def testIndexPatternInStringWithInterval(self):
index_info = 'some-index-%{+YYYY.MM.DD.HH}:hour'
expected = 'some-index-2015.12.29.00,some-index-2015.12.29.01,some-index-2015.12.29.02,some-index-2015.12.29.03,some-index-2015.12.29.04,some-index-2015.12.29.05,some-index-2015.12.29.06,some-index-2015.12.29.07,some-index-2015.12.29.08,some-index-2015.12.29.09,some-index-2015.12.29.10,some-index-2015.12.29.11,some-index-2015.12.29.12,some-index-2015.12.29.13,some-index-2015.12.29.14,some-index-2015.12.29.15,some-index-2015.12.29.16,some-index-2015.12.29.17,some-index-2015.12.29.18,some-index-2015.12.29.19,some-index-2015.12.29.20,some-index-2015.12.29.21,some-index-2015.12.29.22,some-index-2015.12.29.23,some-index-2015.12.30.00,some-index-2015.12.30.01,some-index-2015.12.30.02,some-index-2015.12.30.03,some-index-2015.12.30.04,some-index-2015.12.30.05,some-index-2015.12.30.06,some-index-2015.12.30.07,some-index-2015.12.30.08,some-index-2015.12.30.09,some-index-2015.12.30.10,some-index-2015.12.30.11,some-index-2015.12.30.12,some-index-2015.12.30.13,some-index-2015.12.30.14,some-index-2015.12.30.15,some-index-2015.12.30.16,some-index-2015.12.30.17,some-index-2015.12.30.18,some-index-2015.12.30.19,some-index-2015.12.30.20,some-index-2015.12.30.21,some-index-2015.12.30.22,some-index-2015.12.30.23,some-index-2015.12.31.00,some-index-2015.12.31.01,some-index-2015.12.31.02,some-index-2015.12.31.03,some-index-2015.12.31.04,some-index-2015.12.31.05,some-index-2015.12.31.06,some-index-2015.12.31.07,some-index-2015.12.31.08,some-index-2015.12.31.09,some-index-2015.12.31.10,some-index-2015.12.31.11,some-index-2015.12.31.12,some-index-2015.12.31.13,some-index-2015.12.31.14,some-index-2015.12.31.15,some-index-2015.12.31.16,some-index-2015.12.31.17,some-index-2015.12.31.18,some-index-2015.12.31.19,some-index-2015.12.31.20,some-index-2015.12.31.21,some-index-2015.12.31.22,some-index-2015.12.31.23,some-index-2016.01.01.00'
built_indexes = tattle.get_indexes(index_info,
datemath('2016-01-01||-3d'),
datemath('2016-01-01'))
self.assertEqual(built_indexes, expected)
index_info = 'some-index-%{+YYYY.MM.DD.HH}:day'
expected = 'some-index-2015.12.29.00,some-index-2015.12.30.00,some-index-2015.12.31.00,some-index-2016.01.01.00'
built_indexes = tattle.get_indexes(index_info,
datemath('2016-01-01||-3d'),
datemath('2016-01-01'))
self.assertEqual(built_indexes, expected)
def __init__(self, query, **kwargs):
super(TQL, self).__init__(**kwargs)
if self._start is None:
raise TQLException(
"Searches require at least a start time with either a timestamp or datemath expression: start='now-10m', end='now' | start='20160101', end='now'"
)
try:
self._query_raw = query
self._query = query
self._start_time = dm(self._start)
self._end_time = dm(self._end)
self._index = tattle.get_indexes(self._index_name_pattern,
self._start_time,
self._end_time,
pattern=self._index_ts_pattern)
except TQLException as e:
raise TQLArgsException(
"Unable to set arguments for TQL, I am missing: %s" % (e))
self._start_time_iso_str = self._start_time.format(self._ISO_TS)
self._end_time_iso_str = self._end_time.format(self._ISO_TS)
self._start_time_pretty = self._start_time.format(self._PRETTY_TS)
self._end_time_pretty = self._end_time.format(self._PRETTY_TS)
self._start_time_epoch = int(self._start_time.format('X'))
self._start_time_epoch_millis = self._start_time_epoch * 1000
self._end_time_epoch = int(self._end_time.format('X'))
self._end_time_epoch_millis = self._end_time_epoch * 1000
self._start_time_unix = self._start_time_epoch
self._end_time_unix = self._end_time_epoch
self._qd = self.get_intentions(self._query_raw)
self.build_es_query()
def build_indexes(self, index, **kwargs):
args = {}
for k, v in kwargs.items():
args[k] = v
return tattle.get_indexes(index,
datemath(kwargs.get('start', 'now-1h')),
datemath(kwargs.get('end', 'now')))
def __init__(self, **kwargs):
self._ISO_TS = 'YYYY-MM-DDTHH:mm:ssZZ'
self._PRETTY_TS = 'MMM D YYYY, HH:mm:ss ZZ'
self.agg_size_from = 0
self.agg_size = 0
self.hit_size_from = 0
self.hit_size = 10000
self._query_raw = ''
self._query = ''
self._start = None
self._start_time = dm('now-1m')
self._end_time = dm('now')
self.exclude = ''
self._ts_field = '@timestamp'
self._index_ts_pattern = 'YYYY.MM.DD'
self._index_name_pattern = 'logstash-*'
for key, value in kwargs.items():
if key in ('start', 'from', '_from'):
self._start = value
elif key in ('end', 'to', '_to'):
self._end = value
setattr(self, key, value)
self._index = tattle.get_indexes(self.index,
self._start_time,
self._end_time,
pattern=self._index_ts_pattern)
def testStarIndexNames(self):
index_info = 'some-index-*'
expected = 'some-index-2015.12.29,some-index-2015.12.30,some-index-2015.12.31,some-index-2016.01.01'
built_indexes = tattle.get_indexes(index_info,
datemath('2016-01-01||-3d'),
datemath('2016-01-01'))
self.assertEqual(built_indexes, expected)
def testIndexPatternInString(self):
index_info = 'some-index-%{+YYYY.MM.DD}'
expected = 'some-index-2015.12.29,some-index-2015.12.30,some-index-2015.12.31,some-index-2016.01.01'
built_indexes = tattle.get_indexes(index_info,
datemath('2016-01-01||-3d'),
datemath('2016-01-01'))
self.assertEqual(built_indexes, expected)
def testFromDictDefaultPatternAndDay(self):
index_info = {'name': 'some-index-'}
expected = 'some-index-2015.12.29,some-index-2015.12.30,some-index-2015.12.31,some-index-2016.01.01'
built_indexes = tattle.get_indexes(index_info,
datemath('2016-01-01||-3d'),
datemath('2016-01-01'))
self.assertEqual(built_indexes, expected)
def __init__(self, query, **kwargs):
super(TQL, self).__init__(**kwargs)
if self._start is None:
raise TQLException("Searches require at least a start time with either a timestamp or datemath expression: start='now-10m', end='now' | start='20160101', end='now'")
try:
self._query_raw = query
self._query = query
self._start_time = dm(self._start)
self._end_time = dm(self._end)
self._index = tattle.get_indexes(self._index_name_pattern, self._start_time, self._end_time, pattern=self._index_ts_pattern)
except TQLException as e:
raise TQLArgsException("Unable to set arguments for TQL, I am missing: %s" % (e))
self._start_time_iso_str = self._start_time.format(self._ISO_TS)
self._end_time_iso_str = self._end_time.format(self._ISO_TS)
self._start_time_pretty = self._start_time.format(self._PRETTY_TS)
self._end_time_pretty = self._end_time.format(self._PRETTY_TS)
self._start_time_epoch = int(self._start_time.format('X'))
self._start_time_epoch_millis = self._start_time_epoch * 1000
self._end_time_epoch = int(self._end_time.format('X'))
self._end_time_epoch_millis = self._end_time_epoch * 1000
self._start_time_unix = self._start_time_epoch
self._end_time_unix = self._end_time_epoch
self._qd = self.get_intentions(self._query_raw)
self.build_es_query()
def __init__(self, **kwargs):
self._ISO_TS = 'YYYY-MM-DDTHH:mm:ssZZ'
self._PRETTY_TS = 'MMM D YYYY, HH:mm:ss ZZ'
self.agg_size_from = 0
self.agg_size = 0
self.hit_size_from = 0
self.hit_size = 10000
self._query_raw = ''
self._query = ''
self._start = None
self._start_time = dm('now-1m')
self._end_time = dm('now')
self.exclude = ''
self._ts_field = '@timestamp'
self._index_ts_pattern = 'YYYY.MM.DD'
self._index_name_pattern = 'logstash-*'
for key, value in kwargs.items():
if key in ('start', 'from', '_from'):
self._start = value
elif key in ('end', 'to', '_to'):
self._end = value
setattr(self, key, value)
self._index = tattle.get_indexes(self.index, self._start_time, self._end_time, pattern=self._index_ts_pattern)
def testFromDictOne(self):
index_info = {
'pattern': 'YYYY.MM.DD',
'interval': 'day',
'name': 'some-index-'
}
expected = 'some-index-2015.12.29,some-index-2015.12.30,some-index-2015.12.31,some-index-2016.01.01'
built_indexes = tattle.get_indexes(index_info,
datemath('2016-01-01||-3d'),
datemath('2016-01-01'))
self.assertEqual(built_indexes, expected)
def build_indexes(self, index, **kwargs):
args = {}
for k,v in kwargs.items():
args[k] = v
return tattle.get_indexes(index, datemath(kwargs.get('start', 'now-1h')), datemath(kwargs.get('end', 'now')))