def test_search_fields_join_prettyprint_table(self):
expected = [
'index ip handle event ',
"['ip_rdap', 'rdap'] 7 handle1 4 ",
"['ip_rdap', 'rdap'] 10 handle2 5 ",
"['ip_rdap', 'rdap'] [15, 19, 21] handle3 6 "
]
actual = list(
search.query(
'search index=ip_rdap OR index=rdap | fields index ip handle event | join BY handle | prettyprint format=table',
self.wh))
self.assertEqual(expected, actual)
def test_search_le_expression(self):
expected = [{
'event': 1,
'k': 'v',
'ip': 7,
'index': 'geoip'
}, {
'event': 2,
'k': 'v',
'ip': 10,
'index': 'geoip'
}]
actual = list(search.query('search index=geoip ip<=10', self.wh))
self.assertEqual(expected, actual)
def test_search_not(self):
expected = [{
'event': 1,
'k': 'v',
'ip': 7,
'index': 'geoip'
}, {
'event': 3,
'k': 'v',
'ip': 15,
'index': 'geoip'
}]
actual = list(search.query('search index=geoip NOT ip=10', self.wh))
self.assertEqual(expected, actual)
def test_search_fields(self):
expected = [{
'event': 1,
'ip': 7
}, {
'event': 2,
'ip': 10
}, {
'event': 3,
'ip': 15
}]
actual = list(
search.query('search index=geoip | fields event ip', self.wh))
self.assertEqual(expected, actual)
def test_search_disjunction(self):
expected = [{
'event': 2,
'k': 'v',
'ip': 10,
'index': 'geoip'
}, {
'event': 3,
'k': 'v',
'ip': 15,
'index': 'geoip'
}]
actual = list(
search.query('search index=geoip ip=10 OR ip=15', self.wh))
self.assertEqual(expected, actual)
def test_search_asterisk(self):
expected = [{
'event': 1,
'k': 'v',
'ip': 7,
'index': 'geoip'
}, {
'event': 2,
'k': 'v',
'ip': 10,
'index': 'geoip'
}, {
'event': 3,
'k': 'v',
'ip': 15,
'index': 'geoip'
}]
actual = list(search.query('search index=geoip ip=*', self.wh))
self.assertEqual(expected, actual)
def input_loop(self):
"""
Loop and accept input for querying the data.
"""
running = True
while running:
try:
print()
s = input('> ')
parts = s.split(' ')
command = parts[0]
if command == 'search':
query = ' '.join(parts[1:])
if not query:
print('No query!')
continue
try:
results = search.query('search ' + query, self.warehouse, verbose=self.args.verbose)
print('results:')
for result in results:
print(result)
except lark.exceptions.ParseError:
print('Parse error')
continue
elif command == 'exit' or command == 'quit':
running = False
elif command == '':
continue
else:
print(f'Unknown command: {command}')
continue
except KeyboardInterrupt:
running = False
print()
def test_search_fields_join_prettyprint_json(self):
expected = [
'{\n'
' "index": [\n'
' "ip_rdap",\n'
' "rdap"\n'
' ],\n'
' "ip": 7,\n'
' "handle": "handle1",\n'
' "event": 4\n'
'}', '{\n'
' "index": [\n'
' "ip_rdap",\n'
' "rdap"\n'
' ],\n'
' "ip": 10,\n'
' "handle": "handle2",\n'
' "event": 5\n'
'}', '{\n'
' "index": [\n'
' "ip_rdap",\n'
' "rdap"\n'
' ],\n'
' "ip": [\n'
' 15,\n'
' 19,\n'
' 21\n'
' ],\n'
' "handle": "handle3",\n'
' "event": 6\n'
'}'
]
actual = list(
search.query(
'search index=ip_rdap OR index=rdap | fields index ip handle event | join BY handle | prettyprint format=json',
self.wh))
self.assertEqual(expected, actual)
def test_search_fields_join(self):
expected = [{
'handle': 'handle1',
'index': ['ip_rdap', 'rdap'],
'event': 4,
'ip': 7
}, {
'handle': 'handle2',
'index': ['ip_rdap', 'rdap'],
'event': 5,
'ip': 10
}, {
'handle': 'handle3',
'index': ['ip_rdap', 'rdap'],
'event': 6,
'ip': [15, 19, 21]
}]
actual = list(
search.query(
'search index=ip_rdap OR index=rdap OR index=geoip | fields index ip handle event | join BY handle',
self.wh))
self.assertEqual(expected, actual)
def test_search_no_matches(self):
expected = []
actual = list(search.query('search index=geoip ip=2', self.wh))
self.assertEqual(expected, actual)
def test_search_field_dne(self):
expected = []
actual = list(search.query('search index=geoip derp=herp', self.wh))
self.assertEqual(expected, actual)
def test_search_gt_expression(self):
expected = [{'event': 3, 'k': 'v', 'ip': 15, 'index': 'geoip'}]
actual = list(search.query('search index=geoip ip>10', self.wh))
self.assertEqual(expected, actual)
