#Get data form Splunk SavedSearch
#@param serverinfo Server connection info (servername or ip, id, password)
#@param savedsearchQuery run savedsearch name
#@return Splunk sid
#@examples
# sinfo<-c("localhost","admin","changeme")
# savedsearchQuery(sinfo, "savedseachname")
#'@export
#'
savedsearchQuery <- function(serverinfo, savedsearchName){
sid <- getsavedsearch_sid(serverinfo, savedsearchName)
isDone <- checkjobfinish(serverinfo, sid)
return (c(sid=sid, isDone=isDone))
}
getsavedsearch_sid <- function(serverinfo, savedsearchName) {
uri <- paste("https://", serverinfo[1] , ":8089/services/search/jobs", sep="")
bodysearch <- paste("search=savedsearch ", savedsearchName, sep="")
result<-POST(uri, authenticate(serverinfo[2], serverinfo[3]), config = httr::config(ssl_verifypeer = FALSE, ssl_verifyhost=FALSE), body=bodysearch)
data<-xmlParse(result)
xml_data <- xmlToList(data)
# 리턴값으로 작업 id를 리턴
return(xml_data$sid)
}
checkjobfinish <- function(serverinfo, sid) {
servicessearchstatusstr <- paste("https://", serverinfo[1] ,":8089/services/search/jobs/", sid, "/", sep="")
result<-POST(servicessearchstatusstr, authenticate(serverinfo[2], serverinfo[3]), config = httr::config(ssl_verifypeer = FALSE, ssl_verifyhost=FALSE))
result<-read_html(result)
isDone<-html_text(html_nodes(result, "key[name='isDone']"))
return(isDone)
}
# reference
# //entry/content/s:dict/s:key[@name='isDone']
# html_attr(html_nodes(result, "key"), name="name")
# [1] "cursorTime" "defaultSaveTTL" "defaultTTL" "delegate"
# [5] "diskUsage" "dispatchState" "doneProgress" "earliestTime"
# [9] "isDone" "isFailed" "isFinalized" "isPaused"
# [13] "isSaved" "isSavedSearch" "isZombie" "label"
# [17] "sid" "statusBuckets" "ttl" "messages"
# [21] "request" "search" "runtime" "auto_cancel"
# [25] "auto_pause" "eai:acl" "perms" "read"
# [29] "write" "owner" "modifiable" "sharing"
# [33] "app" "can_write" "ttl" "searchProviders"
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.