Last active
August 28, 2023 12:04
-
-
Save frankreno/188d13c02d10b70a20ef1015a5f2e3d4 to your computer and use it in GitHub Desktop.
Sumo Search Job Python API Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import logging | |
import requests | |
import sys | |
import time | |
from base64 import b64encode | |
logging.basicConfig(filename='sumo-search-job.log', level='INFO', format='%(asctime)s %(levelname)s: %(message)s') | |
logging.info('*************STARTING REQUEST*************') | |
### READ IN ARGUMENTS ### | |
# The accessId for the Sumo user | |
ACCESS_ID = sys.argv[1] | |
# The accessKey for the Sumo user | |
ACCESS_KEY = sys.argv[2] | |
# The API endoint for your account, e.g. https://api.sumologic.com | |
SUMO_API_URL = sys.argv[3] | |
# The API requires some headers be set | |
basicAuth = b64encode(ACCESS_ID + ':' + ACCESS_KEY).decode('ascii') | |
headers = {'Authorization': 'Basic %s' % basicAuth, 'Content-Type': 'application/json', 'Accept': 'application/json'} | |
# The API is going to send back cookies after you make the first request. Those cookies are required to further interact, so we use a session to save those cookies. | |
session = requests.Session() | |
# Takes a search job, creates it and returns the ID. | |
def executesearchjob(searchjob): | |
logging.info('executing searchjob: ' + json.dumps(searchjob)) | |
r = session.post(SUMO_API_URL + '/api/v1/search/jobs', data=json.dumps(searchjob), headers=headers) | |
if r.status_code != 202: | |
logging.error('got back status code ' + str(r.status_code)) | |
logging.error('unable to execute searchjob! ' + r.text) | |
sys.exit(1) | |
else: | |
response = json.loads(r.text) | |
logging.info('got back response ' + json.dumps(response)) | |
return response['id'] | |
# Polls the search job id until it completes. Check's the status every 5 seconds. | |
def pollsearchjob(searchjobid): | |
logging.info('checking status of searchjob: ' + searchjobid) | |
status = '' | |
while status != 'DONE GATHERING RESULTS': | |
r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid) | |
if r.status_code != 200: | |
logging.error('got back status code ' + str(r.status_code)) | |
logging.error('unable to check status of searchJob ' + searchjobid + '!') | |
sys.exit(1) | |
else: | |
response = json.loads(r.text) | |
logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response)) | |
status = response['state'] | |
time.sleep(5) | |
# Gets the record count of the job | |
def getrecordcount(searchjobid): | |
logging.info('getting record count for searchjob: ' + searchjobid) | |
r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid) | |
if r.status_code != 200: | |
logging.error('got back status code ' + str(r.status_code)) | |
logging.error('unable to get record count of searchJob ' + searchjobid + '!') | |
sys.exit(1) | |
else: | |
response = json.loads(r.text) | |
logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response)) | |
return response['recordCount'] | |
# Gets the message count | |
def getmessagecount(searchjobid): | |
logging.info('getting message count for searchjob: ' + searchjobid) | |
r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid) | |
if r.status_code != 200: | |
logging.error('got back status code ' + str(r.status_code)) | |
logging.error('unable to get record count of searchJob ' + searchjobid + '!') | |
sys.exit(1) | |
else: | |
response = json.loads(r.text) | |
logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response)) | |
return response['messageCount'] | |
# Gets the first message. You may need to write more logic here to iterate thru all the messages. | |
def getfirstmessage(searchjobid): | |
logging.info('getting message count for searchjob: ' + searchjobid) | |
r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid + '/messages?offset=0&limit=1') | |
if r.status_code != 200: | |
logging.error('got back status code ' + str(r.status_code)) | |
logging.error('unable to get record count of searchJob ' + searchjobid + '!') | |
sys.exit(1) | |
else: | |
response = json.loads(r.text) | |
logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response)) | |
return response['messages'] | |
# Gets the first record. You may need to write more logic here to iterate thru all the records. | |
def getfirstrecord(searchjobid): | |
logging.info('getting message count for searchjob: ' + searchjobid) | |
r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid + '/records?offset=0&limit=1') | |
if r.status_code != 200: | |
logging.error('got back status code ' + str(r.status_code)) | |
logging.error('unable to get record count of searchJob ' + searchjobid + '!') | |
sys.exit(1) | |
else: | |
response = json.loads(r.text) | |
logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response)) | |
return response['records'] | |
# This is a simple search job that counts the number of errors over a 5 minute duration | |
searchJob = {'query': 'ERROR | count', 'from': '2017-02-14T00:00:00', 'to': '2017-02-14T00:05:00', 'timeZone': 'PST'} | |
# We create the search job and are given back the ID | |
searchJobID = executesearchjob(searchJob) | |
# We poll the search job every 5 seconds until it is complete, or fails. | |
pollsearchjob(searchJobID) | |
# This will print the number of messages that were found that matched. | |
logging.info('Found %s messages ', getmessagecount(searchJobID)) | |
# This will print the number of records that were found that matched. | |
logging.info('Found %s records ', getrecordcount(searchJobID)) | |
# This will print the first message. | |
logging.info('First message: %s ', json.dumps(getfirstmessage(searchJobID))) | |
# This will print the first record. | |
logging.info('First record: %s ', json.dumps(getfirstrecord(searchJobID))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
So, is this job searcher for sumologic?
How do I use it? Is there any step-by-step documentation?