sumologic-query 1.4.1 → 1.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f62e0cd6d7ee0fbfd44b2720b0075e4f1776e086ef1ccbe39ad9e520f539f951
-  data.tar.gz: da262a85a0fa2d556c310876d011705edd4fc1b46db47c43d6f892adf71649ff
+  metadata.gz: 17737642aa1c9244133b4442fd6dccc156cf39b5a35cc05071a4769800ad0501
+  data.tar.gz: 29037e867772bbc70e2cda259879e8b6d55e51b70611b7ef5167c79ab2eee00e
 SHA512:
-  metadata.gz: 458d97b1853c3626d85f84770faaf918ebbd2842718ffed416ead1736a8a075bc4061eb040e003a24227e8af6b7f6f125baf2b2aec5627f0398abd6b054fe880
-  data.tar.gz: '078544851f936431eea88d6b0783f39c58789072bbfa8fe17f5147c2a9aff9df8bc0b3f5e71c48e7d6793f8ad94a69a134bfabe5ab3d46689ff35613a13446f5'
+  metadata.gz: 67bd5ba57a5a3ed5739d274a25c29e9ba4c1cd2415976a5bb7cbdfb075276c67b614917a14a312e33fa618c15a665ccb7bf82e34b20602ab800e3c00e65bed8c
+  data.tar.gz: 2c3fff993dcf6d5a2d14b5719a3fd23331477dece5a43cad0dc5d42e4ae7065fb94bda7741ead8e9a678839d8b5d063bb237c9c301585008fdba427737e1abd8

data/CHANGELOG.md

@@ -6,6 +6,21 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and release notes are automatically generated from commit messages.
+## [1.4.2](https://github.com/patrick204nqh/sumologic-query/compare/v1.4.1...v1.4.2) (2026-02-11)
+
+### 🎉 New Features
+
+- add source discovery guidance to skills
+- add filtering options to list-sources
+- add keyword and limit filters to discover-source-metadata
+- add -q/--query and -l/--limit flags to list-collectors
+
+### 🐛 Bug Fixes
+
+- support compound relative time expressions like -1h30m
+
+
+
 ## [1.4.1](https://github.com/patrick204nqh/sumologic-query/compare/v1.4.0...v1.4.1) (2026-02-11)
 
 ### 🎉 New Features

data/lib/sumologic/cli/commands/discover_source_metadata_command.rb

@@ -40,6 +40,7 @@ module Sumologic
           end
           warn "Time Zone: #{@parsed_timezone}"
           warn "Filter: #{options[:filter] || 'none (all sources)'}"
+          warn "Keyword: #{options[:keyword]}" if options[:keyword]
           warn '-' * 60
           warn 'Running aggregation query to discover sources...'
           $stderr.puts
@@ -50,7 +51,9 @@ module Sumologic
             from_time: @parsed_from,
             to_time: @parsed_to,
             time_zone: @parsed_timezone,
-            filter: options[:filter]
+            filter: options[:filter],
+            keyword: options[:keyword],
+            limit: options[:limit]
           )
         end
       end

data/lib/sumologic/cli/commands/list_collectors_command.rb

@@ -8,7 +8,12 @@ module Sumologic
       # Handles the list-collectors command execution
       class ListCollectorsCommand < BaseCommand
         def execute
-          list_resource(label: 'collectors', key: :collectors) { client.list_collectors }
+          list_resource(label: 'collectors', key: :collectors) do
+            client.list_collectors(
+              query: options[:query],
+              limit: options[:limit]
+            )
+          end
         end
       end
     end

data/lib/sumologic/cli/commands/list_sources_command.rb

@@ -29,10 +29,14 @@ module Sumologic
         end
 
         def list_all_sources
-          warn 'Fetching all sources from all collectors...'
-          warn 'This may take a minute...'
+          warn 'Fetching sources from collectors...'
 
-          all_sources = client.list_all_sources
+          all_sources = client.list_all_sources(
+            collector: options[:collector],
+            name: options[:name],
+            category: options[:category],
+            limit: options[:limit]
+          )
 
           output_json(
             total_collectors: all_sources.size,

data/lib/sumologic/cli.rb

@@ -41,7 +41,7 @@ module Sumologic
       Time Formats:
         --from and --to support multiple formats:
         • 'now' - current time
-        • Relative: '-30s', '-5m', '-2h', '-7d', '-1w', '-1M' (sec/min/hour/day/week/month)
+        • Relative: '-30s', '-5m', '-2h', '-1h30m', '-7d', '-1w', '-1M' (compound supported)
         • Unix timestamp: '1700000000' (seconds since epoch)
         • ISO 8601: '2025-11-13T14:00:00'
 
@@ -89,29 +89,36 @@ module Sumologic
       Commands::SearchCommand.new(options, create_client).execute
     end
 
-    desc 'list-collectors', 'List all Sumo Logic collectors'
+    desc 'list-collectors', 'List Sumo Logic collectors with optional filters'
     long_desc <<~DESC
-      List all collectors in your Sumo Logic account.
+      List collectors in your Sumo Logic account.
+      Supports filtering by name/category and limiting results.
 
-      Example:
+      Examples:
+        sumo-query list-collectors -q "my-service" -l 20
         sumo-query list-collectors --output collectors.json
     DESC
+    option :query, type: :string, aliases: '-q', desc: 'Filter by name or category (case-insensitive)'
+    option :limit, type: :numeric, aliases: '-l', desc: 'Maximum collectors to return'
     def list_collectors
       Commands::ListCollectorsCommand.new(options, create_client).execute
     end
 
-    desc 'list-sources', 'List sources from collectors'
+    desc 'list-sources', 'List sources from collectors with optional filters'
     long_desc <<~DESC
-      List all sources from all collectors, or sources from a specific collector.
+      List sources from all collectors, or from a specific collector.
+      Supports filtering by collector name, source name, and category.
 
       Examples:
-        # List all sources
-        sumo-query list-sources
-
-        # List sources for specific collector
+        sumo-query list-sources --collector "my-service" --name "nginx" -l 20
+        sumo-query list-sources --category "production"
         sumo-query list-sources --collector-id 12345
     DESC
     option :collector_id, type: :string, desc: 'Collector ID to list sources for'
+    option :collector, type: :string, desc: 'Filter by collector name (case-insensitive)'
+    option :name, type: :string, aliases: '-n', desc: 'Filter by source name (case-insensitive)'
+    option :category, type: :string, desc: 'Filter by source category (case-insensitive)'
+    option :limit, type: :numeric, aliases: '-l', desc: 'Maximum total sources to return'
     def list_sources
       Commands::ListSourcesCommand.new(options, create_client).execute
     end
@@ -131,7 +138,7 @@ module Sumologic
       Time Formats:
         --from and --to support multiple formats:
         • 'now' - current time
-        • Relative: '-30s', '-5m', '-2h', '-7d', '-1w', '-1M' (sec/min/hour/day/week/month)
+        • Relative: '-30s', '-5m', '-2h', '-1h30m', '-7d', '-1w', '-1M' (compound supported)
         • Unix timestamp: '1700000000' (seconds since epoch)
         • ISO 8601: '2025-11-13T14:00:00'
 
@@ -145,8 +152,9 @@ module Sumologic
         # Filter by source category (ECS only)
         sumo-query discover-source-metadata --filter '_sourceCategory=*ecs*'
 
-        # Discover CloudWatch sources
-        sumo-query discover-source-metadata --filter '_sourceCategory=*cloudwatch*'
+        # Filter results by keyword (matches name or category)
+        sumo-query discover-source-metadata --keyword nginx
+        sumo-query discover-source-metadata --keyword nginx -l 10
 
         # Save to file
         sumo-query discover-source-metadata --output discovered-sources.json
@@ -158,6 +166,8 @@ module Sumologic
     option :time_zone, type: :string, default: 'UTC', aliases: '-z',
                        desc: 'Time zone (UTC, EST, AEST, +00:00, America/New_York, Australia/Sydney)'
     option :filter, type: :string, desc: 'Optional filter query (e.g., _sourceCategory=*ecs*)'
+    option :keyword, type: :string, aliases: '-k', desc: 'Filter results by keyword (matches name or category)'
+    option :limit, type: :numeric, aliases: '-l', desc: 'Maximum number of sources to return'
     def discover_source_metadata
       Commands::DiscoverSourceMetadataCommand.new(options, create_client).execute
     end

data/lib/sumologic/client.rb

@@ -83,11 +83,13 @@ module Sumologic
       )
     end
 
-    # List all collectors
+    # List collectors with optional filtering
     #
+    # @param query [String, nil] Filter by name or category (case-insensitive)
+    # @param limit [Integer, nil] Maximum number of collectors to return
     # @return [Array<Hash>] Array of collector hashes
-    def list_collectors
-      @collector.list
+    def list_collectors(query: nil, limit: nil)
+      @collector.list(query: query, limit: limit)
     end
 
     # List sources for a specific collector
@@ -98,11 +100,15 @@ module Sumologic
       @source.list(collector_id: collector_id)
     end
 
-    # List all sources from all collectors
+    # List all sources from all collectors with optional filtering
     #
+    # @param collector [String, nil] Filter collectors by name
+    # @param name [String, nil] Filter sources by name
+    # @param category [String, nil] Filter sources by category
+    # @param limit [Integer, nil] Maximum total sources to return
     # @return [Array<Hash>] Array of { 'collector' => Hash, 'sources' => Array<Hash> }
-    def list_all_sources
-      @source.list_all
+    def list_all_sources(collector: nil, name: nil, category: nil, limit: nil)
+      @source.list_all(collector: collector, name: name, category: category, limit: limit)
     end
 
     # Discover source metadata from actual log data
@@ -111,14 +117,14 @@ module Sumologic
     # @param from_time [String] Start time (ISO 8601, unix timestamp, or relative)
     # @param to_time [String] End time
     # @param time_zone [String] Time zone (default: UTC)
-    # @param filter [String, nil] Optional filter query to scope results
+    # @param options [Hash] Optional filters — :filter, :keyword, :limit
     # @return [Hash] Discovery results with source metadata
-    def discover_source_metadata(from_time:, to_time:, time_zone: 'UTC', filter: nil)
+    def discover_source_metadata(from_time:, to_time:, time_zone: 'UTC', **options)
       @source_metadata_discovery.discover(
         from_time: from_time,
         to_time: to_time,
         time_zone: time_zone,
-        filter: filter
+        **options
       )
     end
 

data/lib/sumologic/metadata/collector.rb

@@ -13,9 +13,12 @@ module Sumologic
         @http = http_client
       end
 
-      # List all collectors
-      # Returns array of collector objects
-      def list
+      # List collectors with optional client-side filtering
+      #
+      # @param query [String, nil] Filter by name or category (case-insensitive substring match)
+      # @param limit [Integer, nil] Maximum number of collectors to return
+      # @return [Array<Hash>] Array of collector objects
+      def list(query: nil, limit: nil)
         data = @http.request(
           method: :get,
           path: '/collectors'
@@ -23,10 +26,25 @@ module Sumologic
 
         collectors = data['collectors'] || []
         log_info "Found #{collectors.size} collectors"
+
+        collectors = filter_by_query(collectors, query) if query
+        collectors = collectors.take(limit) if limit
+
         collectors
       rescue StandardError => e
         raise Error, "Failed to list collectors: #{e.message}"
       end
+
+      private
+
+      def filter_by_query(collectors, query)
+        pattern = query.downcase
+        collectors.select do |c|
+          name = (c['name'] || '').downcase
+          category = (c['category'] || '').downcase
+          name.include?(pattern) || category.include?(pattern)
+        end
+      end
     end
   end
 end

data/lib/sumologic/metadata/source.rb

@@ -31,19 +31,28 @@ module Sumologic
         raise Error, "Failed to list sources for collector #{collector_id}: #{e.message}"
       end
 
-      # List all sources from all collectors
+      # List all sources from all collectors with optional filtering
       # Returns array of hashes with collector info and their sources
       # Uses parallel fetching with thread pool for better performance
-      def list_all
+      #
+      # @param collector [String, nil] Filter collectors by name (case-insensitive substring)
+      # @param name [String, nil] Filter sources by name (case-insensitive substring)
+      # @param category [String, nil] Filter sources by category (case-insensitive substring)
+      # @param limit [Integer, nil] Maximum total sources to return
+      def list_all(collector: nil, name: nil, category: nil, limit: nil)
         collectors = @collector_client.list
         active_collectors = collectors.select { |c| c['alive'] }
+        active_collectors = filter_collectors(active_collectors, collector) if collector
 
         log_info "Fetching sources for #{active_collectors.size} active collectors in parallel..."
 
-        result = @fetcher.fetch_all(active_collectors) do |collector|
-          fetch_collector_sources(collector)
+        result = @fetcher.fetch_all(active_collectors) do |c|
+          fetch_collector_sources(c)
         end
 
+        result = filter_sources(result, name: name, category: category)
+        result = apply_source_limit(result, limit) if limit
+
         log_info "Total: #{result.size} collectors with sources"
         result
       rescue StandardError => e
@@ -52,6 +61,37 @@ module Sumologic
 
       private
 
+      def filter_collectors(collectors, pattern)
+        pattern = pattern.downcase
+        collectors.select { |c| (c['name'] || '').downcase.include?(pattern) }
+      end
+
+      def filter_sources(result, name:, category:)
+        matcher = source_matcher(name&.downcase, category&.downcase)
+        result.filter_map do |entry|
+          filtered = entry['sources'].select(&matcher)
+          { 'collector' => entry['collector'], 'sources' => filtered } unless filtered.empty?
+        end
+      end
+
+      def source_matcher(name_pattern, cat_pattern)
+        lambda do |s|
+          (!name_pattern || (s['name'] || '').downcase.include?(name_pattern)) &&
+            (!cat_pattern || (s['category'] || '').downcase.include?(cat_pattern))
+        end
+      end
+
+      def apply_source_limit(result, limit)
+        remaining = limit
+        result.each_with_object([]) do |entry, acc|
+          break acc if remaining <= 0
+
+          sources = entry['sources'].take(remaining)
+          acc << { 'collector' => entry['collector'], 'sources' => sources }
+          remaining -= sources.size
+        end
+      end
+
       # Fetch sources for a single collector
       # @return [Hash] collector and sources data
       def fetch_collector_sources(collector)

data/lib/sumologic/metadata/source_metadata_discovery.rb

@@ -22,8 +22,12 @@ module Sumologic
       # @param from_time [String] Start time (ISO 8601, unix timestamp, or relative)
       # @param to_time [String] End time
       # @param time_zone [String] Time zone (default: UTC)
-      # @param filter [String, nil] Optional filter query to scope results
-      def discover(from_time:, to_time:, time_zone: 'UTC', filter: nil)
+      # @param options [Hash] Optional filters — :filter, :keyword, :limit
+      def discover(from_time:, to_time:, time_zone: 'UTC', **options)
+        filter = options[:filter]
+        keyword = options[:keyword]
+        limit = options[:limit]
+
         query = build_query(filter)
         log_info "Discovering source metadata with query: #{query}"
         log_info "Time range: #{from_time} to #{to_time} (#{time_zone})"
@@ -39,6 +43,8 @@ module Sumologic
         )
 
         source_models = parse_aggregation_results(records)
+        source_models = filter_by_keyword(source_models, keyword) if keyword
+        source_models = source_models.take(limit) if limit
 
         {
           'time_range' => {
@@ -47,6 +53,7 @@ module Sumologic
             'time_zone' => time_zone
           },
           'filter' => filter,
+          'keyword' => keyword,
           'total_sources' => source_models.size,
           'sources' => source_models.map(&:to_h)
         }
@@ -56,6 +63,14 @@ module Sumologic
 
       private
 
+      def filter_by_keyword(source_models, keyword)
+        pattern = keyword.downcase
+        source_models.select do |s|
+          (s.name || '').downcase.include?(pattern) ||
+            (s.category || '').downcase.include?(pattern)
+        end
+      end
+
       # Build aggregation query to discover sources
       def build_query(filter)
         base = filter || '*'

data/lib/sumologic/utils/time_parser.rb

@@ -7,7 +7,7 @@ module Sumologic
     # Parses various time formats into ISO 8601 strings for the Sumo Logic API
     # Supports:
     # - 'now' - current time
-    # - Relative times: '-30s', '-5m', '-2h', '-7d', '-1w', '-1M'
+    # - Relative times: '-30s', '-5m', '-2h', '-7d', '-1w', '-1M', '-1h30m'
     # - Unix timestamps: '1700000000' or 1700000000
     # - ISO 8601: '2025-11-13T14:00:00'
     class TimeParser
@@ -21,7 +21,9 @@ module Sumologic
         'M' => 2_592_000 # months (30 days approximation)
       }.freeze
 
-      RELATIVE_TIME_REGEX = /^([+-])(\d+)([smhdwM])$/.freeze
+      # Matches single or compound relative times: -30m, -1h30m, -2d3h15m
+      RELATIVE_TIME_REGEX = /^([+-])(\d+[smhdwM])+$/.freeze
+      RELATIVE_COMPONENT_REGEX = /(\d+)([smhdwM])/.freeze
 
       class ParseError < StandardError; end
 
@@ -32,10 +34,8 @@ module Sumologic
       def self.parse(time_str, _timezone: 'UTC')
         return parse_now if time_str.to_s.downcase == 'now'
 
-        # Try relative time format (e.g., '-30m', '+1h')
-        if time_str.is_a?(String) && (match = time_str.match(RELATIVE_TIME_REGEX))
-          return parse_relative_time(match)
-        end
+        # Try relative time format (e.g., '-30m', '+1h', '-1h30m')
+        return parse_relative_time(time_str) if time_str.is_a?(String) && time_str.match?(RELATIVE_TIME_REGEX)
 
         # Try Unix timestamp (integer or numeric string)
         return parse_unix_timestamp(time_str) if unix_timestamp?(time_str)
@@ -95,14 +95,14 @@ module Sumologic
         format_time(Time.now)
       end
 
-      private_class_method def self.parse_relative_time(match)
-        sign, amount, unit = match.captures
-        amount = amount.to_i
-        amount = -amount if sign == '-'
+      private_class_method def self.parse_relative_time(time_str)
+        sign = time_str[0]
+        components = time_str.scan(RELATIVE_COMPONENT_REGEX)
 
-        seconds_delta = amount * UNITS[unit]
-        target_time = Time.now + seconds_delta
+        seconds_delta = components.sum { |amount, unit| amount.to_i * UNITS[unit] }
+        seconds_delta = -seconds_delta if sign == '-'
 
+        target_time = Time.now + seconds_delta
         format_time(target_time)
       end
 

data/lib/sumologic/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sumologic
-  VERSION = '1.4.1'
+  VERSION = '1.4.2'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sumologic-query
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.4.2
 platform: ruby
 authors:
 - patrick204nqh