class Whowas::Splunk

Private Class Methods

connection(config: Whowas.splunk_config) click to toggle source

Whowas.splunk_config is configured via define_setting in the initializer. See configuration.rb for more information.

# File lib/adapters/splunk.rb, line 13
def self.connection(config: Whowas.splunk_config)
  if @@connection && @@connection.token
    @@connection = ::Splunk::Service.new(config.merge(token: @@connection.token))
  else
    @@connection = ::Splunk::connect(config)
  end
rescue StandardError => e
  raise Whowas::Errors::ServiceUnavailable, "#{self.class.name}: #{e}"
end

Private Instance Methods

format(input) click to toggle source
# File lib/adapters/splunk.rb, line 32
def format(input)
  input = {
    query: "search #{input[:query]}",
    args: {
      earliest_time: format_timestamp(input[:timestamp], input[:offset]),
      latest_time: format_timestamp(input[:timestamp], 0.1)
    }
  }
end
format_timestamp(timestamp, offset) click to toggle source
# File lib/adapters/splunk.rb, line 42
def format_timestamp(timestamp, offset)
  (DateTime.parse(timestamp).to_time + offset).strftime("%Y-%m-%dT%H:%M:%S.%L%z")
end
search_api(input) click to toggle source
# File lib/adapters/splunk.rb, line 46
def search_api(input)
  puts input
  stream = self.class.connection.create_export(input[:query], input[:args])
  if results = ::Splunk::MultiResultsReader.new(stream).first.first
    results["_raw"]
  else
    ""
  end
end
validate(input) click to toggle source
# File lib/adapters/splunk.rb, line 23
def validate(input)
  (input[:query] && 
  !input[:query].empty? && 
  input[:offset].is_a?(Integer) &&
  DateTime.parse(input[:timestamp]) &&
  true) ||
  (raise Whowas::Errors::InvalidInput, "Invalid input for Splunk")
end