Class: NagiosHerald::Helpers::LogstashQuery

Inherits:
Object
  • Object
show all
Defined in:
lib/nagios-herald/helpers/logstash_query.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ LogstashQuery

Public: Initialize a new LogstashQuery object.

query - A string representing the query to send to Logstash. index - Optional index to specify (else Splunk defaults to all indexes

available to the authenticated user).

output - The output format we’d like (i.e. csv, json, xml); defaults

to json.

Example:

NEEDS EXAMPLES

Returns a new LogstashQuery object.



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/nagios-herald/helpers/logstash_query.rb', line 27

def initialize(options={})
  today = Time.now.strftime("%Y.%m.%d")
  @logstash_index = options[:index] ? options[:index] : "logstash-#{today}"
  @logstash_time_period = options[:time_period] ? options[:time_period] : "1h"
  @logstash_num_results = Config.config['logstash']['num_results'] ? Config.config['logstash']['num_results'] : 10
  @logstash_result_truncate = Config.config['logstash']['result_field_trucate'] ? Config.config['logstash']['result_field_trucate'] : nil

  # Pull the Logstash URI, username, and password from the config.
  logstash_url = Config.config['logstash']['url']

  # Parse the URI.
  uri = URI.parse(logstash_url)
  @logstash_host = uri.host
  @logstash_port = uri.port
  @logstash_uri  = uri.request_uri

  @es = Elasticsearch::Client.new hosts: ["#{@logstash_host}:#{@logstash_port}"], reload_connections: true
end

Instance Attribute Details

#queryObject (readonly)

Returns the value of attribute query.



12
13
14
 
# File 'lib/nagios-herald/helpers/logstash_query.rb', line 12

def query
  @query
end

Instance Method Details

#kibana_style_query(query_string) ⇒ Object

Public: Queries Logstash.

Example:

results = logstash_query.query

Returns the results of the query in the requested format, nil otherwise.



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/nagios-herald/helpers/logstash_query.rb', line 53

def kibana_style_query(query_string)

  # Strip leading and following single quotes from query if present
  query_string = query_string[1..-1] if query_string[0] == "'"
  query_string = query_string[0..-2] if query_string[-1] == "'"

  @query = {
      "from" => 0,
      "size" => @logstash_num_results,
      "query" => {
          "filtered" => {
              "query" => {
                  "bool" => {
                      "should" => [
                          {
                              "query_string" => {
                                  "query" => "#{query_string}"
                              }
                          }
                      ]
                  }
              },
              "filter" => {
                  "bool" => {
                      "must" => [
                          {
                              "match_all" => {}
                          },
                          {
                              "range" => {
                                  "index_timestamp" => {
                                      "from" => "now-#{@logstash_time_period}",
                                      "to" => "now"
                                  }
                              }
                          }
                      ]
                  }
              }
          }
      }
  }
  truncate_results(run_logstash_query(@query))
end

#query_from_file(query_file) ⇒ Object 



98
99
100
101
102
103
104
105
106
 
# File 'lib/nagios-herald/helpers/logstash_query.rb', line 98

def query_from_file(query_file)
  if File.exists? query_file
    @query = JSON.parse(File.readlines(query_file).join)
  else
    raise "Query file #{query_file} does not exist"
  end

  truncate_results(run_logstash_query(@query))
end