re-write

JustinAzoff · JustinAzoff · commit 98900ed5b3fd · 2011-11-13T20:12:53.000-05:00
diff --git a/bubble.py b/bubble.py
@@ -1,8 +1,8 @@
-"""bubble - re-emit a log record with all superdomains
+"""bubble - re-emit a log record with superdomain
 
-    | bubble [field=host]
+    | bubble [field=host] [parts=3]
 
-add 'superhost' and 'parts' fields. 
+adds 'superhost' field
 
 """
 
@@ -13,44 +13,39 @@
 
 ip_rex = re.compile(ipregex)
 
-def super_domains(host):
-    """
-    FIXME
-    >>> list(super_domains("a.b.com"))
-    {'host': '*.b.com', 'parts': 2}, {'host': '*.com', 'parts': 1}]
-    >>> list(super_domains("1.2.3.4"))
-    [{'host': '1.2.3.*', 'parts': 3}, {'host': '1.2.*', 'parts': 2}, {'host': '1.*', 'parts': 1}]
-    """
-
+def super_domain(host, output_parts):
     parts = host.split(".")
     num_parts = len(parts)
-    yield dict(superhost=host, parts=num_parts)
+    if output_parts > num_parts:
+        return host
+
     if ip_rex.match(host):
-        for x in range(1,4):
-            host = '.'.join(parts[:-x])
-            p = num_parts - x
-            yield dict(superhost=host, parts=p)
+        host = '.'.join(parts[:-output_parts])
     else:
-        for x in range(num_parts-1,0,-1):
-            host = '.'.join(parts[-x:])
-            p = x
-            yield dict(superhost=host, parts=p)
+        host = '.'.join(parts[-output_parts:])
+
+    return host
+
+def add_superhost(results, field, num_parts):
+    for r in results:
+        if field not in r:
+            continue
+        d = super_domain(r[field], num_parts)
+        r['superhost'] = d
+        yield r
+    
 
 try:
     keywords, options = splunk.Intersplunk.getKeywordsAndOptions()
     field = options.get('field', 'hostname')
+    num_parts = int(options.get('parts', 2))
 
     results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults()
-    newresults = []
-    for r in results:
-        if field not in r:
-            continue
-        for info in super_domains(r[field]):
-            info.update(r)
-            newresults.append(info)
+    results = add_superhost(results, field, num_parts)
+            
 except:
     import traceback
     stack =  traceback.format_exc()
-    newresults = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))
+    results = splunk.Intersplunk.generateErrorResults("Error : Traceback: " + str(stack))
 
-splunk.Intersplunk.outputResults( newresults )
+splunk.Intersplunk.outputResults( results )
