代码片段
这一节将帮助您掌握关于EventLog_Analyzer_API常用的基本功能。
启动连接
您可以使用下面的命令启动连接
创建连接对象
- c = Connection()
- conn = c.open_connection()
您现在可以使用这个连接器对象来访问搜索APIs
注意: 始终将连接对象分配给变量,而不是内联。之后,变量将会对关闭连接非常有用。
设置请求对象
建立连接之后,您需要使用服务器验证API密钥,并将其设置在请求对象中,如下所示:
- reqObj = Request()
- reqObj.key = auth.get_key("client/")
关闭连接
现在 已建立连接,您可以继续配置代码。一旦完成,使用下面的命令关闭连接:
执行简单搜索
- 设置请求对象
- reqObj = Request()
- reqObj.startTime = "2014-01-01 00:00"
- reqObj.endTime = "2014-01-01 23:59"
- reqObj.query = "HOSTNAME = twister"
- 然后调用客户端对象搜索API。
- response = conn.search(reqObj)
- 最后,从响应对象中获取结果。
- 如果没有找到结果,会出现SearchException : no hits got / end of search
注意:
Results are a list of map wherein each entry is a record and each record contains fieldsd and its corresponding values. By default the result contains 10 records. You can change this by setting the count in the following response object:
reqObj.requiredHitsCount = myCount
Replace the value 'myCount' with your own count value.
Note on Time Parameters
If you have not specified the start and end time, then the search is automatically performed from the current date to the current time.
If only the start time is specified, then the search is carried out from that time to the current time
Getting sorted results
If you want the result to be sorted with respect to a specific field, then you can do that with the following commands:
- reqObj = Request()
- reqObj.startTime = "2014-01-01 00:00"
- reqObj.endTime = "2014-01-01 23:59"
- reqObj.query = "*"
- reqObj.sortByFieldName = "<YOUR_FIELD_NAME>"
- response = conn.search (reqObj)
- result = response.result
Command Output: With this set of commands, your search results from 2014-01-01 00:00 to 2014-01-01 23:59 will be sorted based on the given field name specified in the place <YOUR_FIELD_NAME>
Note: If the specified field name does not exist, then a 'SearchException: The field <field name> does not exist' is thrown
Getting distinct fields for a query
If you want to find the distinct values in a specific field, then you can do that with the following commands:
- reqObj = Request()
- reqObj.startTime = "2014-01-01 00:00"
- reqObj.endTime = "2014-01-01 23:59"
- reqObj.query = "*"
- reqObj.needDistinctOf = "<YOUR_FIELD_NAME>"
- response = conn.search (reqObj)
- result = response.distinctFields
Command Output: Now you get the distinct values of the field <YOUR_FIELD_NAME> specified from 2014-01-01 00:00 to 2014-01-01 23:59
Note: If the specified field name does not exist, then a 'SearchException: The field <field name> does not exist' is thrown
Getting facets for a query
In addition to the simple search, if you want to set the field name to findthe facets, facet count and top/bottom facet in the request object, then you can do that by executing the commands as below:
- reqObj = Request()
- reqObj.startTime = "2014-01-01 00:00"
- reqObj.endTime = "2014-01-01 23:59"
- reqObj.query = "*"
- reqObj.facetByField = "SEVERITY"
- reqObj.facetCount = 10
- reqObj.topFacet = True
- response = conn.search (reqObj)
- result = response.facetFieldValues
Command Output: The result now contains the top 10 facets of the specified field with its corresponding count.
Note: If the specified field name does not exist then a 'SearchException: The field <field name> does not exist' is thrown
Exporting search results to CSV
To export the search results as CSV file, set the command 'reqObj.CSVNeeded' as true. CSV files will be generated for the subsequest searches, until you set the value as 'false'. Refer to the steps here, to specify the location wherein the CSV files have to be saved
- reqObj = Request()
- reqObj.startTime = "2014-01-01 00:00"
- reqObj.endTime = "2014-01-01 23:59"
- reqObj.query = "*"
- reqObj.CSVNeeded = True
-
- response = conn.search (reqObj)
- result = response.facetFieldValues
Command Output: The 'result' contains the path of exported files.
Note: If the specified CSV location path could not be accessed, then a 'SearchException: Error writing to csv file' is thrown
Pagination
A simple search gives you the first N result records/ If you want the next set of records, then you need to perform the search by setting the paging information in the previous response of the current request object.
- reqObj = Request()
- reqObj.startTime = "2014-01-01 00:00"
- reqObj.endTime = "2014-01-01 23:59"
- reqObj.query = "*"
- reqObj.requiredHitsCount = 10
- response = conn.search (reqObj)
- result = response.result
Command Output: The 'result' displays the first page of the search result.
If you want to move to the next set of results (forward pagination), then execute the below command:
- reqObj.forwardSearch = True
- while(notEndOfSearch):
- reqObj.pagingInfo = response.pagingInfo
- result = response.result
If you want the previous set of results (backward pagination), then execute the below command:
- reqObj.forwardSearch = False
- while(notEndOfSearch):
- reqObj.pagingInfo = response.pagingInfo
- result = response.result
Note:
A 'SearchException' is thrown if overflow/underflow conditions occur.
If the result end is reached, then paging does not stop, but throws an exception. We recommend the developers to take care of the boundary conditions (overflow/underflo) by checking the count agains the 'totalCount' in the response object.
Getting the available fields
The below command allows you to get the list of fields upon which the search operations can be performed
- fields = response.searchableFields
Note: The 'fields' value got from this command are not exhaustive. It contains all the fields that are common to a lot of records.
Getting only the meta information and not the entire search data
To get just the meta information about the search (like searchable fields, facets, search count etc., ) and not the entire search data, you can set the recordsNeeded field as false as below:
- reqObj.recordsNeeded = false
Note: This count information is approximate and tends towards the exact value for every iteration of the search. We recommend the developers to update the count everytime when checking for overflows/underflows while pagination
Authentication Method
As you install the EventLog_Analyzer_API server, you will be given with the Authentication certificate. Any EventLog_Analyzer_API client that wants to access the API server need to have this certificate. Access to the server is restricted in the absence of authentication certificate. Every API call is processed by the Search Server only if the Client has the aforementioned certificate.
Steps involved in Authentication
Every API Client generates a key with the authentication certificate using the 'auth module' as below:
- reqObj.key = auth.get_key(/pathget_key/to/certificate)
The API Server calculates the key using its certificate and proceed further operations only if both the keys match. If the keys doesn't match then 'SearchException:Certificate error! Contact your Sysadmin!' is thrown.
|