A user friendly interface to the Splunk REST API.
Service subclasses Context (which provides the methods to login to Splunk and make requests to the REST API), and adds convenience methods for accessing the major collections of entities, such as indexes, search jobs, and configurations.
Returns a collection of all the apps installed on Splunk.
Returns a Collection containing Entity objects.
Examples::
require 'splunk-sdk-ruby' service = Splunk::connect(:username => 'admin', :password => 'changeme') service.apps.each do |app| puts app.name end
# File lib/splunk-sdk-ruby/service.rb, line 108 def apps Apps.new(self, PATH_APPS_LOCAL) end
Returns an Array of all the capabilities roles may have in Splunk.
Capabilities are a fixed list on the server, so this method returns an Array rather than an Entity.
Returns: an Array of Strings.
Example:
service = Splunk::connect(:username => 'admin', :password => 'changeme') puts service.capabilities # Prints: ["admin_all_objects", "change_authentication", # "change_own_password", "delete_by_keyword", ...]
# File lib/splunk-sdk-ruby/service.rb, line 127 def capabilities response = request(:resource => PATH_CAPABILITIES) feed = AtomFeed.new(response.body) feed.entries[0]["content"]["capabilities"] end
Returns a Collection of all the configuration files visible on Splunk.
The configurations you see are dependent on the namespace your Service is connected with. So if you are connected in the system namespace, you may see different values than if you're connected in the app namespace associated with a particular app, since the app may override some values within its scope.
The configuration files which are the contents of this Collection are not Entity objects, but Collection objects in their own right. They contain Entity objects representing the stanzas in that configuration file.
Returns: Configurations (a subclass of Collection containing ConfigurationFile objects).
# File lib/splunk-sdk-ruby/service.rb, line 150 def confs Configurations.new(self) end
Creates a blocking search.
The create_oneshot method starts a search query, and any optional arguments specified in a hash (which are identical to those taken by create). It then blocks until the job finished, and returns the results, as transformed by any transforming search commands in query (equivalent to calling the results method on a Job).
Returns: a stream readable by ResultsReader.
# File lib/splunk-sdk-ruby/service.rb, line 165 def create_oneshot(query, args={}) jobs.create_oneshot(query, args) end
Creates an asynchronous search job.
The search job requires a query, and takes a hash of other, optional arguments, which are documented in the Splunk REST documentation.
# File lib/splunk-sdk-ruby/service.rb, line 175 def create_search(query, args={}) jobs.create(query, args) end
DEPRECATED. Use create_export instead.
# File lib/splunk-sdk-ruby/service.rb, line 195 def create_stream(query, args={}) warn "[DEPRECATION] Service#create_stream is deprecated. Use Service#create_export instead." jobs.create_export(query, args) end
Returns a Collection of all Index objects.
Index is a subclass of Entity, with additional methods for manipulating indexes in particular.
# File lib/splunk-sdk-ruby/service.rb, line 206 def indexes Collection.new(self, PATH_INDEXES, entity_class=Index) end
Returns a Hash containing Splunk's runtime information.
The Hash has keys such as "build" (the number of the build of this Splunk instance) and "cpu_arch" (what CPU Splunk is running on), and "os_name" (the name of the operating system Splunk is running on).
Returns: A Hash that has Strings as both keys and values.
# File lib/splunk-sdk-ruby/service.rb, line 219 def info response = request(:namespace => Splunk::namespace(:sharing => "default"), :resource => PATH_INFO) feed = AtomFeed.new(response.body) feed.entries[0]["content"] end
Return a collection of the input kinds.
# File lib/splunk-sdk-ruby/service.rb, line 229 def inputs InputKinds.new(self, PATH_INPUTS) end
Returns a collection of all the search jobs running on Splunk.
The Jobs object returned is a subclass of Collection, but also has convenience methods for starting oneshot and streaming jobs as well as creating normal, asynchronous jobs.
Returns: A Jobs object.
# File lib/splunk-sdk-ruby/service.rb, line 241 def jobs Jobs.new(self) end
Returns a collection of the loggers in Splunk.
Each logger logs errors, warnings, debug info, or informational information about a specific part of the Splunk system (e.g., WARN on DeploymentClient).
Returns: a Collection of Entity objects representing loggers.
Example:
service = Splunk::connect(:username => 'admin', :password => 'foo') service.loggers.each do |logger| puts logger.name + ":" + logger['level'] end # Prints: # ... # DedupProcessor:WARN # DeployedApplication:INFO # DeployedServerClass:WARN # DeploymentClient:WARN # DeploymentClientAdminHandler:WARN # DeploymentMetrics:INFO # ...
# File lib/splunk-sdk-ruby/service.rb, line 269 def loggers Collection.new(self, PATH_LOGGER) end
Returns a collection of the global messages on Splunk.
Messages include such things as warnings and notices that Splunk needs to restart.
Returns: A Collection of Message objects (which are subclasses of Entity).
# File lib/splunk-sdk-ruby/service.rb, line 282 def messages Messages.new(self, PATH_MESSAGES, entity_class=Message) end
Returns a read only collection of modular input kinds.
The modular input kinds are custom input kinds on this Splunk instance. To access the actual inputs of these kinds, use the Service#inputs method. This method gives access to the metadata describing the input kinds.
Returns: A ReadOnlyCollection of ModularInputKind objects representing all the custom input types added to this Splunk instance.
# File lib/splunk-sdk-ruby/service.rb, line 297 def modular_input_kinds if self.splunk_version[0] < 5 raise IllegalOperation.new("Modular input kinds are " + "not supported before Splunk 5.0") else ReadOnlyCollection.new(self, PATH_MODULAR_INPUT_KINDS, entity_class=ModularInputKind) end end
Returns a collection of the roles on the system.
Returns: A Collection of Entity objects representing the roles on this Splunk instance.
# File lib/splunk-sdk-ruby/service.rb, line 313 def roles CaseInsensitiveCollection.new(self, PATH_ROLES) end
# File lib/splunk-sdk-ruby/service.rb, line 321 def saved_searches Collection.new(self, PATH_SAVED_SEARCHES, entity_class=SavedSearch) end
Returns an Entity of Splunk's mutable runtime information.
The settings method includes values such as "SPLUNK_DB" and "SPLUNK_HOME". Unlike the values returned by the info method, these settings can be updated.
Returns: an Entity with all server settings.
Example:
service = Splunk::connect(:username => 'admin', :password => 'foo') puts svc.settings.read # Prints: # {"SPLUNK_DB" => "/path/to/splunk_home/var/lib/splunk", # "SPLUNK_HOME" => "/path/to/splunk_home", # ...}
# File lib/splunk-sdk-ruby/service.rb, line 342 def settings # Though settings looks like a collection on the server, it always has # a single entity, of the same name, giving the actual settings. We access # that entity directly rather than putting a collection inbetween. Entity.new(self, Splunk::namespace(:sharing => "default"), PATH_SETTINGS, "settings").refresh() end
Returns the version of Splunk this Service is connected to.
The version is represented as an Array of length 3, with each of its components an integer. For example, on Splunk 4.3.5, splunk_version would return [4, 3, 5], while on Splunk 5.0.2, splunk_version would return [5, 0, 2].
Returns: An Array of Integers of length 3.
# File lib/splunk-sdk-ruby/service.rb, line 360 def splunk_version info["version"].split(".").map() {|v| Integer(v)} end
Return a Collection of the users defined on Splunk.
# File lib/splunk-sdk-ruby/service.rb, line 367 def users CaseInsensitiveCollection.new(self, PATH_USERS) end
Generated with the Darkfish Rdoc Generator 2.