dohyo

package module
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 4, 2022 License: GPL-3.0 Imports: 7 Imported by: 0

README

Go Doc

Dohyo provides a wrapper for Sumo Logic Search Job API tasks.

Documentation for the API can be found here: https://help.sumologic.com/APIs/Search-Job-API/About-the-Search-Job-API

Documentation

Overview

Package dohyo provides a wrapper for Sumo Logic Search Job API tasks.

Documentation for the API can be found here: https://help.sumologic.com/APIs/Search-Job-API/About-the-Search-Job-API

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type SearchJobMessageRaw 

type SearchJobMessageRaw struct {
	MessageTime string `json:"_messagetime"`
	Host        string `json:"_sourcehost"`
	Type        string `json:"_sourcename"`
	Log         string `json:"_raw"`
}

type SearchJobMessages 

type SearchJobMessages struct {
	Message SearchJobMessageRaw `json:"map"`
}

SearchJobMessages contains messages returned from a Sumo Logic Search Job.

type SearchJobQuery 

type SearchJobQuery struct {
	Query    string `json:"query"`
	From     string `json:"from"`
	To       string `json:"to"`
	TimeZone string `json:"timeZone"`
}

SearchJobQuery contains Sumo Logic Search Job parameters as described in the API documentation: https://help.sumologic.com/APIs/Search-Job-API/About-the-Search-Job-API

type SearchJobState 

type SearchJobState struct {
	ID           string `json:"id"`
	State        string `json:"state"`
	MessageCount int    `json:"messageCount"`
	RecordCount  int    `json:"recordCount"`
}

SearchJobData contains information about a current job. Return values are specified in the API documentation: https://help.sumologic.com/APIs/Search-Job-API/About-the-Search-Job-API

type SumoLogicAuthModel 

type SumoLogicAuthModel struct {
	AccessID  string
	AccessKey string
}

func (*SumoLogicAuthModel) BasicAuthHeader 

func (a *SumoLogicAuthModel) BasicAuthHeader(r *http.Request)

type SumoObject 

type SumoObject struct {
	// Auth is a SumoLogicAuthModel, and contains the AccessID and AccessKey for
	// an authorized user.
	Auth *SumoLogicAuthModel
	// HostURL is the Sumo Logic host
	HostURL string
	// QueryURL is the Sumo Logic API endpoint
	QueryURL string
	// Headers are additional headers. These are applied to any query performed
	// using this SumoObject pointer.
	Headers          map[string]string
	SearchJobQuery   *SearchJobQuery
	SearchJobState   *SearchJobState
	SearchJobMessage *[]SearchJobMessages `json:"messages"`
}

SumoObject contains data for a particular Sumo Logic session

func (*SumoObject) DeleteSearchJob 

func (o *SumoObject) DeleteSearchJob() error

func (*SumoObject) GenerateAndPutAuthModel 

func (o *SumoObject) GenerateAndPutAuthModel(id, key string)

GenerateAndPutAuthModel creates and populates the SumoObject.Auth value with the provides Sumo Logic AccessID & AccessKey

func (*SumoObject) SearchJob 

func (o *SumoObject) SearchJob() error

SearchJob executes the SumoLogic search query. As this is executed remotely, use *SumoObject.SearchJobStatus to monitor status for updates.

func (*SumoObject) SearchJobMessages 

func (o *SumoObject) SearchJobMessages(query map[string]string) error

SearchJobMessages populates the SearchJobMessage struct value for a SumoObject. Paging results overwrites previously obtained messages, so existing messages should be processed/handled before retrieving additional messages with an offset. The query parameter should be a json map containing the offset, and limit. Here is an example for how this might be used; 

var limit = "1000"
var offset = 0
var written = 0

for {
	query := map[string]string{"limit": limit, "offset": fmt.Sprintf("%d", offset)}

	// This overwrites existing messages in the struct.
	err := SumoObj.SearchJobMessages(query)
	if err != nil {
		return err
	}

	err = someMessageHandler(output_file) // handle existing messages
	if err != nil {
		return err
	}
	// Report what was written.
	written += len(*SumoObj.SearchJobMessage)

	// Continue if there are more messages to receive.
	if written < SumoObj.SearchJobState.MessageCount {
		offset += 1000
	} else {
		break
	}
}

func (*SumoObject) SearchJobRecords 

func (o *SumoObject) SearchJobRecords(query map[string]string) (map[string]interface{}, error)

SearchJobRecords returns a map[string]interface{} type containing the requested records. The query parameter should be a json map containing the offset, and limit.

func (*SumoObject) SearchJobStatus 

func (o *SumoObject) SearchJobStatus() error

SearchJobStatus retrieves the current status of the job, and populates SumoObject.SearchJobStatus. State will be "GATHERING RESULTS" while the search is active, and "DONE GATHERING RESULTS" when the search is complete and messages can be retrieved.

An example of the type of logic to retrieve status for an executed job might be something similar to this; 

	for {
		err = SumoObj.SearchJobStatus()
		if err != nil {
			// handle error
		} else {
			if SumoObj.SearchJobState.State == "GATHERING RESULTS" {
				if SumoObj.SearchJobState.MessageCount != 0 {
					// log number of messages currently found
				}
                // Pace these checks
				time.Sleep(time.Second * 3)
			} else if SumoObj.SearchJobState.State == "DONE GATHERING RESULTS" {
				if SumoObj.SearchJobState.MessageCount != 0 {
					// report total messages found
					break
				} else {
              		fmt.Println("No log entries found.")

					// Delete search job
					if err := SumoObj.DeleteSearchJob(); err != nil {
						// handle error
					}
					os.Exit(0)
				}
			}
		}
	}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.