Module: Splunk

Defined in:: lib/splunk-sdk-ruby/service.rb,
lib/splunk-sdk-ruby.rb,
lib/splunk-sdk-ruby/entity.rb,
lib/splunk-sdk-ruby/context.rb,
lib/splunk-sdk-ruby/version.rb,
lib/splunk-sdk-ruby/atomfeed.rb,
lib/splunk-sdk-ruby/xml_shim.rb,
lib/splunk-sdk-ruby/namespace.rb,
lib/splunk-sdk-ruby/collection.rb,
lib/splunk-sdk-ruby/entity/job.rb,
lib/splunk-sdk-ruby/entity/index.rb,
lib/splunk-sdk-ruby/entity/stanza.rb,
lib/splunk-sdk-ruby/resultsreader.rb,
lib/splunk-sdk-ruby/entity/message.rb,
lib/splunk-sdk-ruby/collection/apps.rb,
lib/splunk-sdk-ruby/collection/jobs.rb,
lib/splunk-sdk-ruby/entity_not_ready.rb,
lib/splunk-sdk-ruby/illegal_operation.rb,
lib/splunk-sdk-ruby/splunk_http_error.rb,
lib/splunk-sdk-ruby/collection/messages.rb,
lib/splunk-sdk-ruby/entity/saved_search.rb,
lib/splunk-sdk-ruby/collection/input_kinds.rb,
lib/splunk-sdk-ruby/collection/configurations.rb,
lib/splunk-sdk-ruby/entity/modular_input_kind.rb,
lib/splunk-sdk-ruby/ambiguous_entity_reference.rb,
lib/splunk-sdk-ruby/collection/configuration_file.rb,
lib/splunk-sdk-ruby/collection/case_insensitive_collection.rb

Overview

Provides a class representing the collection of users and roles in Splunk. This should look identical to Collection to the end user of the SDK.

Users and roles are both case insensitive to the entity name, and neither returns the newly created entity.

Defined Under Namespace

Modules: Namespace Classes: AmbiguousEntityReference, AppNamespace, AppReferenceNamespace, Apps, AtomFeed, CaseInsensitiveCollection, Collection, ConcatenatedStream, ConfigurationFile, Configurations, Context, DefaultNamespace, Entity, EntityNotReady, Event, ExportStream, GlobalNamespace, IllegalOperation, Index, InputKinds, Inputs, Job, Jobs, Message, Messages, ModularInputKind, MultiResultsReader, PuppetResultsReader, ReadOnlyCollection, ReadOnlyEntity, ResultsListener, ResultsReader, SavedSearch, Service, SplunkHTTPError, Stanza, SystemNamespace, UserNamespace, XMLDTDFilter

Constant Summary collapse

DEFAULT_HOST =

'localhost'

DEFAULT_PORT =

DEFAULT_SCHEME =

:https

DEFAULT_PATH_PREFIX =

''

PATH_APPS_LOCAL = The paths used by service.

["apps", "local"]

PATH_CAPABILITIES =

["authorization", "capabilities"]

PATH_LOGGER =

["server","logger"]

PATH_ROLES =

["authorization", "roles"]

PATH_USERS =

["authentication","users"]

PATH_MESSAGES =

["messages"]

PATH_MODULAR_INPUT_KINDS =

["data", "modular-inputs"]

PATH_INFO =

["server", "info"]

PATH_INPUTS =

["data", "inputs"]

PATH_SETTINGS =

["server", "settings"]

PATH_INDEXES =

["data","indexes"]

PATH_CONFS =

["properties"]

PATH_CONF =

["configs"]

PATH_SAVED_SEARCHES =

["saved", "searches"]

PATH_STANZA =

["configs","conf-%s","%s"]

PATH_JOBS =

["search", "jobs"]

PATH_EXPORT =

["search", "jobs", "export"]

VERSION =

'1.0.5'

Class Method Summary collapse

.connect(args) ⇒ Object

Create a logged in reference to a Splunk instance.
.eai_acl_to_namespace(eai_acl) ⇒ Object

Convert a hash of eai:acl fields from Splunk’s REST API into a namespace.
.escape_string(str) ⇒ Object

Escape reserved XML entities in a string.
.namespace(args) ⇒ Object

Create a Namespace.
.require_xml_library(library) ⇒ Object

Tell the Splunk SDK for Ruby to use library for XML parsing.
.text_at_xpath(xpath, text) ⇒ Object

Returns the text contained in the first element matching xpath in text.

Class Method Details

.connect(args) ⇒ `Object`

Create a logged in reference to a Splunk instance.

connect takes a hash of values as its sole argument. The keys it understands are:

‘:username` - log in to Splunk as this user (no default)
‘:password` - password to use when logging in (no default)
‘:host` - Splunk host (e.g. “10.1.2.3”) (defaults to ’localhost’)
‘:port` - the Splunk management port (defaults to ’8089’)
‘:protocol` - either ’https’ or ‘http’ (defaults to ‘https’)
‘:namespace` - application namespace option. ’username:appname’
```
(defaults to nil)
```
‘:token` - a preauthenticated Splunk token (default to nil)

Returns: a logged in Service object.

Example:

require 'splunk-sdk-ruby'
service = Splunk::connect(:username => "admin", :password => "changeme")



81
82
83

# File 'lib/splunk-sdk-ruby/service.rb', line 81

def self.connect(args)
  Service.new(args).login()
end

.eai_acl_to_namespace(eai_acl) ⇒ `Object`

Convert a hash of eai:acl fields from Splunk’s REST API into a namespace.

eai_acl should be a hash containing at least the key “sharing”, and, depending on the value associated with “sharing”, possibly keys “app” and “owner”.

Returns: a Namespace.

# File 'lib/splunk-sdk-ruby/namespace.rb', line 80

def self.eai_acl_to_namespace(eai_acl)
  namespace(:sharing => eai_acl["sharing"],
            :app => eai_acl["app"],
            :owner => eai_acl["owner"])
end

.escape_string(str) ⇒ `Object`

Escape reserved XML entities in a string.

To match the behavior of splunkd, we only escape &, <, and >, not single and double quotes. This means we have to write the behavior ourselves, since both REXML and Nokogiri also escape both kinds of quotes.



124
125
126

# File 'lib/splunk-sdk-ruby/xml_shim.rb', line 124

def self.escape_string(str)
  str.gsub(/&/, "&amp;").gsub(/</, "&lt;").gsub(/>/, "&gt;")
end

.namespace(args) ⇒ `Object`

Create a Namespace.

namespace takes a hash of arguments, recognizing the keys :sharing, :owner, and :app. Among them, :sharing is required, and depending on its value, the others may be required or not.

:sharing determines what kind of namespace is produced. It can have the values “default”, “global”, “system”, “user”, or “app”.

If :sharing is “default”, “global”, or “system”, the other two arguments are ignored. If :sharing is “app”, only :app is used, specifying the application of the namespace. If :sharing is “user”, then both the :app and :owner arguments are used.

If :sharing is “app” but :app is “”, it returns an AppReferenceNamespace.

Returns: a Namespace.

# File 'lib/splunk-sdk-ruby/namespace.rb', line 107

def self.namespace(args)
  sharing = args.fetch(:sharing, "default")
  owner = args.fetch(:owner, nil)
  app = args.fetch(:app, nil)

  if sharing == "system"
    return SystemNamespace.instance
  elsif sharing == "global"
    return GlobalNamespace.instance
  elsif sharing == "user"
    if owner.nil? or owner == ""
      raise ArgumentError.new("Must provide an owner for user namespaces.")
    elsif app.nil? or app == ""
      raise ArgumentError.new("Must provide an app for user namespaces.")
    else
      return UserNamespace.new(owner, app)
    end
  elsif sharing == "app"
    if app.nil?
      raise ArgumentError.new("Must specify an application for application sharing")
    elsif args[:app] == ""
      return AppReferenceNamespace.instance
    else
      return AppNamespace.new(args[:app])
    end
  elsif sharing == "default"
    return DefaultNamespace.instance
  else
    raise ArgumentError.new("Unknown sharing value: #{sharing}")
  end
end

.require_xml_library(library) ⇒ `Object`

Tell the Splunk SDK for Ruby to use library for XML parsing.

The only two supported libraries for now are Nokogiri (pass :nokogiri as the library parameter) and REXML (pass :rexml).

Arguments:

library: (:nokogiri or :rexml:) A symbol specifying the library.

Raises:

LoadError if the library requested cannot be loaded.

Returns no value of interest.

# File 'lib/splunk-sdk-ruby/xml_shim.rb', line 54

def self.require_xml_library(library)
  if library == :nokogiri
    require 'nokogiri'
    $splunk_xml_library = :nokogiri
  else
    require 'rexml/document'
    require 'rexml/streamlistener'
    $splunk_xml_library = :rexml
  end
end

.text_at_xpath(xpath, text) ⇒ `Object`

Returns the text contained in the first element matching xpath in text.

Arguments:

xpath: (String) An XPath specifier. It should refer to an element containing only text, not additional XML elements.
text: (String) The text to search in.

Returns: A String containing the text in the first match of xpath, or nil if there was no match.

Examples:

text_at_xpath("/set/entry", "<set><entry>Boris</entry></set>")
  == "Boris"
text_at_xpath("/a", "<a>Alpha</a> <a>Beta</a>") == "Alpha"
text_at_xpath("/a", "<b>Quill pen</b>") == nil

# File 'lib/splunk-sdk-ruby/xml_shim.rb', line 95

def self.text_at_xpath(xpath, text)
  if text.nil? or text.length == 0
    return nil
  elsif $splunk_xml_library == :nokogiri
    doc = Nokogiri::XML(text)
    matches = doc.xpath(xpath)
    if matches.empty?
      return nil
    else
      return matches.last.content
    end
  else
    doc = REXML::Document.new(text)
    matches = doc.elements[xpath]
    if matches
      return matches[0].value
    else
      return nil
    end
  end
end

Module: Splunk

Overview

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.connect(args) ⇒ Object

.eai_acl_to_namespace(eai_acl) ⇒ Object

.escape_string(str) ⇒ Object

.namespace(args) ⇒ Object