to use homepage
+
+### 🔧 Refactoring
+
+- resolve ADR-006, fix README links, extract command helpers
+
+### 📚 Documentation
+
+- consolidate query examples and document v1/v2 API split
+
+
+
 ## [1.4.0](https://github.com/patrick204nqh/sumologic-query/compare/v1.3.5...v1.4.0) (2026-02-11)
 
 ### 🎉 New Features

data/README.md

@@ -152,9 +152,9 @@ client.list_all_sources
 ## Documentation
 
 - [Query Examples](examples/queries.md) - Query patterns and examples
-- [Quick Reference](docs/tldr.md) - Command cheat sheet
-- [Rate Limiting](docs/rate-limiting.md) - Performance tuning
-- [Architecture](docs/architecture/) - Design decisions
+- [Quick Reference](docs/sdlc/7-maintain/tldr.md) - Command cheat sheet
+- [Rate Limiting](docs/sdlc/4-develop/rate-limiting.md) - Performance tuning
+- [Architecture](docs/sdlc/3-design/overview.md) - Design decisions
 
 ## Contributing
 

data/lib/sumologic/cli/commands/base_command.rb

@@ -17,6 +17,18 @@ module Sumologic
 
         private
 
+        def list_resource(label:, key:)
+          warn "Fetching #{label}..."
+          items = yield
+          output_json(total: items.size, key => items)
+        end
+
+        def get_resource(label:, id:)
+          warn "Fetching #{label} #{id}..."
+          result = yield
+          output_json(result)
+        end
+
         def output_json(data)
           json_output = JSON.pretty_generate(data)
 

data/lib/sumologic/cli/commands/discover_source_metadata_command.rb

@@ -40,6 +40,7 @@ module Sumologic
           end
           warn "Time Zone: #{@parsed_timezone}"
           warn "Filter: #{options[:filter] || 'none (all sources)'}"
+          warn "Keyword: #{options[:keyword]}" if options[:keyword]
           warn '-' * 60
           warn 'Running aggregation query to discover sources...'
           $stderr.puts
@@ -50,7 +51,9 @@ module Sumologic
             from_time: @parsed_from,
             to_time: @parsed_to,
             time_zone: @parsed_timezone,
-            filter: options[:filter]
+            filter: options[:filter],
+            keyword: options[:keyword],
+            limit: options[:limit]
           )
         end
       end

data/lib/sumologic/cli/commands/export_content_command.rb

@@ -8,11 +8,9 @@ module Sumologic
       # Handles the export-content command execution
       class ExportContentCommand < BaseCommand
         def execute
-          content_id = options[:content_id]
-          warn "Exporting content #{content_id}..."
-          result = client.export_content(content_id: content_id)
-
-          output_json(result)
+          get_resource(label: 'content', id: options[:content_id]) do
+            client.export_content(content_id: options[:content_id])
+          end
         end
       end
     end

data/lib/sumologic/cli/commands/get_content_command.rb

@@ -8,11 +8,9 @@ module Sumologic
       # Handles the get-content command execution
       class GetContentCommand < BaseCommand
         def execute
-          path = options[:path]
-          warn "Looking up content at path: #{path}..."
-          content = client.get_content(path: path)
-
-          output_json(content)
+          get_resource(label: 'content at path:', id: options[:path]) do
+            client.get_content(path: options[:path])
+          end
         end
       end
     end

data/lib/sumologic/cli/commands/get_dashboard_command.rb

@@ -8,11 +8,9 @@ module Sumologic
       # Handles the get-dashboard command execution
       class GetDashboardCommand < BaseCommand
         def execute
-          dashboard_id = options[:dashboard_id]
-          warn "Fetching dashboard #{dashboard_id}..."
-          dashboard = client.get_dashboard(dashboard_id: dashboard_id)
-
-          output_json(dashboard)
+          get_resource(label: 'dashboard', id: options[:dashboard_id]) do
+            client.get_dashboard(dashboard_id: options[:dashboard_id])
+          end
         end
       end
     end

data/lib/sumologic/cli/commands/get_lookup_command.rb

@@ -8,11 +8,9 @@ module Sumologic
       # Handles the get-lookup command execution
       class GetLookupCommand < BaseCommand
         def execute
-          lookup_id = options[:lookup_id]
-          warn "Fetching lookup table #{lookup_id}..."
-          lookup = client.get_lookup(lookup_id: lookup_id)
-
-          output_json(lookup)
+          get_resource(label: 'lookup table', id: options[:lookup_id]) do
+            client.get_lookup(lookup_id: options[:lookup_id])
+          end
         end
       end
     end

data/lib/sumologic/cli/commands/get_monitor_command.rb

@@ -8,11 +8,9 @@ module Sumologic
       # Handles the get-monitor command execution
       class GetMonitorCommand < BaseCommand
         def execute
-          monitor_id = options[:monitor_id]
-          warn "Fetching monitor #{monitor_id}..."
-          monitor = client.get_monitor(monitor_id: monitor_id)
-
-          output_json(monitor)
+          get_resource(label: 'monitor', id: options[:monitor_id]) do
+            client.get_monitor(monitor_id: options[:monitor_id])
+          end
         end
       end
     end

data/lib/sumologic/cli/commands/list_apps_command.rb

@@ -8,13 +8,7 @@ module Sumologic
       # Handles the list-apps command execution
       class ListAppsCommand < BaseCommand
         def execute
-          warn 'Fetching app catalog...'
-          apps = client.list_apps
-
-          output_json(
-            total: apps.size,
-            apps: apps
-          )
+          list_resource(label: 'app catalog', key: :apps) { client.list_apps }
         end
       end
     end

data/lib/sumologic/cli/commands/list_collectors_command.rb

@@ -8,13 +8,12 @@ module Sumologic
       # Handles the list-collectors command execution
       class ListCollectorsCommand < BaseCommand
         def execute
-          warn 'Fetching collectors...'
-          collectors = client.list_collectors
-
-          output_json(
-            total: collectors.size,
-            collectors: collectors
-          )
+          list_resource(label: 'collectors', key: :collectors) do
+            client.list_collectors(
+              query: options[:query],
+              limit: options[:limit]
+            )
+          end
         end
       end
     end

data/lib/sumologic/cli/commands/list_dashboards_command.rb

@@ -8,13 +8,9 @@ module Sumologic
       # Handles the list-dashboards command execution
       class ListDashboardsCommand < BaseCommand
         def execute
-          warn 'Fetching dashboards...'
-          dashboards = client.list_dashboards(limit: options[:limit] || 100)
-
-          output_json(
-            total: dashboards.size,
-            dashboards: dashboards
-          )
+          list_resource(label: 'dashboards', key: :dashboards) do
+            client.list_dashboards(limit: options[:limit] || 100)
+          end
         end
       end
     end

data/lib/sumologic/cli/commands/list_health_events_command.rb

@@ -8,13 +8,9 @@ module Sumologic
       # Handles the list-health-events command execution
       class ListHealthEventsCommand < BaseCommand
         def execute
-          warn 'Fetching health events...'
-          events = client.list_health_events(limit: options[:limit] || 100)
-
-          output_json(
-            total: events.size,
-            healthEvents: events
-          )
+          list_resource(label: 'health events', key: :healthEvents) do
+            client.list_health_events(limit: options[:limit] || 100)
+          end
         end
       end
     end

data/lib/sumologic/cli/commands/list_monitors_command.rb

@@ -9,17 +9,13 @@ module Sumologic
       # Uses the monitors search API for flat, filterable results
       class ListMonitorsCommand < BaseCommand
         def execute
-          warn 'Fetching monitors...'
-          monitors = client.list_monitors(
-            query: options[:query],
-            status: options[:status],
-            limit: options[:limit] || 100
-          )
-
-          output_json(
-            total: monitors.size,
-            monitors: monitors
-          )
+          list_resource(label: 'monitors', key: :monitors) do
+            client.list_monitors(
+              query: options[:query],
+              status: options[:status],
+              limit: options[:limit] || 100
+            )
+          end
         end
       end
     end

data/lib/sumologic/cli/commands/list_sources_command.rb

@@ -29,10 +29,14 @@ module Sumologic
         end
 
         def list_all_sources
-          warn 'Fetching all sources from all collectors...'
-          warn 'This may take a minute...'
+          warn 'Fetching sources from collectors...'
 
-          all_sources = client.list_all_sources
+          all_sources = client.list_all_sources(
+            collector: options[:collector],
+            name: options[:name],
+            category: options[:category],
+            limit: options[:limit]
+          )
 
           output_json(
             total_collectors: all_sources.size,

data/lib/sumologic/cli/commands/search_command.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'erb'
 require_relative 'base_command'
 require_relative '../../utils/time_parser'
 
@@ -46,6 +47,7 @@ module Sumologic
           end
           warn "Query: #{options[:query]}"
           warn "Limit: #{options[:limit] || 'unlimited'}"
+          warn "Open in Sumo: #{build_search_url}"
           warn '-' * 60
           warn 'Creating search job...'
           $stderr.puts
@@ -96,6 +98,7 @@ module Sumologic
               from_original: @original_from,
               to_original: @original_to,
               time_zone: @parsed_timezone,
+              search_url: build_search_url,
               record_count: results.size,
               records: results
             )
@@ -107,6 +110,7 @@ module Sumologic
               from_original: @original_from,
               to_original: @original_to,
               time_zone: @parsed_timezone,
+              search_url: build_search_url,
               message_count: results.size,
               messages: results
             )
@@ -135,10 +139,20 @@ module Sumologic
             'from' => @parsed_from,
             'to' => @parsed_to,
             'time_zone' => @parsed_timezone,
+            'search_url' => build_search_url,
             'message_count' => results.size,
             'messages' => results
           }
         end
+
+        def build_search_url
+          from_ms = (Time.parse("#{@parsed_from}Z").to_f * 1000).to_i
+          to_ms = (Time.parse("#{@parsed_to}Z").to_f * 1000).to_i
+          encoded_query = ERB::Util.url_encode(options[:query])
+          base = client.config.web_ui_base_url
+
+          "#{base}/ui/#/search/create?query=#{encoded_query}&startTime=#{from_ms}&endTime=#{to_ms}"
+        end
       end
     end
   end

data/lib/sumologic/cli.rb

@@ -41,7 +41,7 @@ module Sumologic
       Time Formats:
         --from and --to support multiple formats:
         • 'now' - current time
-        • Relative: '-30s', '-5m', '-2h', '-7d', '-1w', '-1M' (sec/min/hour/day/week/month)
+        • Relative: '-30s', '-5m', '-2h', '-1h30m', '-7d', '-1w', '-1M' (compound supported)
         • Unix timestamp: '1700000000' (seconds since epoch)
         • ISO 8601: '2025-11-13T14:00:00'
 
@@ -89,29 +89,36 @@ module Sumologic
       Commands::SearchCommand.new(options, create_client).execute
     end
 
-    desc 'list-collectors', 'List all Sumo Logic collectors'
+    desc 'list-collectors', 'List Sumo Logic collectors with optional filters'
     long_desc <<~DESC
-      List all collectors in your Sumo Logic account.
+      List collectors in your Sumo Logic account.
+      Supports filtering by name/category and limiting results.
 
-      Example:
+      Examples:
+        sumo-query list-collectors -q "my-service" -l 20
         sumo-query list-collectors --output collectors.json
     DESC
+    option :query, type: :string, aliases: '-q', desc: 'Filter by name or category (case-insensitive)'
+    option :limit, type: :numeric, aliases: '-l', desc: 'Maximum collectors to return'
     def list_collectors
       Commands::ListCollectorsCommand.new(options, create_client).execute
     end
 
-    desc 'list-sources', 'List sources from collectors'
+    desc 'list-sources', 'List sources from collectors with optional filters'
     long_desc <<~DESC
-      List all sources from all collectors, or sources from a specific collector.
+      List sources from all collectors, or from a specific collector.
+      Supports filtering by collector name, source name, and category.
 
       Examples:
-        # List all sources
-        sumo-query list-sources
-
-        # List sources for specific collector
+        sumo-query list-sources --collector "my-service" --name "nginx" -l 20
+        sumo-query list-sources --category "production"
         sumo-query list-sources --collector-id 12345
     DESC
     option :collector_id, type: :string, desc: 'Collector ID to list sources for'
+    option :collector, type: :string, desc: 'Filter by collector name (case-insensitive)'
+    option :name, type: :string, aliases: '-n', desc: 'Filter by source name (case-insensitive)'
+    option :category, type: :string, desc: 'Filter by source category (case-insensitive)'
+    option :limit, type: :numeric, aliases: '-l', desc: 'Maximum total sources to return'
     def list_sources
       Commands::ListSourcesCommand.new(options, create_client).execute
     end
@@ -131,7 +138,7 @@ module Sumologic
       Time Formats:
         --from and --to support multiple formats:
         • 'now' - current time
-        • Relative: '-30s', '-5m', '-2h', '-7d', '-1w', '-1M' (sec/min/hour/day/week/month)
+        • Relative: '-30s', '-5m', '-2h', '-1h30m', '-7d', '-1w', '-1M' (compound supported)
         • Unix timestamp: '1700000000' (seconds since epoch)
         • ISO 8601: '2025-11-13T14:00:00'
 
@@ -145,8 +152,9 @@ module Sumologic
         # Filter by source category (ECS only)
         sumo-query discover-source-metadata --filter '_sourceCategory=*ecs*'
 
-        # Discover CloudWatch sources
-        sumo-query discover-source-metadata --filter '_sourceCategory=*cloudwatch*'
+        # Filter results by keyword (matches name or category)
+        sumo-query discover-source-metadata --keyword nginx
+        sumo-query discover-source-metadata --keyword nginx -l 10
 
         # Save to file
         sumo-query discover-source-metadata --output discovered-sources.json
@@ -158,6 +166,8 @@ module Sumologic
     option :time_zone, type: :string, default: 'UTC', aliases: '-z',
                        desc: 'Time zone (UTC, EST, AEST, +00:00, America/New_York, Australia/Sydney)'
     option :filter, type: :string, desc: 'Optional filter query (e.g., _sourceCategory=*ecs*)'
+    option :keyword, type: :string, aliases: '-k', desc: 'Filter results by keyword (matches name or category)'
+    option :limit, type: :numeric, aliases: '-l', desc: 'Maximum number of sources to return'
     def discover_source_metadata
       Commands::DiscoverSourceMetadataCommand.new(options, create_client).execute
     end

data/lib/sumologic/client.rb

@@ -83,11 +83,13 @@ module Sumologic
       )
     end
 
-    # List all collectors
+    # List collectors with optional filtering
     #
+    # @param query [String, nil] Filter by name or category (case-insensitive)
+    # @param limit [Integer, nil] Maximum number of collectors to return
     # @return [Array<Hash>] Array of collector hashes
-    def list_collectors
-      @collector.list
+    def list_collectors(query: nil, limit: nil)
+      @collector.list(query: query, limit: limit)
     end
 
     # List sources for a specific collector
@@ -98,11 +100,15 @@ module Sumologic
       @source.list(collector_id: collector_id)
     end
 
-    # List all sources from all collectors
+    # List all sources from all collectors with optional filtering
     #
+    # @param collector [String, nil] Filter collectors by name
+    # @param name [String, nil] Filter sources by name
+    # @param category [String, nil] Filter sources by category
+    # @param limit [Integer, nil] Maximum total sources to return
     # @return [Array<Hash>] Array of { 'collector' => Hash, 'sources' => Array<Hash> }
-    def list_all_sources
-      @source.list_all
+    def list_all_sources(collector: nil, name: nil, category: nil, limit: nil)
+      @source.list_all(collector: collector, name: name, category: category, limit: limit)
     end
 
     # Discover source metadata from actual log data
@@ -111,14 +117,14 @@ module Sumologic
     # @param from_time [String] Start time (ISO 8601, unix timestamp, or relative)
     # @param to_time [String] End time
     # @param time_zone [String] Time zone (default: UTC)
-    # @param filter [String, nil] Optional filter query to scope results
+    # @param options [Hash] Optional filters — :filter, :keyword, :limit
     # @return [Hash] Discovery results with source metadata
-    def discover_source_metadata(from_time:, to_time:, time_zone: 'UTC', filter: nil)
+    def discover_source_metadata(from_time:, to_time:, time_zone: 'UTC', **options)
       @source_metadata_discovery.discover(
         from_time: from_time,
         to_time: to_time,
         time_zone: time_zone,
-        filter: filter
+        **options
       )
     end
 

data/lib/sumologic/configuration.rb

@@ -45,6 +45,10 @@ module Sumologic
       @base_url_v2 ||= build_base_url('v2')
     end
 
+    def web_ui_base_url
+      @web_ui_base_url ||= build_web_ui_base_url
+    end
+
     def validate!
       raise AuthenticationError, 'SUMO_ACCESS_ID not set' unless @access_id
       raise AuthenticationError, 'SUMO_ACCESS_KEY not set' unless @access_key
@@ -52,6 +56,23 @@ module Sumologic
 
     private
 
+    def build_web_ui_base_url
+      case @deployment
+      when /^http/
+        @deployment.sub('api.', 'service.').sub(%r{/api/v\d+.*}, '')
+      when 'us1'
+        'https://service.sumologic.com'
+      when 'us2'
+        'https://service.us2.sumologic.com'
+      when 'eu'
+        'https://service.eu.sumologic.com'
+      when 'au'
+        'https://service.au.sumologic.com'
+      else
+        "https://service.#{@deployment}.sumologic.com"
+      end
+    end
+
     def build_base_url(version = API_VERSION)
       case @deployment
       when /^http/

data/lib/sumologic/metadata/collector.rb

@@ -13,9 +13,12 @@ module Sumologic
         @http = http_client
       end
 
-      # List all collectors
-      # Returns array of collector objects
-      def list
+      # List collectors with optional client-side filtering
+      #
+      # @param query [String, nil] Filter by name or category (case-insensitive substring match)
+      # @param limit [Integer, nil] Maximum number of collectors to return
+      # @return [Array<Hash>] Array of collector objects
+      def list(query: nil, limit: nil)
         data = @http.request(
           method: :get,
           path: '/collectors'
@@ -23,10 +26,25 @@ module Sumologic
 
         collectors = data['collectors'] || []
         log_info "Found #{collectors.size} collectors"
+
+        collectors = filter_by_query(collectors, query) if query
+        collectors = collectors.take(limit) if limit
+
         collectors
       rescue StandardError => e
         raise Error, "Failed to list collectors: #{e.message}"
       end
+
+      private
+
+      def filter_by_query(collectors, query)
+        pattern = query.downcase
+        collectors.select do |c|
+          name = (c['name'] || '').downcase
+          category = (c['category'] || '').downcase
+          name.include?(pattern) || category.include?(pattern)
+        end
+      end
     end
   end
 end

data/lib/sumologic/metadata/source.rb

@@ -31,19 +31,28 @@ module Sumologic
         raise Error, "Failed to list sources for collector #{collector_id}: #{e.message}"
       end
 
-      # List all sources from all collectors
+      # List all sources from all collectors with optional filtering
       # Returns array of hashes with collector info and their sources
       # Uses parallel fetching with thread pool for better performance
-      def list_all
+      #
+      # @param collector [String, nil] Filter collectors by name (case-insensitive substring)
+      # @param name [String, nil] Filter sources by name (case-insensitive substring)
+      # @param category [String, nil] Filter sources by category (case-insensitive substring)
+      # @param limit [Integer, nil] Maximum total sources to return
+      def list_all(collector: nil, name: nil, category: nil, limit: nil)
         collectors = @collector_client.list
         active_collectors = collectors.select { |c| c['alive'] }
+        active_collectors = filter_collectors(active_collectors, collector) if collector
 
         log_info "Fetching sources for #{active_collectors.size} active collectors in parallel..."
 
-        result = @fetcher.fetch_all(active_collectors) do |collector|
-          fetch_collector_sources(collector)
+        result = @fetcher.fetch_all(active_collectors) do |c|
+          fetch_collector_sources(c)
         end
 
+        result = filter_sources(result, name: name, category: category)
+        result = apply_source_limit(result, limit) if limit
+
         log_info "Total: #{result.size} collectors with sources"
         result
       rescue StandardError => e
@@ -52,6 +61,37 @@ module Sumologic
 
       private
 
+      def filter_collectors(collectors, pattern)
+        pattern = pattern.downcase
+        collectors.select { |c| (c['name'] || '').downcase.include?(pattern) }
+      end
+
+      def filter_sources(result, name:, category:)
+        matcher = source_matcher(name&.downcase, category&.downcase)
+        result.filter_map do |entry|
+          filtered = entry['sources'].select(&matcher)
+          { 'collector' => entry['collector'], 'sources' => filtered } unless filtered.empty?
+        end
+      end
+
+      def source_matcher(name_pattern, cat_pattern)
+        lambda do |s|
+          (!name_pattern || (s['name'] || '').downcase.include?(name_pattern)) &&
+            (!cat_pattern || (s['category'] || '').downcase.include?(cat_pattern))
+        end
+      end
+
+      def apply_source_limit(result, limit)
+        remaining = limit
+        result.each_with_object([]) do |entry, acc|
+          break acc if remaining <= 0
+
+          sources = entry['sources'].take(remaining)
+          acc << { 'collector' => entry['collector'], 'sources' => sources }
+          remaining -= sources.size
+        end
+      end
+
       # Fetch sources for a single collector
       # @return [Hash] collector and sources data
       def fetch_collector_sources(collector)

data/lib/sumologic/metadata/source_metadata_discovery.rb

@@ -22,8 +22,12 @@ module Sumologic
       # @param from_time [String] Start time (ISO 8601, unix timestamp, or relative)
       # @param to_time [String] End time
       # @param time_zone [String] Time zone (default: UTC)
-      # @param filter [String, nil] Optional filter query to scope results
-      def discover(from_time:, to_time:, time_zone: 'UTC', filter: nil)
+      # @param options [Hash] Optional filters — :filter, :keyword, :limit
+      def discover(from_time:, to_time:, time_zone: 'UTC', **options)
+        filter = options[:filter]
+        keyword = options[:keyword]
+        limit = options[:limit]
+
         query = build_query(filter)
         log_info "Discovering source metadata with query: #{query}"
         log_info "Time range: #{from_time} to #{to_time} (#{time_zone})"
@@ -39,6 +43,8 @@ module Sumologic
         )
 
         source_models = parse_aggregation_results(records)
+        source_models = filter_by_keyword(source_models, keyword) if keyword
+        source_models = source_models.take(limit) if limit
 
         {
           'time_range' => {
@@ -47,6 +53,7 @@ module Sumologic
             'time_zone' => time_zone
           },
           'filter' => filter,
+          'keyword' => keyword,
           'total_sources' => source_models.size,
           'sources' => source_models.map(&:to_h)
         }
@@ -56,6 +63,14 @@ module Sumologic
 
       private
 
+      def filter_by_keyword(source_models, keyword)
+        pattern = keyword.downcase
+        source_models.select do |s|
+          (s.name || '').downcase.include?(pattern) ||
+            (s.category || '').downcase.include?(pattern)
+        end
+      end
+
       # Build aggregation query to discover sources
       def build_query(filter)
         base = filter || '*'

data/lib/sumologic/utils/time_parser.rb

@@ -7,7 +7,7 @@ module Sumologic
     # Parses various time formats into ISO 8601 strings for the Sumo Logic API
     # Supports:
     # - 'now' - current time
-    # - Relative times: '-30s', '-5m', '-2h', '-7d', '-1w', '-1M'
+    # - Relative times: '-30s', '-5m', '-2h', '-7d', '-1w', '-1M', '-1h30m'
     # - Unix timestamps: '1700000000' or 1700000000
     # - ISO 8601: '2025-11-13T14:00:00'
     class TimeParser
@@ -21,7 +21,9 @@ module Sumologic
         'M' => 2_592_000 # months (30 days approximation)
       }.freeze
 
-      RELATIVE_TIME_REGEX = /^([+-])(\d+)([smhdwM])$/.freeze
+      # Matches single or compound relative times: -30m, -1h30m, -2d3h15m
+      RELATIVE_TIME_REGEX = /^([+-])(\d+[smhdwM])+$/.freeze
+      RELATIVE_COMPONENT_REGEX = /(\d+)([smhdwM])/.freeze
 
       class ParseError < StandardError; end
 
@@ -32,10 +34,8 @@ module Sumologic
       def self.parse(time_str, _timezone: 'UTC')
         return parse_now if time_str.to_s.downcase == 'now'
 
-        # Try relative time format (e.g., '-30m', '+1h')
-        if time_str.is_a?(String) && (match = time_str.match(RELATIVE_TIME_REGEX))
-          return parse_relative_time(match)
-        end
+        # Try relative time format (e.g., '-30m', '+1h', '-1h30m')
+        return parse_relative_time(time_str) if time_str.is_a?(String) && time_str.match?(RELATIVE_TIME_REGEX)
 
         # Try Unix timestamp (integer or numeric string)
         return parse_unix_timestamp(time_str) if unix_timestamp?(time_str)
@@ -95,14 +95,14 @@ module Sumologic
         format_time(Time.now)
       end
 
-      private_class_method def self.parse_relative_time(match)
-        sign, amount, unit = match.captures
-        amount = amount.to_i
-        amount = -amount if sign == '-'
+      private_class_method def self.parse_relative_time(time_str)
+        sign = time_str[0]
+        components = time_str.scan(RELATIVE_COMPONENT_REGEX)
 
-        seconds_delta = amount * UNITS[unit]
-        target_time = Time.now + seconds_delta
+        seconds_delta = components.sum { |amount, unit| amount.to_i * UNITS[unit] }
+        seconds_delta = -seconds_delta if sign == '-'
 
+        target_time = Time.now + seconds_delta
         format_time(target_time)
       end
 

data/lib/sumologic/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sumologic
-  VERSION = '1.4.0'
+  VERSION = '1.4.2'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sumologic-query
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.4.2
 platform: ruby
 authors:
 - patrick204nqh
@@ -154,7 +154,6 @@ homepage: https://github.com/patrick204nqh/sumologic-query
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/patrick204nqh/sumologic-query
   source_code_uri: https://github.com/patrick204nqh/sumologic-query
   bug_tracker_uri: https://github.com/patrick204nqh/sumologic-query/issues
   changelog_uri: https://github.com/patrick204nqh/sumologic-query/blob/main/CHANGELOG.md