Navigation

queryutils.source

DataSource.__init__()[source]
class queryutils.source.DataSource[source]

Represents a source of Splunk queries, users, and other data.

This object should not be initialized directly, rather, one of its subclasses should be used.

close()[source]

Closes a database connection.

commit()[source]

Commits a database transaction.

connect()[source]

Returns a database connection.

extract_command_stage(parsetree, commands)[source]

Extract the subtrees of the given parsetree that have one of the given commands.

Parameters:
  • self (queryutils.DataSource) – The current source object
  • parsetree (splparser.ParseTreeNode) – The given parsetree from which to extract “STAGE” subtrees
  • commands (list) – The list of commands to match against
Return type:

generator
extract_sessions_from_user(user, remove_suspicious=True)[source]

Extract sessions from the given users’ queries.

Parameters:
  • self (queryutils.DataSource) – The current source object
  • user (queryutils.User) – The user whose queries to sessionize
  • remove_suspicious (bool) – Whether or not to remove queries labeled suspicious
Return type:

None
get_interactive_queries(parsed=False)[source]

Returns a generator over the set of interactive Query objects without users or sessions.

Returns only parsed queries if parsed is True (defaults to False).

get_queries(parsed=False)[source]

Returns a generator over a set of Query objects without users or sessions.

Returns only parsed queries if parsed is True (defaults to False).

get_unique_aggregates()[source]

Return all unique stages that are “Aggregate” types.

Parameters:self (queryutils.DataSource) – The current source object
Return type:generator
get_unique_augments()[source]

Return all unique stages that are “Augment” types.

Parameters:self (queryutils.DataSource) – The current source object
Return type:generator
get_unique_filters()[source]

Return all unique stages that are “Filter” types.

Parameters:self (queryutils.DataSource) – The current source object
Return type:generator
get_unique_stages(commands)[source]

Return a generator over unique stages whose command matches one of the given types.

Parameters:
  • self (queryutils.DataSource) – The current source object
  • commands (list) – The list of commands to match against
Return type:

generator
get_users()[source]

Returns a generator over a set of User objects.

The User objects returned are not guaranteed to be returned with their corresponding queries and sessions. If you need users with their corresponding sessions or queries, use a different method.

get_users_with_queries(parsed=False)[source]

Returns a generator over a set of Users with queries.

get_users_with_sessions(parsed=False)[source]

Returns a generator over a set of Users with queries and sessions.

queryutils

Navigation

©2014, Sara Alspaugh, Jessica Lin. | Powered by Sphinx 1.2.3 & Alabaster 0.6.1 | Page source