class Splunk::Pickaxe::FieldExtractions
Public Instance Methods
entity_dir()
click to toggle source
# File lib/splunk/pickaxe/objects/field_extractions.rb, line 15 def entity_dir DIR end
entity_file_name(splunk_entity)
click to toggle source
# File lib/splunk/pickaxe/objects/field_extractions.rb, line 19 def entity_file_name(splunk_entity) "#{splunk_entity['stanza']}-#{splunk_entity['type']}-#{splunk_entity['attribute']}.yml" .gsub(/[^a-z0-9_\-. ]/i, '') end
entity_file_path(splunk_entity)
click to toggle source
# File lib/splunk/pickaxe/objects/field_extractions.rb, line 24 def entity_file_path(splunk_entity) File.join( pickaxe_config.execution_path, entity_dir, entity_file_name(splunk_entity) ) end
find(entity)
click to toggle source
Calls superclass method
Splunk::Pickaxe::Objects#find
# File lib/splunk/pickaxe/objects/field_extractions.rb, line 31 def find(entity) # Splunk does some fun things by re-naming our field extraction to include # the stanza and type in the name when its created so do that here by # cloning the entity and editing its name before passing it to find find_entity = Hash.new(entity) find_entity['name'] = "#{entity['config']['stanza']} : #{entity['config']['type']}-#{entity['name']}" super(find_entity) end
needs_update?(splunk_entity, entity)
click to toggle source
# File lib/splunk/pickaxe/objects/field_extractions.rb, line 45 def needs_update?(splunk_entity, entity) # When updating splunk only cares about this field splunk_entity['value'] != splunk_config(entity)['value'] end
save_config(splunk_entity, overwrite, local_save)
click to toggle source
# File lib/splunk/pickaxe/objects/field_extractions.rb, line 50 def save_config(splunk_entity, overwrite, local_save) file_path = entity_file_path splunk_entity if local_save if File.exist?(file_path) puts "- #{splunk_entity.name}" write_to_file(file_path, overwrite, splunk_entity) end else puts "- #{splunk_entity.name}" write_to_file(file_path, overwrite, splunk_entity) end end
splunk_entity_keys()
click to toggle source
# File lib/splunk/pickaxe/objects/field_extractions.rb, line 87 def splunk_entity_keys Splunk::Pickaxe::FIELD_EXTRACTIONS_KEYS end
splunk_resource()
click to toggle source
# File lib/splunk/pickaxe/objects/field_extractions.rb, line 11 def splunk_resource %w[data props extractions] end
update(splunk_entity, entity)
click to toggle source
# File lib/splunk/pickaxe/objects/field_extractions.rb, line 40 def update(splunk_entity, entity) # When updating splunk only wants the value field splunk_entity.update('value' => splunk_config(entity)['value']) end
write_to_file(file_path, overwrite, splunk_entity)
click to toggle source
# File lib/splunk/pickaxe/objects/field_extractions.rb, line 64 def write_to_file(file_path, overwrite, splunk_entity) if overwrite || !File.exist?(file_path) config = splunk_entity_keys .map { |k| { k => splunk_entity.fetch(k) } } .reduce({}) { |memo, setting| memo.update(setting) } # the POST api expects 'type' to be the first part of 'attribute' # while the GET api returns 'type' within 'attribute' # the GET api also command and space delimits values, it should only # use commas OR spaces. config['type'] = splunk_entity.fetch('attribute').split('-').first config['value'].gsub!(/, /, ',') overwritten = overwrite && File.exist?(file_path) File.write(file_path, { 'name' => splunk_entity.name, 'config' => config }.to_yaml) puts overwritten ? ' Overwritten' : ' Created' else puts ' Already exists' end end