-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlogrep
53 lines (41 loc) · 1.83 KB
/
logrep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/usr/bin/python
import json
import subprocess
import sys
indeces = []
for line in subprocess.check_output(["curl", "-sS", "localhost:9200/_cat/indices?v"]).split("\n"):
atoms = line.split()
if len(atoms) < 3 or atoms[2] == "index" or atoms[2] == ".kibana":
continue
indeces.append(atoms[2])
indeces.sort(reverse=True)
lines = []
lineNumber = 0
query = {"match_all": {}}
index = json.loads(subprocess.check_output(["curl", "-sS", "-XGET", "localhost:9200/{}/_search?scroll=1m".format(indeces[0]),
"-d", '{"query": %s, "size": 10000}' % json.dumps(query)]))
while True:
try:
scroll_id = index["_scroll_id"]
if len(index["hits"]["hits"]) == 0:
break
except KeyError:
sys.exit("Failed to find '_scroll_id' or 'hits' in response: " + str(index))
lines.extend(index["hits"]["hits"])
# print str(len(index["hits"]["hits"])) + " " + index["hits"]["hits"][0]["_source"]["@timestamp"]
break
# Note: Don't use format due to {} in JSON querys
index = json.loads(subprocess.check_output(["curl", "-sS", "-XGET", "localhost:9200/_search/scroll",
"-d", '{"scroll" : "1m", "scroll_id" : "%s"}' % scroll_id]))
subprocess.check_output(["curl", "-sS", "-XDELETE", "localhost:9200/_search/scroll", "-d", '{"scroll_id" : ["%s"]}' % scroll_id])
lines.reverse()
sys.exit(str(lines[0]))
for line in lines:
line = line["_source"]
try:
if "data" in line:
print "{}:{}:{}:{}".format(line["host"], line["source"], line["@timestamp"], line["data"])
else:
print "{}:{}:{}:{}".format(line["host"], line["source"], line["@timestamp"], line["message"])
except KeyError as error:
sys.exit("Key {} not found in line: {}".format(str(error), str(line)))