class Splunk::Pickaxe::Tags

Public Instance Methods

create(entity) click to toggle source
# File lib/splunk/pickaxe/objects/tags.rb, line 43
def create(entity)
  # Create and update are the same thing. Pass in no known fields
  update [], entity
end
entity_dir() click to toggle source
# File lib/splunk/pickaxe/objects/tags.rb, line 15
def entity_dir
  DIR
end
entity_file_path(splunk_entity) click to toggle source
# File lib/splunk/pickaxe/objects/tags.rb, line 19
def entity_file_path(splunk_entity)
  File.join(
    pickaxe_config.execution_path, entity_dir,
    entity_file_name(splunk_entity)
  )
end
find(entity) click to toggle source

Tags do not follow the typical conventions that other splunk resources do so we have to change the find/create/update methods

# File lib/splunk/pickaxe/objects/tags.rb, line 28
def find(entity)
  # Either return the entity or nil if it doesn't exist

  response = service.request(method: :GET, resource: splunk_resource + [name(entity)])
  # Parse out fields
  atom_feed = Splunk::AtomFeed.new(response.body)
  atom_feed.entries.map { |e| e['title'] }
rescue Splunk::SplunkHTTPError => e
  if e.code == 404
    nil
  else
    raise e
  end
end
needs_update?(splunk_entity, entity) click to toggle source
# File lib/splunk/pickaxe/objects/tags.rb, line 66
def needs_update?(splunk_entity, entity)
  # Compares the fields in our config vs whats in splunk
  splunk_config(entity).uniq.sort != splunk_entity.uniq.sort
end
splunk_config(entity) click to toggle source
# File lib/splunk/pickaxe/objects/tags.rb, line 62
def splunk_config(entity)
  entity['fields']
end
splunk_entity_keys() click to toggle source
# File lib/splunk/pickaxe/objects/tags.rb, line 71
def splunk_entity_keys
  Splunk::Pickaxe::TAGS_KEYS
end
splunk_resource() click to toggle source
# File lib/splunk/pickaxe/objects/tags.rb, line 11
def splunk_resource
  %w[search tags]
end
update(splunk_entity, entity) click to toggle source
# File lib/splunk/pickaxe/objects/tags.rb, line 48
def update(splunk_entity, entity)
  # what we want - whats there = what we need to create/update
  (splunk_config(entity) - splunk_entity).each do |field|
    response = service.request(method: :POST, resource: splunk_resource + [name(entity)], body: { add: field })
    raise "Failed to add field to tag [#{response.code}] - [#{response.body}]" unless response.is_a? Net::HTTPSuccess
  end

  # whats there - what we want = what we need to remove
  (splunk_entity - splunk_config(entity)).each do |field|
    response = service.request(method: :POST, resource: splunk_resource + [name(entity)], body: { delete: field })
    raise "Failed to delete field from tag [#{response.code}] - [#{response.body}]" unless response.is_a? Net::HTTPSuccess
  end
end