class Whowas::Splunk
Private Class Methods
connection(config: Whowas.splunk_config)
click to toggle source
Whowas.splunk_config is configured via define_setting in the initializer. See configuration.rb for more information.
# File lib/adapters/splunk.rb, line 13 def self.connection(config: Whowas.splunk_config) if @@connection && @@connection.token @@connection = ::Splunk::Service.new(config.merge(token: @@connection.token)) else @@connection = ::Splunk::connect(config) end rescue StandardError => e raise Whowas::Errors::ServiceUnavailable, "#{self.class.name}: #{e}" end
Private Instance Methods
format(input)
click to toggle source
# File lib/adapters/splunk.rb, line 32 def format(input) input = { query: "search #{input[:query]}", args: { earliest_time: format_timestamp(input[:timestamp], input[:offset]), latest_time: format_timestamp(input[:timestamp], 0.1) } } end
format_timestamp(timestamp, offset)
click to toggle source
# File lib/adapters/splunk.rb, line 42 def format_timestamp(timestamp, offset) (DateTime.parse(timestamp).to_time + offset).strftime("%Y-%m-%dT%H:%M:%S.%L%z") end
search_api(input)
click to toggle source
# File lib/adapters/splunk.rb, line 46 def search_api(input) puts input stream = self.class.connection.create_export(input[:query], input[:args]) if results = ::Splunk::MultiResultsReader.new(stream).first.first results["_raw"] else "" end end
validate(input)
click to toggle source
# File lib/adapters/splunk.rb, line 23 def validate(input) (input[:query] && !input[:query].empty? && input[:offset].is_a?(Integer) && DateTime.parse(input[:timestamp]) && true) || (raise Whowas::Errors::InvalidInput, "Invalid input for Splunk") end