Documentation ¶
Index ¶
- Constants
- type AuthenticationType
- type Connection
- func (c Connection) Search(searchQuery string, searchOptions SearchOptions) ([]map[string]interface{}, error)
- func (c Connection) SearchAndExec(searchQuery string, searchOptions SearchOptions, ...)
- func (c Connection) SearchJobCreate(searchQuery string, searchOptions SearchOptions) (string, error)
- func (c Connection) SearchJobResults(jobID string) ([]map[string]interface{}, error)
- func (c Connection) SearchJobStatus(jobID string) (SearchJobStatus, error)
- type SearchJobStatus
- type SearchOptions
Constants ¶
View Source
const DEFAULT_MAX_COUNT = 10000
View Source
const PARTITION_COUNT = 5
View Source
const SEARCH_WAIT = 5
View Source
const SPLUNK_TIME_FORMAT = "%m/%d/%Y:%H:%M:%S"
View Source
const TIME_FORMAT = "01/02/2006:15:04:05"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticationType ¶
type AuthenticationType string
const AuthenticationTokenAuth AuthenticationType = "authentication-token"
const AuthorizationTokenAuth AuthenticationType = "authorization-token"
const BasicAuth AuthenticationType = "basic"
func GetAllAuthenticationTypes ¶
func GetAllAuthenticationTypes() []AuthenticationType
func ParseAuthenticationType ¶
func ParseAuthenticationType(s string) (c AuthenticationType, err error)
type Connection ¶
type Connection struct { Host string `toml:"host"` AuthType AuthenticationType `toml:"auth-type"` // basic, authorization-token, authentication-token Username string `toml:"username"` Password string `toml:"password"` AuthenticationToken string `toml:"authentication-token"` MaxCount int `toml:"max-count"` InsecureSkipVerify bool `toml:"insecure-skip-verify"` // contains filtered or unexported fields }
func (Connection) Search ¶
func (c Connection) Search(searchQuery string, searchOptions SearchOptions) ([]map[string]interface{}, error)
Blocking Search function this will queue a search job, and wait in SEARCH_WAIT increments to check search-job status, and then return the result records
func (Connection) SearchAndExec ¶
func (c Connection) SearchAndExec(searchQuery string, searchOptions SearchOptions, onSuccess func([]map[string]interface{}) error, onError func(error), )
Stub function making it easier to search in an Async fashion as a goroutine
func (Connection) SearchJobCreate ¶
func (c Connection) SearchJobCreate(searchQuery string, searchOptions SearchOptions) (string, error)
func (Connection) SearchJobResults ¶
func (c Connection) SearchJobResults(jobID string) ([]map[string]interface{}, error)
func (Connection) SearchJobStatus ¶
func (c Connection) SearchJobStatus(jobID string) (SearchJobStatus, error)
type SearchJobStatus ¶
type SearchJobStatus struct { Messages []struct { Type string `json:"type"` Message string `json:"text"` } Entry []struct { Content struct { IsDone bool `json:"isDone"` IsFailed bool `json:"isFailed"` } `json:"content"` } `json:"entry"` }
func (SearchJobStatus) IsDone ¶
func (s SearchJobStatus) IsDone() (bool, error)
type SearchOptions ¶
type SearchOptions struct { // max records, defaults to DEFAULT_MAX_COUNT MaxCount int // Sets the earliest (inclusive), respectively, time bounds for the search. // use time format %m/%d/%Y:%H:%M:%S UseEarliestTime bool EarliestTime time.Time // Sets the latest (exclusive), respectively, time bounds for the search. // use time format %m/%d/%Y:%H:%M:%S UseLatestTime bool LatestTime time.Time // In the Search function ; for searches which hit the maxCount, // to recursively create new searches on reduced time ranges // (by using shrinking earliest and latest time fields) // and combine the results at the end AllowPartition bool // AdhocSearchLevel can be fast, smart or verbose according to splunk documentation AdhocSearchLevel string }
hold options that can be passed to a search job more details can be found here: https://docs.splunk.com/Documentation/Splunk/9.1.0/RESTREF/RESTsearch#search.2Fjobs
Click to show internal directories.
Click to hide internal directories.