NAME
Search::ESsearcher - Provides a handy system for doing templated elasticsearch searches.
VERSION
Version 0.4.4
SYNOPSIS
use Search::ESsearcher;
my $ess = Search::ESsearcher->new();
METHODS
new
This initiates the object.
my $ss=Search::ESsearcher->new;
This returns what Elasticsearch config will be used.
my $elastic=$ess->elastic_get;
This sets the name of the config file to use.
One option is taken and name of the config file to load.
Undef sets it back to the default, "default".
$ess->elastic_set('foo');
$ess->elastic_set(undef);
fetch_help
This fetches the help for the current search and returns it. Failsure to find one, results in a empty message being returned.
my $help=$ess->fetch_help;
get_options
This fetches the options for use later when filling in the search template.
$ess->get_options;
load_options
This loads the currently set options.
$ess->load_options;
load_elastic
This loads the currently specified config file containing the Elasticsearch config JSON.
$ess->load_elastic;
load_output
This loads the currently specified output template.
While this is save internally, the template is also returned as a string.
my $outpot_template=$ess->load_output;
load_search
This loads the currently specified search template.
While this is save internally, the template is also returned as a string.
my $search_template=$ess->load_search;
name_valide
This validates a config name.
One option is taken and that is the name to valid.
The returned value is a perl boolean based on if it it is valid or not.
if ( ! $ess->name_validate( $name ) ){
print "Name is not valid.\n";
}
This returns the currently set options config name.
my $options=$ess->options_get;
This sets the options config name to use.
One option is taken and this is the config name. If it is undefiend, then the default is used.
$ess->options_set( $name );
This returns the currently set output template name.
my $output=$ess->output_get;
This sets the output template name to use.
One option is taken and this is the template name. If it is undefiend, then the default is used.
$ess->output_set( $name );
results_process
This processes the results from search_run.
One option is taken and that is the return from search_run.
The returned value from this is array of each document found after it has been formated using the set output template.
my $results=$ess->search_run;
my @formated=$ess->results_process( $results );
@formated=reverse(@formated);
print join("\n", @formated)."\n";
This returns the currently set search template name.
my $search=$ess->search_get;
search_fill_in
This fills in the loaded search template.
The results are saved internally as well as returned.
my $filled_in=$ess->search_fill_in;
search_run
This is used to run the search after search_fill_in has been called.
The returned value is of the type that would be returned by Search::Elasticsearch->search.
my $results=$ess->search_run;
This sets the search template name to use.
One option is taken and this is the template name. If it is undefiend, then the default is used.
$ess->search_sets( $name );
Configuration And Usage
Configs, help, and templates are looked for in the following manner and order, with the following of the elasticsearch config.
$ENV{HOME}."/.config/essearcher/".$item."/".$name
$base.'/etc/essearcher/".$item."/".$name
Search::ESsearcher::Templates::$name->$item
ERROR
Item can be any of the following.
elastic
help
output
options
search
The basic idea is you have matching output, options and search that you can use to perform queries and print the results.
Each template/config is its own file under the directory named after its purpose. So the options template fail2ban would be 'options/fail2ban'.
elastic
This directory contains JSON formatted config files for use with connecting to the Elasticsearch server.
This is then read in and converted to a hash and feed to Search::Elasticsearch->new.
By default it will attempt to connect to it on "127.0.0.1:9200". The JSON equivalent would be...
{ "nodes": [ "127.0.0.1:9200" ] }
options
This is a file that will be used as a string for with Getopt::Long. They will be passed to the templates as a hash.
help
This contains information on the options the search uses.
This is just a text file containing information and is not required.
If you are writing a module, it should definitely be present.
search
This is a Template template that will be filled in using the data from the passed command line options and used to run the search.
The end result should be valid JSON that can be turned into a hash for feeding Search::Elasticsearch->search.
When writing search templates, it is highly suggested to use Template::Plugin::JSON for when inserting variables as it will automatically escape them.
output
This is a Template template that will be filled in using the data from the passed command line options and the returned results.
It will be used for each returned document. bin/essearcher will then join the array with "\n".
TEMPLATES
o
This is a hash that contains the parsed options.
Below is a example with the option --program and transforming it a JSON save value.
[% USE JSON ( pretty => 1 ) %]
[% DEFAULT o.program = "*" %]
{"query_string": {
"default_field": "program",
"query": [% o.program.json %]
}
},
aon
This is AND, OR, or NOT sub that handles the following in a string, transforming them from the punctuation to the logic.
, OR
+ AND
! NOT
So the string "postfix,spamd" would become "postfix OR spamd".
Can be used like below.
[% USE JSON ( pretty => 1 ) %]
[% IF o.program %]
{"query_string": {
"default_field": "program",
"query": [% aon( o.program ).json %]
}
},
[% END %]
This function is only available for the search template.
aonHost
This is AND, OR, or NOT sub that handles the following in a string, transforming them from the punctuation to the logic.
, OR
+ AND
! NOT
So the string "foo.,mail.bar." would become "/foo./ OR /mail.bar./".
This is best used with $field.keyword.
Can be used like below.
[% USE JSON ( pretty => 1 ) %]
[% IF o.host %]
{"query_string": {
"default_field": "host.keyword",
"query": [% aonHost( o.host ).json %]
}
},
[% END %]
This function is only available for the search template.
c
This wraps Term::ANSIColor->color.
[% c("cyan") %][% f.timestamp %] [% c("bright_blue") %][% f.logsource %]
This function is only available for the output template.
pd
This is a time helper.
/^-/ appends "now" to it. So "-5m" becomes "now-5m".
/^u\:/ takes what is after ":" and uses Time::ParseDate to convert it to a unix time value.
Any thing not matching maching any of the above will just be passed on.
[% IF o.dgt %]
{"range": {
"@timestamp": {
"gt": [% pd( o.dgt ).json %]
}
}
},
[% END %]
Modules
Additonal modules bundling help, options, search, and output can be made. The requirement for these are as below.
They need to exist below Search::ESsearcher::Templates.
Provide the following functions that return strings.
help
options
search
output
Basic information as to what is required to make it work in logstash or the like is also good as well.
ERROR CODES/FLAGS
All error handling is done via Error::Helper.
1 / IOerror
Failed to perform some sort of file operation.
2 / NOfile
The specified template/config does not exist.
3 / nameIsInvalid
Invalid name specified.
4 / searchNotUsable
Errored while processing the template.
For more information on writing templates, see Template.
5 / elasticnotloadable
The Elasticsearch config does not parse as JSON, preventing it from being loaded.
6 / notResults
The return value passed to results_process deos not appear to be a results return. Most likely the search errored and returned undef or a blank value.
AUTHOR
Zane C. Bowers-Hadley, <vvelox at vvelox.net>
BUGS
Please report any bugs or feature requests to bug-search-essearcher at rt.cpan.org
, or through the web interface at https://rt.cpan.org/NoAuth/ReportBug.html?Queue=Search-ESsearcher. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Search::ESsearcher
You can also look for information at:
RT: CPAN's request tracker (report bugs here)
AnnoCPAN: Annotated CPAN documentation
CPAN Ratings
Search CPAN
Repository
ACKNOWLEDGEMENTS
LICENSE AND COPYRIGHT
This software is Copyright (c) 2019 by Zane C. Bowers-Hadley.
This is free software, licensed under:
The Artistic License 2.0 (GPL Compatible)
8 POD Errors
The following errors were encountered while parsing the POD:
- Around line 102:
Unknown directive: =head
- Around line 121:
Unknown directive: =head
- Around line 596:
Unknown directive: =head
- Around line 615:
Unknown directive: =head
- Around line 650:
Unknown directive: =head
- Around line 670:
Unknown directive: =head
- Around line 785:
Unknown directive: =head
- Around line 922:
Unknown directive: =head