A user friendly interface to the Splunk REST API.
Service subclasses Context (which provides the
methods to login to Splunk and make requests to the REST API), and adds
convenience methods for accessing the major collections of entities, such
as indexes, search jobs, and configurations.
Returns a collection of all the apps installed on Splunk.
Returns a Collection containing Entity objects.
Examples::
require 'splunk-sdk-ruby' service = Splunk::connect(:username => 'admin', :password => 'changeme') service.apps.each do |app| puts app.name end
# File lib/splunk-sdk-ruby/service.rb, line 108 def apps Apps.new(self, PATH_APPS_LOCAL) end
Returns an Array of all the capabilities roles may have in
Splunk.
Capabilities are a fixed list on the server, so this method returns an
Array rather than an Entity.
Returns: an Array of Strings.
Example:
service = Splunk::connect(:username => 'admin', :password => 'changeme') puts service.capabilities # Prints: ["admin_all_objects", "change_authentication", # "change_own_password", "delete_by_keyword", ...]
# File lib/splunk-sdk-ruby/service.rb, line 127 def capabilities response = request(:resource => PATH_CAPABILITIES) feed = AtomFeed.new(response.body) feed.entries[0]["content"]["capabilities"] end
Returns a Collection of all the configuration files visible on
Splunk.
The configurations you see are dependent on the namespace your
Service is connected with. So if you are connected in the
system namespace, you may see different values than if you're connected
in the app namespace associated with a particular app, since the app may
override some values within its scope.
The configuration files which are the contents of this
Collection are not Entity objects, but
Collection objects in their own right. They contain
Entity objects representing the stanzas in that configuration
file.
Returns: Configurations (a subclass of Collection
containing ConfigurationFile objects).
# File lib/splunk-sdk-ruby/service.rb, line 150 def confs Configurations.new(self) end
Creates a blocking search.
The create_oneshot method starts a search query, and
any optional arguments specified in a hash (which are identical to those
taken by create). It then blocks until the job finished, and
returns the results, as transformed by any transforming search commands in
query (equivalent to calling the results method on a
Job).
Returns: a stream readable by ResultsReader.
# File lib/splunk-sdk-ruby/service.rb, line 165 def create_oneshot(query, args={}) jobs.create_oneshot(query, args) end
Creates an asynchronous search job.
The search job requires a query, and takes a hash of other, optional arguments, which are documented in the Splunk REST documentation.
# File lib/splunk-sdk-ruby/service.rb, line 175 def create_search(query, args={}) jobs.create(query, args) end
DEPRECATED. Use create_export instead.
# File lib/splunk-sdk-ruby/service.rb, line 195 def create_stream(query, args={}) warn "[DEPRECATION] Service#create_stream is deprecated. Use Service#create_export instead." jobs.create_export(query, args) end
Returns a Collection of all Index objects.
Index is a subclass of Entity, with additional
methods for manipulating indexes in particular.
# File lib/splunk-sdk-ruby/service.rb, line 206 def indexes Collection.new(self, PATH_INDEXES, entity_class=Index) end
Returns a Hash containing Splunk's runtime information.
The Hash has keys such as “build” (the number of
the build of this Splunk instance) and “cpu_arch” (what CPU
Splunk is running on), and “os_name” (the name of the
operating system Splunk is running on).
Returns: A Hash that has Strings as both keys and
values.
# File lib/splunk-sdk-ruby/service.rb, line 219 def info response = request(:namespace => Splunk::namespace(:sharing => "default"), :resource => PATH_INFO) feed = AtomFeed.new(response.body) feed.entries[0]["content"] end
Return a collection of the input kinds.
# File lib/splunk-sdk-ruby/service.rb, line 229 def inputs InputKinds.new(self, PATH_INPUTS) end
Returns a collection of all the search jobs running on Splunk.
The Jobs object returned is a subclass of
Collection, but also has convenience methods for starting
oneshot and streaming jobs as well as creating normal, asynchronous jobs.
Returns: A Jobs object.
# File lib/splunk-sdk-ruby/service.rb, line 241 def jobs Jobs.new(self) end
Returns a collection of the loggers in Splunk.
Each logger logs errors, warnings, debug info, or informational information
about a specific part of the Splunk system (e.g., WARN on
DeploymentClient).
Returns: a Collection of Entity objects
representing loggers.
Example:
service = Splunk::connect(:username => 'admin', :password => 'foo') service.loggers.each do |logger| puts logger.name + ":" + logger['level'] end # Prints: # ... # DedupProcessor:WARN # DeployedApplication:INFO # DeployedServerClass:WARN # DeploymentClient:WARN # DeploymentClientAdminHandler:WARN # DeploymentMetrics:INFO # ...
# File lib/splunk-sdk-ruby/service.rb, line 269 def loggers Collection.new(self, PATH_LOGGER) end
Returns a collection of the global messages on Splunk.
Messages include such things as warnings and notices that Splunk needs to restart.
Returns: A Collection of Message objects (which
are subclasses of Entity).
# File lib/splunk-sdk-ruby/service.rb, line 282 def messages Messages.new(self, PATH_MESSAGES, entity_class=Message) end
Returns a read only collection of modular input kinds.
The modular input kinds are custom input kinds on this Splunk instance. To
access the actual inputs of these kinds, use the
Service#inputs method. This method gives access
to the metadata describing the input kinds.
Returns: A ReadOnlyCollection of ModularInputKind
objects representing all the custom input types added to this Splunk
instance.
# File lib/splunk-sdk-ruby/service.rb, line 297 def modular_input_kinds if self.splunk_version[0] < 5 raise IllegalOperation.new("Modular input kinds are " + "not supported before Splunk 5.0") else ReadOnlyCollection.new(self, PATH_MODULAR_INPUT_KINDS, entity_class=ModularInputKind) end end
Returns a collection of the roles on the system.
Returns: A Collection of Entity objects
representing the roles on this Splunk instance.
# File lib/splunk-sdk-ruby/service.rb, line 313 def roles CaseInsensitiveCollection.new(self, PATH_ROLES) end
# File lib/splunk-sdk-ruby/service.rb, line 321 def saved_searches Collection.new(self, PATH_SAVED_SEARCHES, entity_class=SavedSearch) end
Returns an Entity of Splunk's mutable runtime information.
The settings method includes values such as
“SPLUNK_DB” and “SPLUNK_HOME”. Unlike the values
returned by the info method, these settings can be updated.
Returns: an Entity with all server settings.
Example:
service = Splunk::connect(:username => 'admin', :password => 'foo') puts svc.settings.read # Prints: # {"SPLUNK_DB" => "/path/to/splunk_home/var/lib/splunk", # "SPLUNK_HOME" => "/path/to/splunk_home", # ...}
# File lib/splunk-sdk-ruby/service.rb, line 342 def settings # Though settings looks like a collection on the server, it always has # a single entity, of the same name, giving the actual settings. We access # that entity directly rather than putting a collection inbetween. Entity.new(self, Splunk::namespace(:sharing => "default"), PATH_SETTINGS, "settings").refresh() end
Returns the version of Splunk this Service is connected to.
The version is represented as an Array of length 3, with each
of its components an integer. For example, on Splunk 4.3.5,
splunk_version would return [4, 3,
5], while on Splunk 5.0.2, splunk_version would
return [5, 0, 2].
Returns: An Array of Integers of length 3.
# File lib/splunk-sdk-ruby/service.rb, line 360 def splunk_version info["version"].split(".").map() {|v| Integer(v)} end
Return a Collection of the users defined on Splunk.
# File lib/splunk-sdk-ruby/service.rb, line 367 def users CaseInsensitiveCollection.new(self, PATH_USERS) end