Module: Count

Included in:
LogstashCli::Command
Defined in:
lib/logstash-cli/command/count.rb

Instance Method Summary collapse

Instance Method Details

#_count(pattern, options) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/logstash-cli/command/count.rb', line 7

def _count(pattern,options)
  es_url = options[:esurl]
  index_prefix = options[:index_prefix]

  from = options[:from]
  to = options[:to]
  metafields = options[:meta].split(',')
  fields = options[:fields].split(',')

  countfield = options[:countfield]
  countsize = options[:countsize]

  begin
    unless options[:last].nil?
      days = options[:last].match(/(\d*)d/)[1].to_i
      to_date = Date.today
      from_date = to_date - days
      from = from_date.to_s
      to = to_date.to_s
    end

    from_date = Date.parse(from)
    to_date = Date.parse(to)
  rescue Exception => ex
    $stderr.puts "Something went wrong while parsing the dates: currently only dates are supported with last. Be sure to add the suffix 'd' "+ex
    exit -1
  end

  $stderr.puts "Searching #{es_url}[#{index_prefix}#{from_date}..#{index_prefix}#{to_date}] - #{pattern}"

  # We reverse the order of working ourselves through the index
  (from_date..to_date).sort.reverse.to_a.each do |date|

    es_index = index_prefix+date.to_s.gsub('-','.')

    begin
      Tire.configure {url es_url}
      search = Tire.search(es_index) do
        query do
          string "#{pattern}"
        end
        facet "#{countfield}" do
           terms countfield, :size => countsize
        end
      end
    rescue Exception => e
      $stderr.puts e
      $stderr.puts "\nSomething went wrong with the search. This is usually due to lucene query parsing"
      exit
    end

    # Results per index to show
    result_size = options[:size]

    begin
      results = search.results.facets[countfield]

      header = [ countfield, results['total'] ]
      puts _format(header, options)

      results['terms'].each do |terms|
        result = [ terms['term'], terms['count'] ]
        puts _format(result, options)

        unless fields.empty? and metafields.empty?
          term = terms['term']
          begin
            Tire.configure {url es_url}
            search = Tire.search(es_index) do
              query do
                string "#{pattern}"
              end
              filter :terms, countfield => [term]
              size result_size
            end
          rescue Exception => e
            $stderr.puts e
            $stderr.puts "\nSomething went wrong with the search. This is usually due to lucene query parsing"
            exit
          end

          search.results.each do |log|
            result = Array.new

            metafields.each do |metafield|
              result << log["@#{metafield}".to_sym]
            end

            fields.each do |field|
              result << log[:@fields][field.to_sym]
            end

            puts _format(result, options)
            result = []
          end
        end
      end
    rescue ::Tire::Search::SearchRequestFailed => e
      $stderr.puts e.message
    end
  end
end