Class: NagiosHerald::Helpers::SplunkQuery
- Inherits:
-
Object
- Object
- NagiosHerald::Helpers::SplunkQuery
- Defined in:
- lib/nagios-herald/helpers/splunk_query.rb
Instance Method Summary collapse
-
#initialize(query, options = {}) ⇒ SplunkQuery
constructor
Public: Initialize a new SplunkQuery object.
-
#parameters ⇒ Object
Public: Generate the parameters for the Splunk query.
-
#query ⇒ Object
Public: Queries Splunk.
Constructor Details
#initialize(query, options = {}) ⇒ SplunkQuery
Public: Initialize a new SplunkQuery object.
query - A string representing the query to send to Splunk. index - Optional index to specify (else Splunk defaults to all indexes
available to the authenticated user).
output - The output format we’d like (i.e. csv, json, xml); defaults
to json.
Example:
splunk_query = NagiosHerald::Helpers::SplunkQuery.new(‘sourcetype=perf_log page=index.html’) splunk_query = NagiosHerald::Helpers::SplunkQuery.new(‘transaction_state=paid’, => ‘get_paid’) splunk_query = NagiosHerald::Helpers::SplunkQuery.new(‘source=nagios-herald.log alert_type=host’, => ‘csv’)
Returns a new SplunkQuery object.
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'lib/nagios-herald/helpers/splunk_query.rb', line 27 def initialize(query, ={}) @splunk_query = query @splunk_index = [:index] ? [:index] : nil @splunk_output = [:output] ? [:output] : 'json' # Pull the Splunk URI, username, and password from the config. splunk_url = Config.config['splunk']['url'] @splunk_username = Config.config['splunk']['username'] @splunk_password = Config.config['splunk']['password'] # Parse the URI. uri = URI.parse(splunk_url) @splunk_host = uri.host @splunk_port = uri.port @splunk_uri = uri.request_uri end |
Instance Method Details
#parameters ⇒ Object
Public: Generate the parameters for the Splunk query.
Example:
parameters = splunk_query.parameters
Returns the Splunk query parameters.
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'lib/nagios-herald/helpers/splunk_query.rb', line 51 def parameters # Earliest time we should look for events; defaults to 7 days ago. earliest_time = Config.config['splunk']['earliest_time'] ? Config.config['splunk']['earliest_time'] : '7d' # Latest time we should look for events; defaults to now. latest_time = Config.config['splunk']['latest_time'] ? Config.config['splunk']['latest_time'] : 'now' # Maximum results returned; defaults to 100. max_results = Config.config['splunk']['max_results'] ? Config.config['splunk']['max_results'] : 100 params = { 'exec_mode' => 'oneshot', 'earliest_time' => "-#{earliest_time}", 'latest_time' => latest_time, 'output_mode' => @splunk_output, 'count' => max_results } if @splunk_index.nil? params['search'] = "search #{@splunk_query}" else params['search'] = "search index=#{@splunk_index} " + @splunk_query end params end |
#query ⇒ Object
Public: Queries Splunk.
Example:
results = splunk_query.query
Returns the results of the query in the requested format, nil otherwise.
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
# File 'lib/nagios-herald/helpers/splunk_query.rb', line 90 def query http = Net::HTTP.new( @splunk_host, @splunk_port ) http.use_ssl = true http.open_timeout = 1 http.read_timeout = 2 http.ssl_timeout = 1 http.verify_mode = OpenSSL::SSL::VERIFY_NONE # don't validate the cert request = Net::HTTP::Post.new( @splunk_uri ) request.basic_auth( @splunk_username, @splunk_password ) request.set_form_data( parameters ) begin response = http.request( request ) rescue Exception => e logger.warn "Failed to send request: #{e.}" return nil end if response.code.eql?( "200" ) response.body else logger.warn "Splunk query failed with HTTP #{response.code}: #{response.}" logger.warn response.body return nil end end |