saved search added and tested

hoover/handlers.py

@@ -42,7 +42,7 @@ def emit(self, record):
         async_post_to_endpoint(self.endpoint, msg)
 
 
-class LogglySyslogHandler(SysLogHandler):
+class LogglySyslogHandler(logging.handlers.SysLogHandler):
     def __init__(self, session=None, port=None, inputname='', input=None,
                  announce=False, authorize=True, **kwargs):
         #TODO: avoid duplication with __init__ above
@@ -66,7 +66,19 @@ def __init__(self, session=None, port=None, inputname='', input=None,
             if ('tcp' in input.service['name'] and sys.version_info >= (2, 7)
                     and not 'socktype' in kwargs):
                 kwargs['socktype'] = socket.SOCK_STREAM
+                self.socktype=socket.SOCK_STREAM
+            else:
+                self.socktype=socket.SOCK_DGRAM
         self.port = port
-        session = session or LogglySession
-        SysLogHandler.__init__(self, address=(session.proxy, port),
+        self.session = session or LogglySession
+        SysLogHandler.__init__(self, address=(self.session.proxy, self.port),
                                **kwargs)
+
+    def emit(self, record):
+        if isinstance(record.msg, (list, dict)):
+            record.msg = dumps(record.msg, cls=self.json_class, default=str)
+        msg = self.format(record)
+        sock=socket.socket(socket.AF_INET,self.socktype)
+        sock.connect((self.session.proxy,self.port))
+        sock.sendall(msg+'\n')
+        sock.close()

hoover/session.py

@@ -16,7 +16,7 @@
 class LogglySession(object):
     domain = 'loggly.com'
     proxy = 'logs.loggly.com'
-
+    ssdict={'order':'order','from':'starttime','rows':'rows','until':'endtime'}
     def __init__(self, subdomain, username, password, domain=None, proxy=None,
                  secure=True):
         '''pass in subdomain, username, and password to authorize all API
@@ -103,6 +103,43 @@ def facets(self, q='*', facetby='date', **kwargs):
         kwargs['q'] = q
         return self._api_help('api/facets/%s' % facetby, kwargs)
 
+    @time_translate
+    def savedsearch(self,q=""):
+        """
+        Runs one of your saved searches
+        """
+        query=Http(timeout=10)
+        query.add_credentials(self.username,self.password)
+        resp, cont=query.request("http://"+self.subdomain+".loggly.com/api/savedsearches","GET")
+        content=loads(cont)
+        saved=None
+        for search in content:
+            if search['name']==q:
+               saved=search
+        if saved==None:
+            raise ValueError("Your account does not have a search of that name,\
+            please go to "+self.subdomain+".loggly.com to check your saved searches")
+        params=saved['context']
+        opts={}
+        inputs=""
+        devices=""
+        for x in params:
+            if x!="terms" and x!="inputs" and x!="devices":
+                opts[self.ssdict[x]]=params[x]
+        if params['inputs']:
+            inputs+=" AND (inputname:"+" OR inputname:".join(params['inputs'])+")"
+        if params['devices']:
+            devices+=" AND (ip:"+" OR ip:".join(params['devices'])+")"
+        return self.search(q=params['terms']+inputs+devices,**opts)
+    def findsavedsearchnames(self):
+        query=Http(timeout=10)
+        query.add_credentials(self.username,self.password)
+        resp, cont=query.request("http://"+self.subdomain+".loggly.com/api/savedsearches","GET")
+        content=loads(cont)
+        names=[x['name'] for x in content]
+        return names
+
+
     def create_input(self, name, service='syslogudp', description='',
                      json=False):
         '''Creates a new input on your loggly account. Service can be any of: