Sumo Search Job Python API Example

search-job-example.py

import json
import logging
import requests
import sys
import time

from base64 import b64encode

logging.basicConfig(filename='sumo-search-job.log', level='INFO', format='%(asctime)s %(levelname)s: %(message)s')
logging.info('*************STARTING REQUEST*************')

### READ IN ARGUMENTS ###
# The accessId for the Sumo user
ACCESS_ID = sys.argv[1]
# The accessKey for the Sumo user
ACCESS_KEY = sys.argv[2]
# The API endoint for your account, e.g. https://api.sumologic.com
SUMO_API_URL = sys.argv[3]

# The API requires some headers be set
basicAuth = b64encode(ACCESS_ID + ':' + ACCESS_KEY).decode('ascii')
headers = {'Authorization': 'Basic %s' % basicAuth, 'Content-Type': 'application/json', 'Accept': 'application/json'}

# The API is going to send back cookies after you make the first request.  Those cookies are required to further interact, so we use a session to save those cookies.
session = requests.Session()


# Takes a search job, creates it and returns the ID.
def executesearchjob(searchjob):
    logging.info('executing searchjob: ' + json.dumps(searchjob))
    r = session.post(SUMO_API_URL + '/api/v1/search/jobs', data=json.dumps(searchjob), headers=headers)
    if r.status_code != 202:
        logging.error('got back status code ' + str(r.status_code))
        logging.error('unable to execute searchjob! ' + r.text)
        sys.exit(1)
    else:
        response = json.loads(r.text)
        logging.info('got back response ' + json.dumps(response))
        return response['id']


# Polls the search job id until it completes.  Check's the status every 5 seconds.
def pollsearchjob(searchjobid):
    logging.info('checking status of searchjob: ' + searchjobid)
    status = ''
    while status != 'DONE GATHERING RESULTS':
        r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid)
        if r.status_code != 200:
            logging.error('got back status code ' + str(r.status_code))
            logging.error('unable to check status of searchJob ' + searchjobid + '!')
            sys.exit(1)
        else:
            response = json.loads(r.text)
            logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response))
            status = response['state']
            time.sleep(5)


# Gets the record count of the job
def getrecordcount(searchjobid):
    logging.info('getting record count for searchjob: ' + searchjobid)
    r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid)
    if r.status_code != 200:
        logging.error('got back status code ' + str(r.status_code))
        logging.error('unable to get record count of searchJob ' + searchjobid + '!')
        sys.exit(1)
    else:
        response = json.loads(r.text)
        logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response))
        return response['recordCount']


# Gets the message count
def getmessagecount(searchjobid):
    logging.info('getting message count for searchjob: ' + searchjobid)
    r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid)
    if r.status_code != 200:
        logging.error('got back status code ' + str(r.status_code))
        logging.error('unable to get record count of searchJob ' + searchjobid + '!')
        sys.exit(1)
    else:
        response = json.loads(r.text)
        logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response))
        return response['messageCount']


# Gets the first message.  You may need to write more logic here to iterate thru all the messages.
def getfirstmessage(searchjobid):
    logging.info('getting message count for searchjob: ' + searchjobid)
    r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid + '/messages?offset=0&limit=1')
    if r.status_code != 200:
        logging.error('got back status code ' + str(r.status_code))
        logging.error('unable to get record count of searchJob ' + searchjobid + '!')
        sys.exit(1)
    else:
        response = json.loads(r.text)
        logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response))
        return response['messages']

# Gets the first record.  You may need to write more logic here to iterate thru all the records.
def getfirstrecord(searchjobid):
    logging.info('getting message count for searchjob: ' + searchjobid)
    r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid + '/records?offset=0&limit=1')
    if r.status_code != 200:
        logging.error('got back status code ' + str(r.status_code))
        logging.error('unable to get record count of searchJob ' + searchjobid + '!')
        sys.exit(1)
    else:
        response = json.loads(r.text)
        logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response))
        return response['records']


# This is a simple search job that counts the number of errors over a 5 minute duration
searchJob = {'query': 'ERROR | count', 'from': '2017-02-14T00:00:00', 'to': '2017-02-14T00:05:00', 'timeZone': 'PST'}

# We create the search job and are given back the ID
searchJobID = executesearchjob(searchJob)

# We poll the search job every 5 seconds until it is complete, or fails.
pollsearchjob(searchJobID)

# This will print the number of messages that were found that matched.
logging.info('Found %s messages ', getmessagecount(searchJobID))

# This will print the number of records that were found that matched.
logging.info('Found %s records ', getrecordcount(searchJobID))

# This will print the first message.
logging.info('First message: %s ', json.dumps(getfirstmessage(searchJobID)))

# This will print the first record.
logging.info('First record: %s ', json.dumps(getfirstrecord(searchJobID)))

So, is this job searcher for sumologic?
How do I use it? Is there any step-by-step documentation?