Documentation ¶
Overview ¶
Package dohyo provides a wrapper for Sumo Logic Search Job API tasks.
Documentation for the API can be found here: https://help.sumologic.com/APIs/Search-Job-API/About-the-Search-Job-API
Index ¶
- type SearchJobMessageRaw
- type SearchJobMessages
- type SearchJobQuery
- type SearchJobState
- type SumoLogicAuthModel
- type SumoObject
- func (o *SumoObject) DeleteSearchJob() error
- func (o *SumoObject) GenerateAndPutAuthModel(id, key string)
- func (o *SumoObject) SearchJob() error
- func (o *SumoObject) SearchJobMessages(query map[string]string) error
- func (o *SumoObject) SearchJobRecords(query map[string]string) (map[string]interface{}, error)
- func (o *SumoObject) SearchJobStatus() error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SearchJobMessageRaw ¶
type SearchJobMessages ¶
type SearchJobMessages struct {
Message SearchJobMessageRaw `json:"map"`
}
SearchJobMessages contains messages returned from a Sumo Logic Search Job.
type SearchJobQuery ¶
type SearchJobQuery struct { Query string `json:"query"` From string `json:"from"` To string `json:"to"` TimeZone string `json:"timeZone"` }
SearchJobQuery contains Sumo Logic Search Job parameters as described in the API documentation: https://help.sumologic.com/APIs/Search-Job-API/About-the-Search-Job-API
type SearchJobState ¶
type SearchJobState struct { ID string `json:"id"` State string `json:"state"` MessageCount int `json:"messageCount"` RecordCount int `json:"recordCount"` }
SearchJobData contains information about a current job. Return values are specified in the API documentation: https://help.sumologic.com/APIs/Search-Job-API/About-the-Search-Job-API
type SumoLogicAuthModel ¶
func (*SumoLogicAuthModel) BasicAuthHeader ¶
func (a *SumoLogicAuthModel) BasicAuthHeader(r *http.Request)
type SumoObject ¶
type SumoObject struct { // Auth is a SumoLogicAuthModel, and contains the AccessID and AccessKey for // an authorized user. Auth *SumoLogicAuthModel // HostURL is the Sumo Logic host HostURL string // QueryURL is the Sumo Logic API endpoint QueryURL string // Headers are additional headers. These are applied to any query performed // using this SumoObject pointer. Headers map[string]string SearchJobQuery *SearchJobQuery SearchJobState *SearchJobState SearchJobMessage *[]SearchJobMessages `json:"messages"` }
SumoObject contains data for a particular Sumo Logic session
func (*SumoObject) DeleteSearchJob ¶
func (o *SumoObject) DeleteSearchJob() error
func (*SumoObject) GenerateAndPutAuthModel ¶
func (o *SumoObject) GenerateAndPutAuthModel(id, key string)
GenerateAndPutAuthModel creates and populates the SumoObject.Auth value with the provides Sumo Logic AccessID & AccessKey
func (*SumoObject) SearchJob ¶
func (o *SumoObject) SearchJob() error
SearchJob executes the SumoLogic search query. As this is executed remotely, use *SumoObject.SearchJobStatus to monitor status for updates.
func (*SumoObject) SearchJobMessages ¶
func (o *SumoObject) SearchJobMessages(query map[string]string) error
SearchJobMessages populates the SearchJobMessage struct value for a SumoObject. Paging results overwrites previously obtained messages, so existing messages should be processed/handled before retrieving additional messages with an offset. The query parameter should be a json map containing the offset, and limit. Here is an example for how this might be used;
var limit = "1000" var offset = 0 var written = 0 for { query := map[string]string{"limit": limit, "offset": fmt.Sprintf("%d", offset)} // This overwrites existing messages in the struct. err := SumoObj.SearchJobMessages(query) if err != nil { return err } err = someMessageHandler(output_file) // handle existing messages if err != nil { return err } // Report what was written. written += len(*SumoObj.SearchJobMessage) // Continue if there are more messages to receive. if written < SumoObj.SearchJobState.MessageCount { offset += 1000 } else { break } }
func (*SumoObject) SearchJobRecords ¶
func (o *SumoObject) SearchJobRecords(query map[string]string) (map[string]interface{}, error)
SearchJobRecords returns a map[string]interface{} type containing the requested records. The query parameter should be a json map containing the offset, and limit.
func (*SumoObject) SearchJobStatus ¶
func (o *SumoObject) SearchJobStatus() error
SearchJobStatus retrieves the current status of the job, and populates SumoObject.SearchJobStatus. State will be "GATHERING RESULTS" while the search is active, and "DONE GATHERING RESULTS" when the search is complete and messages can be retrieved.
An example of the type of logic to retrieve status for an executed job might be something similar to this;
for { err = SumoObj.SearchJobStatus() if err != nil { // handle error } else { if SumoObj.SearchJobState.State == "GATHERING RESULTS" { if SumoObj.SearchJobState.MessageCount != 0 { // log number of messages currently found } // Pace these checks time.Sleep(time.Second * 3) } else if SumoObj.SearchJobState.State == "DONE GATHERING RESULTS" { if SumoObj.SearchJobState.MessageCount != 0 { // report total messages found break } else { fmt.Println("No log entries found.") // Delete search job if err := SumoObj.DeleteSearchJob(); err != nil { // handle error } os.Exit(0) } } } }