Skip to content

Instantly share code, notes, and snippets.

@ofthomas76

ofthomas76/search-job-example.py

Forked from frankreno/search-job-example.py
Created January 19, 2023 20:32
Show Gist options
  • Save ofthomas76/2a642a24fd8b75786b59d3ab4394bb0c to your computer and use it in GitHub Desktop.
Save ofthomas76/2a642a24fd8b75786b59d3ab4394bb0c to your computer and use it in GitHub Desktop.
Download ZIP
Sumo Search Job Python API Example
Raw
search-job-example.py
import json
import logging
import requests
import sys
import time
from base64 import b64encode
logging.basicConfig(filename='sumo-search-job.log', level='INFO', format='%(asctime)s %(levelname)s: %(message)s')
logging.info('*************STARTING REQUEST*************')
### READ IN ARGUMENTS ###
# The accessId for the Sumo user
ACCESS_ID = sys.argv[1]
# The accessKey for the Sumo user
ACCESS_KEY = sys.argv[2]
# The API endoint for your account, e.g. https://api.sumologic.com
SUMO_API_URL = sys.argv[3]
# The API requires some headers be set
basicAuth = b64encode(ACCESS_ID + ':' + ACCESS_KEY).decode('ascii')
headers = {'Authorization': 'Basic %s' % basicAuth, 'Content-Type': 'application/json', 'Accept': 'application/json'}
# The API is going to send back cookies after you make the first request. Those cookies are required to further interact, so we use a session to save those cookies.
session = requests.Session()
# Takes a search job, creates it and returns the ID.
def executesearchjob(searchjob):
logging.info('executing searchjob: ' + json.dumps(searchjob))
r = session.post(SUMO_API_URL + '/api/v1/search/jobs', data=json.dumps(searchjob), headers=headers)
if r.status_code != 202:
logging.error('got back status code ' + str(r.status_code))
logging.error('unable to execute searchjob! ' + r.text)
sys.exit(1)
else:
response = json.loads(r.text)
logging.info('got back response ' + json.dumps(response))
return response['id']
# Polls the search job id until it completes. Check's the status every 5 seconds.
def pollsearchjob(searchjobid):
logging.info('checking status of searchjob: ' + searchjobid)
status = ''
while status != 'DONE GATHERING RESULTS':
r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid)
if r.status_code != 200:
logging.error('got back status code ' + str(r.status_code))
logging.error('unable to check status of searchJob ' + searchjobid + '!')
sys.exit(1)
else:
response = json.loads(r.text)
logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response))
status = response['state']
time.sleep(5)
# Gets the record count of the job
def getrecordcount(searchjobid):
logging.info('getting record count for searchjob: ' + searchjobid)
r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid)
if r.status_code != 200:
logging.error('got back status code ' + str(r.status_code))
logging.error('unable to get record count of searchJob ' + searchjobid + '!')
sys.exit(1)
else:
response = json.loads(r.text)
logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response))
return response['recordCount']
# Gets the message count
def getmessagecount(searchjobid):
logging.info('getting message count for searchjob: ' + searchjobid)
r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid)
if r.status_code != 200:
logging.error('got back status code ' + str(r.status_code))
logging.error('unable to get record count of searchJob ' + searchjobid + '!')
sys.exit(1)
else:
response = json.loads(r.text)
logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response))
return response['messageCount']
# Gets the first message. You may need to write more logic here to iterate thru all the messages.
def getfirstmessage(searchjobid):
logging.info('getting message count for searchjob: ' + searchjobid)
r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid + '/messages?offset=0&limit=1')
if r.status_code != 200:
logging.error('got back status code ' + str(r.status_code))
logging.error('unable to get record count of searchJob ' + searchjobid + '!')
sys.exit(1)
else:
response = json.loads(r.text)
logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response))
return response['messages']
# Gets the first record. You may need to write more logic here to iterate thru all the records.
def getfirstrecord(searchjobid):
logging.info('getting message count for searchjob: ' + searchjobid)
r = session.get(SUMO_API_URL + '/api/v1/search/jobs/' + searchjobid + '/records?offset=0&limit=1')
if r.status_code != 200:
logging.error('got back status code ' + str(r.status_code))
logging.error('unable to get record count of searchJob ' + searchjobid + '!')
sys.exit(1)
else:
response = json.loads(r.text)
logging.info('got back response for search job id ' + searchjobid + ' ' + json.dumps(response))
return response['records']
# This is a simple search job that counts the number of errors over a 5 minute duration
searchJob = {'query': 'ERROR | count', 'from': '2017-02-14T00:00:00', 'to': '2017-02-14T00:05:00', 'timeZone': 'PST'}
# We create the search job and are given back the ID
searchJobID = executesearchjob(searchJob)
# We poll the search job every 5 seconds until it is complete, or fails.
pollsearchjob(searchJobID)
# This will print the number of messages that were found that matched.
logging.info('Found %s messages ', getmessagecount(searchJobID))
# This will print the number of records that were found that matched.
logging.info('Found %s records ', getrecordcount(searchJobID))
# This will print the first message.
logging.info('First message: %s ', json.dumps(getfirstmessage(searchJobID)))
# This will print the first record.
logging.info('First record: %s ', json.dumps(getfirstrecord(searchJobID)))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment