def testIndexPatternInStringWithInterval(self): index_info = 'some-index-%{+YYYY.MM.DD.HH}:hour' expected = 'some-index-2015.12.29.00,some-index-2015.12.29.01,some-index-2015.12.29.02,some-index-2015.12.29.03,some-index-2015.12.29.04,some-index-2015.12.29.05,some-index-2015.12.29.06,some-index-2015.12.29.07,some-index-2015.12.29.08,some-index-2015.12.29.09,some-index-2015.12.29.10,some-index-2015.12.29.11,some-index-2015.12.29.12,some-index-2015.12.29.13,some-index-2015.12.29.14,some-index-2015.12.29.15,some-index-2015.12.29.16,some-index-2015.12.29.17,some-index-2015.12.29.18,some-index-2015.12.29.19,some-index-2015.12.29.20,some-index-2015.12.29.21,some-index-2015.12.29.22,some-index-2015.12.29.23,some-index-2015.12.30.00,some-index-2015.12.30.01,some-index-2015.12.30.02,some-index-2015.12.30.03,some-index-2015.12.30.04,some-index-2015.12.30.05,some-index-2015.12.30.06,some-index-2015.12.30.07,some-index-2015.12.30.08,some-index-2015.12.30.09,some-index-2015.12.30.10,some-index-2015.12.30.11,some-index-2015.12.30.12,some-index-2015.12.30.13,some-index-2015.12.30.14,some-index-2015.12.30.15,some-index-2015.12.30.16,some-index-2015.12.30.17,some-index-2015.12.30.18,some-index-2015.12.30.19,some-index-2015.12.30.20,some-index-2015.12.30.21,some-index-2015.12.30.22,some-index-2015.12.30.23,some-index-2015.12.31.00,some-index-2015.12.31.01,some-index-2015.12.31.02,some-index-2015.12.31.03,some-index-2015.12.31.04,some-index-2015.12.31.05,some-index-2015.12.31.06,some-index-2015.12.31.07,some-index-2015.12.31.08,some-index-2015.12.31.09,some-index-2015.12.31.10,some-index-2015.12.31.11,some-index-2015.12.31.12,some-index-2015.12.31.13,some-index-2015.12.31.14,some-index-2015.12.31.15,some-index-2015.12.31.16,some-index-2015.12.31.17,some-index-2015.12.31.18,some-index-2015.12.31.19,some-index-2015.12.31.20,some-index-2015.12.31.21,some-index-2015.12.31.22,some-index-2015.12.31.23,some-index-2016.01.01.00' built_indexes = tattle.get_indexes(index_info, datemath('2016-01-01||-3d'), datemath('2016-01-01')) self.assertEqual(built_indexes, expected) index_info = 'some-index-%{+YYYY.MM.DD.HH}:day' expected = 'some-index-2015.12.29.00,some-index-2015.12.30.00,some-index-2015.12.31.00,some-index-2016.01.01.00' built_indexes = tattle.get_indexes(index_info, datemath('2016-01-01||-3d'), datemath('2016-01-01')) self.assertEqual(built_indexes, expected)
def __init__(self, query, **kwargs): super(TQL, self).__init__(**kwargs) if self._start is None: raise TQLException( "Searches require at least a start time with either a timestamp or datemath expression: start='now-10m', end='now' | start='20160101', end='now'" ) try: self._query_raw = query self._query = query self._start_time = dm(self._start) self._end_time = dm(self._end) self._index = tattle.get_indexes(self._index_name_pattern, self._start_time, self._end_time, pattern=self._index_ts_pattern) except TQLException as e: raise TQLArgsException( "Unable to set arguments for TQL, I am missing: %s" % (e)) self._start_time_iso_str = self._start_time.format(self._ISO_TS) self._end_time_iso_str = self._end_time.format(self._ISO_TS) self._start_time_pretty = self._start_time.format(self._PRETTY_TS) self._end_time_pretty = self._end_time.format(self._PRETTY_TS) self._start_time_epoch = int(self._start_time.format('X')) self._start_time_epoch_millis = self._start_time_epoch * 1000 self._end_time_epoch = int(self._end_time.format('X')) self._end_time_epoch_millis = self._end_time_epoch * 1000 self._start_time_unix = self._start_time_epoch self._end_time_unix = self._end_time_epoch self._qd = self.get_intentions(self._query_raw) self.build_es_query()
def build_indexes(self, index, **kwargs): args = {} for k, v in kwargs.items(): args[k] = v return tattle.get_indexes(index, datemath(kwargs.get('start', 'now-1h')), datemath(kwargs.get('end', 'now')))
def __init__(self, **kwargs): self._ISO_TS = 'YYYY-MM-DDTHH:mm:ssZZ' self._PRETTY_TS = 'MMM D YYYY, HH:mm:ss ZZ' self.agg_size_from = 0 self.agg_size = 0 self.hit_size_from = 0 self.hit_size = 10000 self._query_raw = '' self._query = '' self._start = None self._start_time = dm('now-1m') self._end_time = dm('now') self.exclude = '' self._ts_field = '@timestamp' self._index_ts_pattern = 'YYYY.MM.DD' self._index_name_pattern = 'logstash-*' for key, value in kwargs.items(): if key in ('start', 'from', '_from'): self._start = value elif key in ('end', 'to', '_to'): self._end = value setattr(self, key, value) self._index = tattle.get_indexes(self.index, self._start_time, self._end_time, pattern=self._index_ts_pattern)
def testStarIndexNames(self): index_info = 'some-index-*' expected = 'some-index-2015.12.29,some-index-2015.12.30,some-index-2015.12.31,some-index-2016.01.01' built_indexes = tattle.get_indexes(index_info, datemath('2016-01-01||-3d'), datemath('2016-01-01')) self.assertEqual(built_indexes, expected)
def testIndexPatternInString(self): index_info = 'some-index-%{+YYYY.MM.DD}' expected = 'some-index-2015.12.29,some-index-2015.12.30,some-index-2015.12.31,some-index-2016.01.01' built_indexes = tattle.get_indexes(index_info, datemath('2016-01-01||-3d'), datemath('2016-01-01')) self.assertEqual(built_indexes, expected)
def testFromDictDefaultPatternAndDay(self): index_info = {'name': 'some-index-'} expected = 'some-index-2015.12.29,some-index-2015.12.30,some-index-2015.12.31,some-index-2016.01.01' built_indexes = tattle.get_indexes(index_info, datemath('2016-01-01||-3d'), datemath('2016-01-01')) self.assertEqual(built_indexes, expected)
def __init__(self, query, **kwargs): super(TQL, self).__init__(**kwargs) if self._start is None: raise TQLException("Searches require at least a start time with either a timestamp or datemath expression: start='now-10m', end='now' | start='20160101', end='now'") try: self._query_raw = query self._query = query self._start_time = dm(self._start) self._end_time = dm(self._end) self._index = tattle.get_indexes(self._index_name_pattern, self._start_time, self._end_time, pattern=self._index_ts_pattern) except TQLException as e: raise TQLArgsException("Unable to set arguments for TQL, I am missing: %s" % (e)) self._start_time_iso_str = self._start_time.format(self._ISO_TS) self._end_time_iso_str = self._end_time.format(self._ISO_TS) self._start_time_pretty = self._start_time.format(self._PRETTY_TS) self._end_time_pretty = self._end_time.format(self._PRETTY_TS) self._start_time_epoch = int(self._start_time.format('X')) self._start_time_epoch_millis = self._start_time_epoch * 1000 self._end_time_epoch = int(self._end_time.format('X')) self._end_time_epoch_millis = self._end_time_epoch * 1000 self._start_time_unix = self._start_time_epoch self._end_time_unix = self._end_time_epoch self._qd = self.get_intentions(self._query_raw) self.build_es_query()
def testFromDictOne(self): index_info = { 'pattern': 'YYYY.MM.DD', 'interval': 'day', 'name': 'some-index-' } expected = 'some-index-2015.12.29,some-index-2015.12.30,some-index-2015.12.31,some-index-2016.01.01' built_indexes = tattle.get_indexes(index_info, datemath('2016-01-01||-3d'), datemath('2016-01-01')) self.assertEqual(built_indexes, expected)
def build_indexes(self, index, **kwargs): args = {} for k,v in kwargs.items(): args[k] = v return tattle.get_indexes(index, datemath(kwargs.get('start', 'now-1h')), datemath(kwargs.get('end', 'now')))