Contents

# Author::        Christopher Brito (cbrito@gmail.com)
# Original Repo:: https://github.com/cbrito/splunk-client

require File.expand_path File.join(File.dirname(__FILE__), 'splunk_results')
require File.expand_path File.join(File.dirname(__FILE__), 'splunk_job')


class SplunkAlert

  def initialize(alertXml, clientPointer=nil)
    @alertXml = alertXml
    @client = clientPointer #SplunkClient object pointer for use with self.results
  end

  def title
    @alertXml.css("title").text
  end
  
  def alertId
    @alertXml.css("id").text
  end

  def author
    @alertXml.css("author > name").text
  end

  def published
    @alertXml.css("published").text
  end
  
  def updated
    @alertXml.css("updated").text
  end

  def results
    # Return the raw Splunk XML results associated with a given fired alert.
    SplunkJob.new(self.sid, @client).results
  end
  
  def parsedResults
    # Returns an array of SplunkResult objects
    SplunkJob.new(self.sid, @client).parsedResults
  end

  # Use method_missing magic to return Splunk field names. API documentation here:
  # http://docs.splunk.com/Documentation/Splunk/5.0.1/RESTAPI/RESTsearch#GET_alerts.2Ffired_alerts 
  #
  # Ex: splunkalert.triggered_alerts => @alertXml.css("entry")[0].xpath(".//s:key[@name='triggered_alerts']").text
  def method_missing(name, *args, &blk)
    if args.empty? && blk.nil? && @alertXml.xpath(".//s:key[@name='#{name}']").text
      @alertXml.xpath(".//s:key[@name='#{name}']").text
    else
      super
    end
  end

  def respond_to?(name)
    begin
      unless @alertXml.xpath(".//s:key[@name='#{name}']").nil? then true else super end
    rescue NoMethodError
      super
    end
  end
  
end #class SplunkAlert

Version data entries

4 entries across 4 versions & 1 rubygems

Version	Path
splunk-client-0.10.0	lib/splunk_client/splunk_alert.rb
splunk-client-0.9.0	lib/splunk_client/splunk_alert.rb
splunk-client-0.8.1	lib/splunk_client/splunk_alert.rb
splunk-client-0.8.0	lib/splunk_client/splunk_alert.rb