Module: RawActions

Included in:
Sawyer::Actions
Defined in:
lib/sawyer/actions_raw.rb

Instance Method Summary collapse

Instance Method Details

#events(from, to, args) ⇒ Object 



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/sawyer/actions_raw.rb', line 32

def events from, to, args
  qs   = args.shift
  logs = args

  $stdin.read.split("\n").each do |l|
    logs << l.split(' ', 2).last
  end unless $stdin.tty?

  unless logs.empty?
    logs = logs.map do |log|
      host, path = log.split('/', 2)
      if path.nil? || path.empty?
        'host:"%s"' % host
      else
        '(host:"%s" AND path:"/%s")' % [ host, path ]
      end
    end.join(' OR ')
    logs = " AND (#{logs})"
  else
    logs = ''
  end

  request = {
    query: {
      query_string: {
        query: qs + logs
      }
    }
  }

  response = search from, to, request
  if response.has_key?('hits')
    puts JSON::pretty_generate(response['hits']['hits'].map { |e| e['_source'] })
    return 0
  end
  return 1
end

#logs(from, to, args) ⇒ Object 



2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/sawyer/actions_raw.rb', line 2

def logs from, to, args
  qs = args.shift
  request = {
    size: 0,
    query: {
      query_string: {
        query: qs
      }
    },
    aggregations: {
      logs: {
        terms: {
          script: "_source.host + _source.path"
        }
      }
    }
  }

  response = search from, to, request
  buckets = []
  if response.has_key? 'aggregations'
    buckets = response['aggregations']['logs']['buckets']
  end
  logs = buckets.map { |log| "%d\t%s" % [ log['doc_count'], log['key'] ] }
  puts logs.reverse
  return 0
end