-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathsearch.js
More file actions
110 lines (103 loc) · 4.14 KB
/
search.js
File metadata and controls
110 lines (103 loc) · 4.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
var util = require('util');
var splunk = require('./splunk');
var irclog = require('./irclog');
/*
** Takes a search string, searches splunk and outputs in IRC Log format
*/
function logsearch(searchstr, callback, limit, earliest_time, latest_time) {
var limit = limit || 25;
var splunksearch = "search `irclogs` | search "+searchstr+" | head "+limit+" | "
+"fields _raw, _time, host, index, source, sourcetype, action, reason, "
+"channel, prettynick, names, oldnick, newnick, nick, server, text, to, topic";
splunk.search(splunksearch, function(err, results) {
if (err) {
callback(err);
} else {
callback(null, irclog.makeirclog(results));
}
}, earliest_time, latest_time);
}
/*
** Takes a search string, searches splunk and outputs in JSON format which looks like:
** { fields [ 'list', 'of, 'fields' ]
** rows [ [ 'list', 'of', 'fields' ], ['list', 'of', 'fields'] ] }
*/
function search(searchstr, callback, limit, earliest_time, latest_time) {
var limit = limit || 25;
var splunksearch = "search `irclogs` | search "+searchstr+" | head "+limit+" | "
+"fields _raw, _time, host, index, source, sourcetype, action, reason, "
+"channel, prettynick, names, oldnick, newnick, nick, server, text, to, topic";
splunk.search(splunksearch, function(err, results) {
if (err) {
callback(err);
} else {
callback(null, results);
}
}, earliest_time, latest_time);
}
function lasturls(to, callback, limit, formatcallback, earliest_time, latest_time) {
var formatcallback = formatcallback || function(rows, fields) {
var retstr = '';
for (var i=0; i < rows.length; i++) {
retstr += rows[i][fields.indexOf('url')]+' at '+irclog.maketime(rows[i][fields.indexOf('_time')])
+' by '+rows[i][fields.indexOf('nick')]+'\n';
}
return retstr;
}
var limit = limit || 3;
var splunksearch = "search `irclogs` | search action=message to="+to+" http:// | rex \"(?P<url>http://[^\\\" ]+)\" | "
+"head "+limit+" | fields _time, nick, url";
splunk.search(splunksearch, function(err, results) {
if (err) {
callback(err);
} else {
callback(null, formatcallback(results.rows, results.fields));
}
}, earliest_time, latest_time, limit);
}
/* For testing only, if we're called as a standalone script, do a search and output it as an irc log */
if (module === require.main) {
/*var searchstr = "search sourcetype=splunkbot_logs Coccyx | reverse | "
+"fields _raw, _time, host, index, source, sourcetype, action, reason, "
+"channel, prettynick, names, oldnick, newnick, nick, server, text, to, topic";*/
/*search(searchstr, function(err, results) {
if (err) {
// Error
console.log("Error: ", err)
} else {
console.log(results);
}
}, '-24h');*/
/*splunk.search(searchstr, function(err, results) {
if (err) {
// Error
console.log("Error: ", err)
} else {
console.log(makeirclog(results));
}
});*/
search("Coccyx", function(err, log) {
if (err) {
console.log("Error: "+err);
} else {
console.log(log);
}
});
logsearch("Coccyx", function(err, log) {
if (err) {
console.log("Error: "+err);
} else {
console.log(log);
}
});
lasturls("#splunk", function(err, log) {
if (err) {
console.log("Error: "+err);
} else {
console.log(log);
}
});
}
exports.search = search;
exports.logsearch = logsearch;
exports.lasturls = lasturls;