Navigation

queryutils.splunktypes

queryutils.splunktypes.detect_addtotals_type(stagenode)[source]

Detect whether addtotals was called row-wise or column-wise.

The addtotals command is an SPL command that has different behavior depending on whether or not the row option passed to it is true or the column option passed to it is true. In the first case, the command adds the fields in an event and creates a new total field for each event. In the second it sums the values of each field across events and creates a new event containing the totals. The default is to sum row-wise. These two cases fall into distinct categories, this is why this detection is necessary.

If it is called row-wise, then the string “addtotals row” is returned, which can be used to look up the corresponding category in the categories dictionary in this module. Otherwise, “addtotals col” is returned, which can be used similarly.

Parameters:stagenode (ParseTreeNode) – The parsetree node of role “STAGE” that has a command to lookup
Return type:str
queryutils.splunktypes.detect_truth_value(astring)[source]

Detect whether the given string represents a True or False.

Parameters:astring (str) – The string to detect the truth value of
Return type:bool
queryutils.splunktypes.lookup_categories(querystring)[source]

Lookup the category for each command in the query and return them in a list in order.

Parameters:querystring (str) – The query whose commands will be looked up
Return type:list
queryutils.splunktypes.lookup_category(node_or_string)[source]

Return the category of the given command string or the command in the stage parsetree.

Parameters:node_or_string (str or splparser.parsetree.ParseTreeNode) – The command in string form or the STAGE ParseTreeNode
Return type:str

queryutils

Navigation

©2014, Sara Alspaugh, Jessica Lin. | Powered by Sphinx 1.2.3 & Alabaster 0.6.1 | Page source