Module: Rsplunk::Search

Included in:
Client
Defined in:
lib/rsplunk/search.rb

Instance Method Summary (collapse)

Instance Method Details

- (Object) create_job(query, options = {})

Create a job

'query' is the search string you are passing to Splunk 'options' can be found at docs.splunk.com/Documentation/Splunk/4.2.2/RESTAPI/RESTsearch#POST_search.2Fjobs



21
22
23
24
25
26
27
28
29
30
 
# File 'lib/rsplunk/search.rb', line 21

def create_job(query, options={})
	search = "#{query}"
	options[:earliest_time] ||= '-15m'
	[:earliest_time, :latest_time, :time].each { |t| options[t] = format_time(options[t]) if options[t] }
	response = connection.post do |req|
		req.url 'search/jobs'
		req.body = { :search => "#{search}" }.merge(options)
	end
	return_error_or_body(response, response.body["response"]["sid"])
end

- (Object) delete_job(sid)

Delete job

Delete a running or saved job using the job SID



49
50
51
52
 
# File 'lib/rsplunk/search.rb', line 49

def delete_job(sid)
	response = connection.delete("search/jobs/#{sid}")
	return_error_or_body(response, response.body)
end

- (Object) job_results(sid, options = {})

Return results

Gives the results from a job using the job SID. Valid options for this are for output format: :output_mode => 'csv | raw | xml | json'



38
39
40
41
42
43
44
 
# File 'lib/rsplunk/search.rb', line 38

def job_results(sid, options = {})
	response = connection.get do |req|
		req.url "search/jobs/#{sid}/results"
		req.body = options
	end
	return_error_or_body(response, response.body)
end

- (Object) list_jobs(options = {})

Returns an XML with all of the current running jobs Valid options for this are for output format: :output_mode => 'csv | raw | xml | json'



9
10
11
12
13
14
15
 
# File 'lib/rsplunk/search.rb', line 9

def list_jobs(options = {})
	response = connection.get do |req|
		req.url ('search/jobs')
		req.body = options
	end
	return_error_or_body(response, response)
end