Navigation

queryutils.files

Files.__init__(path, module, version)[source]

Create a File object for accessing Splunk queries.

This should never be called directly. Instead, call the subclasses of this class contained in this module (CSVFiles or JSONFiles).

Parameters:
  • self (File) – The object being created
  • path (str) – The path to the given file object
  • module (module) – The module to read the data (jsonparser or csvparser)
  • version (str (one of the attributes of queryutils.Version)) – The format the Splunk queries are in
Return type:

Files
class queryutils.files.CSVFiles(path, version)[source]

Represents a source storing Splunk queries in CSV format.

class queryutils.files.Files(path, module, version)[source]

Represents a source storing Splunk queries.

get_parsetrees()[source]

Return a generator that yields parsetrees from the current source.

Parameters:self (File) – The current object
Return type:generator
get_queries()[source]

Return a generator that yields queries from the current source.

Parameters:self (File) – The current object
Return type:generator
get_sessions()[source]

Return a generator that yields sessions from the current source.

Parameters:self (File) – The current object
Return type:generator
get_users()[source]

Return a generator that yields users from the current source.

Parameters:self (File) – The current object
Return type:generator
get_users_with_queries()[source]

Return a generator that yields users from the current source. Returns the queries along with the users.

Called by get_users in this module.

Parameters:self (File) – The current object
Return type:generator
get_users_with_sessions()[source]

Return a generator that yields users from the current source. Returns the sessions and queries along with the users.

Parameters:self (File) – The current object
Return type:generator
remove_noninteractive_queries_by_search_type(user, version='format_2014')[source]

Label noninteractive queries as such and place them into separate list.

TODO: Move this elsewhere.

Parameters:
  • self (File) – The current object
  • user (User) – The given user whose queries to separate
  • version (str (one of queryutils.Version attributes)) – The version of Splunk query data
Return type:

generator
class queryutils.files.JSONFiles(path, version)[source]

Represents a source storing Splunk queries in JSON format.

queryutils

Navigation

©2014, Sara Alspaugh, Jessica Lin. | Powered by Sphinx 1.2.3 & Alabaster 0.6.1 | Page source