Extended search

lib/splunk_client/splunk_client.rb

@@ -12,14 +12,10 @@
 
 class SplunkClient
 
-  def initialize(username, password, host, opts = {})
-    @USER=username; @PASS=password; @HOST=host;
-    @PORT = opts[:port] || 8089
-    @READ_TIMEOUT = opts[:read_time_out] || 60
-    @USE_SSL = opts[:use_ssl] || false
-    proxy_url = opts[:proxy_url] || ''
-
+  def initialize(username, password, host, port=8089, proxy_url = '', read_time_out = 60, use_ssl = true)
+    @USER=username; @PASS=password; @HOST=host; @PORT=port; @READ_TIMEOUT = read_time_out
     @PROXY_URI = URI(proxy_url) if proxy_url && !proxy_url.empty?
+    @use_ssl = use_ssl
 
     sessionKey = get_session_key
 
@@ -30,16 +26,18 @@ def initialize(username, password, host, opts = {})
     end
   end
 
-  def search(search)
-    create_search(search)
+  def search(search, start_time = nil, end_time = nil, query_prefix = 'search')
+    create_search(search, start_time, end_time, query_prefix)
   end
 
-  def create_search(search)
-    # Returns a SplunkJob 
-    xml = splunk_post_request("/services/search/jobs",
-                              "search=#{CGI::escape("search #{search}")}",
-                              @SESSION_KEY)
+  # Returns a SplunkJob
+  def create_search(search, start_time = nil, end_time = nil, query_prefix = 'search')
+    start_time, end_time = start_time.to_s, end_time.to_s
+    data_string = "search=#{CGI::escape("#{query_prefix} #{search}")}"
+    data_string += "&earliest_time=#{CGI.escape(start_time)}" unless end_time.empty?
+    data_string += "&latest_time=#{CGI.escape(end_time)}" unless end_time.empty?
 
+    xml = splunk_post_request("/services/search/jobs", data_string, @SESSION_KEY)
     @doc = Nokogiri::Slop(xml)
 
     return SplunkJob.new(@doc.xpath("//sid").text, self)
@@ -56,12 +54,12 @@ def get_search_results(sid, maxResults=0, mode=nil)
     url += "&output_mode=#{mode}" unless mode.nil?
     splunk_get_request(url)
   end
-  
+
   def get_alert_list(user="nobody", count=30)
     xml = splunk_get_request("/servicesNS/#{user}/search/alerts/fired_alerts?count=#{count}")
     SplunkAlertFeed.new(Nokogiri::Slop(xml), self)
   end
-  
+
   def get_alert(alarmName, user="nobody")
     xml = splunk_get_request("/servicesNS/#{user}/search/alerts/fired_alerts/#{alarmName}")
     SplunkAlert.new(Nokogiri::Slop(xml).css("entry")[0], self)
@@ -76,14 +74,14 @@ def control_job(sid, action)
 
   private ###############################################################################
 
-  def splunk_http_request
+  def splunk_http_request()
     if @PROXY_URI
       http = Net::HTTP.new(@HOST, @PORT, @PROXY_URI.host, @PROXY_URI.port)
     else
-      http = Net::HTTP.new(@HOST, @PORT)
+      http = Net::HTTP.new(@HOST, @PORT, nil)
     end
     http.read_timeout = @READ_TIMEOUT
-    http.use_ssl = @SSL
+    http.use_ssl = @use_ssl
     http.verify_mode = OpenSSL::SSL::VERIFY_NONE
     http
   end
@@ -109,3 +107,6 @@ class SplunkSessionError < SecurityError
   # Exception class for handling invalid session tokens received by the gem
 end
 
+class SplunkWaitTimeout < Exception
+  # Raised when splunk request times out
+end

lib/splunk_client/splunk_job.rb

@@ -9,7 +9,7 @@ class SplunkJob
   attr_accessor :succeeded
 
   REQUEST_LIMIT = 40
-  REQUEST_WAIT_TIME = 4
+  REQUEST_WAIT_TIME = 8
 
   def initialize(jobId, clientPointer)
     @jobId  = jobId
@@ -22,7 +22,6 @@ def wait
   end
 
   def wait_for_results
-    # Wait for the Splunk search to complete
     request_count = 0
     until complete?
       if (request_count += 1) >= REQUEST_LIMIT
@@ -33,7 +32,6 @@ def wait_for_results
     @succeeded = true
   end
 
-
   def complete?
     # Return status of job
     @client.get_search_status(@jobId).to_i == 1
@@ -60,5 +58,5 @@ def parsedResults
     # Return a SplunkResults object with methods for the result fields
     SplunkResults.new(results).results
   end
-  
+
 end #class SplunkJob