Turn static fields label '@timestamp' and '@message' into variables

.gitignore

@@ -2,3 +2,4 @@
 KibanaConfig.rbackup.rb
 *.DS_Store
 /tmp/*
+.rbenv-gemsets

Gemfile.lock

@@ -1,8 +1,9 @@
 PATH
   remote: .
   specs:
-    kibana (0.0.1)
+    kibana (0.2.0)
       fastercsv
+      gon-sinatra
       json
       sinatra
       thin
@@ -15,9 +16,11 @@ GEM
     diff-lcs (1.1.3)
     eventmachine (1.0.0)
     fastercsv (1.5.5)
-    json (1.7.5)
-    rack (1.4.1)
-    rack-protection (1.2.0)
+    gon-sinatra (0.1.0)
+      sinatra
+    json (1.7.6)
+    rack (1.4.4)
+    rack-protection (1.3.2)
       rack
     rake (10.0.3)
     rspec (2.11.0)

KibanaConfig.rb

@@ -38,9 +38,17 @@ module KibanaConfig
   # Time_format = 'isoDateTime' 
   Time_format = 'mm/dd HH:MM:ss'
 
+  # ElasticSearch key labelfor timestamps field.
+  # Change this if using any logger other than logstash
+  Index_key_timestamp = '@timestamp'
+
+  # ElasticSearch key label for message field.
+  # Change this if using any logger other than logstash
+  Index_key_message = '@message'
+
   # Change which fields are shown by default. Must be set as an array
   # Default_fields = ['@fields.vhost','@fields.response','@fields.request']
-  Default_fields = ['@message']
+  Default_fields = [Index_key_message]
 
   # If set to true, Kibana will use the Highlight feature of Elasticsearch to 
   # display highlighted search results
@@ -49,7 +57,7 @@ module KibanaConfig
   # A field needs to be specified for the highlight feature. By default, 
   # Elasticsearch doesn't allow highlighting on _all because the field has to 
   # be either stored or part of the _source field.
-  Highlighted_field = "@message"
+  Highlighted_field = Index_key_message
 
   # Make URLs clickable in detailed view
   Clickable_URLs = true
@@ -121,7 +129,7 @@ module KibanaConfig
   # Primary field. By default Elastic Search has a special
   # field called _all that is searched when no field is specified.
   # Dropping _all can reduce index size significantly. If you do that
-  # you'll need to change primary_field to be '@message'
+  # you'll need to change primary_field to be the variable Index_key_message
   Primary_field = '_all'
 
   # Default Elastic Search index to query

kibana.gemspec

@@ -17,6 +17,7 @@ Gem::Specification.new do |gem|
 
   # Dependencies
   gem.add_runtime_dependency 'sinatra'
+  gem.add_runtime_dependency 'gon-sinatra'
   gem.add_runtime_dependency 'json'
   gem.add_runtime_dependency 'fastercsv'
   gem.add_runtime_dependency 'tzinfo'

lib/kibana-app.rb

@@ -6,6 +6,8 @@
 
 class KibanaApp < Sinatra::Base
 
+  register Gon::Sinatra
+
   configure do
     set :bind, defined?(KibanaConfig::KibanaHost) ? KibanaConfig::KibanaHost : '0.0.0.0'
     set :port, KibanaConfig::KibanaPort
@@ -31,19 +33,24 @@ def link_to url_fragment, mode=:full_url
         raise "Unknown script_url mode #{mode}"
       end
       "#{base}#{url_fragment}"
-     end
-
+    end
   end
 
   get '/' do
+    gon.index_key_message    = KibanaConfig::Index_key_message 
+    gon.index_key_timestamp  = KibanaConfig::Index_key_timestamp
+
     if KibanaConfig::Allow_iframed
       headers "X-Frame-Options" => "allow","X-XSS-Protection" => "0" 
     end
-    send_file File.join(settings.public_folder, 'index.html')
+    erb :index
   end
 
   get '/stream' do
-    send_file File.join(settings.public_folder, 'stream.html')
+    gon.index_key_message    = KibanaConfig::Index_key_message
+    gon.index_key_timestamp  = KibanaConfig::Index_key_timestamp
+
+    erb :stream
   end
 
   # Returns
@@ -103,15 +110,15 @@ def link_to url_fragment, mode=:full_url
     req           = ClientRequest.new(params[:hash])
 
     query_end     = SortedQuery.new(
-      req.search,req.from,req.to,0,limit,'@timestamp','desc')
+      req.search,req.from,req.to,0,limit,KibanaConfig::Index_key_timestamp,'desc')
     indices_end   = Kelastic.index_range(req.from,req.to)
     result_end    = KelasticMulti.new(query_end,indices_end)
 
     # Oh snaps. too few results for full limit analysis, rerun with less
     if (result_end.response['hits']['hits'].length < limit)
       limit         = (result_end.response['hits']['hits'].length / 2).to_i
       query_end     = SortedQuery.new(
-        req.search,req.from,req.to,0,limit,'@timestamp','desc')
+        req.search,req.from,req.to,0,limit, KibanaConfig::Index_key_timestamp,'desc')
       indices_end   = Kelastic.index_range(req.from,req.to)
       result_end    = KelasticMulti.new(query_end,indices_end)
     end
@@ -121,7 +128,7 @@ def link_to url_fragment, mode=:full_url
     count_end     = KelasticResponse.count_field(result_end.response,fields)
 
     query_begin   = SortedQuery.new(
-      req.search,req.from,req.to,0,limit,'@timestamp','asc')
+      req.search,req.from,req.to,0,limit, KibanaConfig::Index_key_timestamp,'asc')
     indices_begin = Kelastic.index_range(req.from,req.to).reverse
     result_begin  = KelasticMulti.new(query_begin,indices_begin)
     count_begin   = KelasticResponse.count_field(result_begin.response,fields)
@@ -272,7 +279,7 @@ def link_to url_fragment, mode=:full_url
         i = m.items.new_item
         hash    = IdRequest.new(hit['_id'],hit['_index']).hash
         i.title = KelasticResponse.flatten_hit(hit,req.fields).join(', ')
-        i.date  = Time.iso8601(KelasticResponse.get_field_value(hit,'@timestamp'))
+        i.date  = Time.iso8601(KelasticResponse.get_field_value(hit,KibanaConfig::Index_key_timestamp))
         i.link  = link_to("/##{hash}")
         i.description = "<pre>#{hit.to_yaml}</pre>"
       end
@@ -316,7 +323,7 @@ def link_to url_fragment, mode=:full_url
   get '/turl/:id' do
     b64hash = KtransientURL[params[:id]]
 
-    redirect to("/index.html##{b64hash}") unless b64hash.nil?
+    redirect to("/##{b64hash}") unless b64hash.nil?
       "sorry! #{params[:id]} does not match any entry in Kibana's transient" + 
       " url table"
   end

lib/kibana.rb

@@ -9,6 +9,7 @@
 require 'rss/maker'
 require 'yaml'
 require 'compat'
+require 'gon-sinatra'
 require 'client_request'
 require 'id_request'
 require 'kransient_url'

lib/query.rb

@@ -39,7 +39,7 @@ def initialize(question, from = nil, to = nil)
     # Build the filter part
     @filter = {
       "range" => {
-        "@timestamp" => {
+        "#{KibanaConfig::Index_key_timestamp}" => {
           "from" => from,
           "to" => to
         }
@@ -94,7 +94,7 @@ def initialize(id)
 =end
 class SortedQuery < Query
   attr_accessor :query,:from,:to
-  def initialize(question, from, to, offset = 0, size = KibanaConfig::Per_page, field = "@timestamp", order = "desc")
+  def initialize(question, from, to, offset = 0, size = KibanaConfig::Per_page, field = KibanaConfig::Index_key_timestamp, order = "desc")
     super(question, from, to)
     @query['from'] = offset
     @query['size'] = size
@@ -120,7 +120,7 @@ def initialize(question, from, to, offset = 0, size = KibanaConfig::Per_page, fi
 =end
 class HighlightedQuery < Query
   attr_accessor :query,:from,:to
-  def initialize(question, from, to, offset = 0, size = KibanaConfig::Per_page, field = "@timestamp", order = "desc")
+  def initialize(question, from, to, offset = 0, size = KibanaConfig::Per_page, field = KibanaConfig::Index_key_timestamp, order = "desc")
     super(question, from, to)
     @query['from'] = offset
     @query['size'] = size
@@ -149,7 +149,7 @@ def initialize(question, from, to, offset = 0, size = KibanaConfig::Per_page, fi
   order::   desc/asc
 =end
 class DateHistogram < Query
-  def initialize(question, from, to, interval, field = '@timestamp')
+  def initialize(question, from, to, interval, field = KibanaConfig::Index_key_timestamp)
     super(question, from, to)
     @query['facets'] = {
       "count" => {
@@ -237,7 +237,7 @@ def initialize(question, from, to, field)
   field::   Field to analyze
 =end
 class StatsHistogram < Query
-  def initialize(question, from, to, field, interval, key_field = '@timestamp')
+  def initialize(question, from, to, field, interval, key_field = KibanaConfig::Index_key_timestamp)
     super(question, from, to)
     @query['facets'] = {
       "mean" => {

public/lib/js/ajax.js

@@ -855,7 +855,7 @@ function CreateLogTable(objArray, fields, theme, enableHeader) {
     var id = object._id;
     var alt = i % 2 == 0 ? '' : 'alt'
     var time = prettyDateString(
-      Date.parse(get_field_value(object,'@timestamp')) + tOffset);
+      Date.parse(get_field_value(object, KibanaConfigExports.index_key_timestamp)) + tOffset);
     str += '<tr data-object="' + objid + '" id="logrow_' + objid + '" '+
       'class="' + alt + ' logrow">';
 

public/lib/js/stream.js

@@ -33,7 +33,7 @@ function pageload(hash) {
     window.hashjson = JSON.parse(Base64.decode(hash));
 
     window.hashjson.fields = window.hashjson.fields.length > 0 ?
-      window.hashjson.fields : new Array('@message');
+      window.hashjson.fields : new Array(KibanaConfigExports.index_key_message);
 
     $('#query h4').text(window.hashjson.search);
 
@@ -71,7 +71,7 @@ function getStream() {
         id = hit['_id']
         index = hit['_index']
         if (!(has_time)) {
-          window.last_time = get_field_value(hit,'@timestamp');
+          window.last_time = get_field_value(hit, KibanaConfigExports.index_key_timestamp);
           has_time = true;
         }
         if ($('#logrow_' + id).length == 0) {
@@ -90,7 +90,7 @@ function getStream() {
 
           var jlink = $('<a/>').addClass('jlink').attr('href', "../#" + hash).html($('<i/>').addClass('icon-link'));
           var linkTableData = $("<td/>").css('white-space', 'nowrap');
-          linkTableData.text(prettyDateString(Date.parse(get_field_value(hit,'@timestamp')) + tOffset)).prepend(jlink);
+          linkTableData.text(prettyDateString(Date.parse(get_field_value(hit, KibanaConfigExports.index_key_timestamp)) + tOffset)).prepend(jlink);
           tableRow.append(linkTableData);
           for (var field in fields) {
             tableRow.append($("<td/>").text(get_field_value(hit,fields[field])));
@@ -155,4 +155,4 @@ function getStream() {
 
 function field_slim(field) {
   return field.replace(/(.*)\.(.*)/,"<span class=small>$1.</span><br>$2");
-}
+}