1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
// SPDX-License-Identifier: GPL-3.0-or-later
/** @file query.h
* @brief Header of query.c
*/
#ifndef QUERY_H_
#define QUERY_H_
#include <inttypes.h>
#include <stdlib.h>
#include "libnetdata/libnetdata.h"
#include "defaults.h"
#define LOGS_QRY_VERSION "1"
#define LOGS_MANAG_FUNC_PARAM_AFTER "after"
#define LOGS_MANAG_FUNC_PARAM_BEFORE "before"
#define LOGS_QRY_KW_QUOTA "quota"
#define LOGS_QRY_KW_CHARTNAME "chartname"
#define LOGS_QRY_KW_FILENAME "filename"
#define LOGS_QRY_KW_KEYWORD "keyword"
#define LOGS_QRY_KW_IGNORE_CASE "ignore_case"
#define LOGS_QRY_KW_SANITIZE_KW "sanitize_keyword"
typedef struct {
const enum {LOGS_QRY_RES_ERR_CODE_OK = 0,
LOGS_QRY_RES_ERR_CODE_INV_TS_ERR,
LOGS_QRY_RES_ERR_CODE_NOT_FOUND_ERR,
LOGS_QRY_RES_ERR_CODE_NOT_INIT_ERR,
LOGS_QRY_RES_ERR_CODE_SERVER_ERR,
LOGS_QRY_RES_ERR_CODE_UNMODIFIED,
LOGS_QRY_RES_ERR_CODE_CANCELLED,
LOGS_QRY_RES_ERR_CODE_TIMEOUT } err_code;
char const *const err_str;
const int http_code;
} logs_qry_res_err_t;
static const logs_qry_res_err_t logs_qry_res_err[] = {
{ LOGS_QRY_RES_ERR_CODE_OK, "success", HTTP_RESP_OK },
{ LOGS_QRY_RES_ERR_CODE_INV_TS_ERR, "invalid timestamp range", HTTP_RESP_BAD_REQUEST },
{ LOGS_QRY_RES_ERR_CODE_NOT_FOUND_ERR, "no results found", HTTP_RESP_OK },
{ LOGS_QRY_RES_ERR_CODE_NOT_INIT_ERR, "logs management engine not running", HTTP_RESP_SERVICE_UNAVAILABLE },
{ LOGS_QRY_RES_ERR_CODE_SERVER_ERR, "server error", HTTP_RESP_INTERNAL_SERVER_ERROR },
{ LOGS_QRY_RES_ERR_CODE_UNMODIFIED, "not modified", HTTP_RESP_NOT_MODIFIED },
{ LOGS_QRY_RES_ERR_CODE_CANCELLED, "cancelled", HTTP_RESP_CLIENT_CLOSED_REQUEST },
{ LOGS_QRY_RES_ERR_CODE_TIMEOUT, "query timed out", HTTP_RESP_OK }
};
const logs_qry_res_err_t *fetch_log_sources(BUFFER *wb);
/**
* @brief Parameters of the query.
* @param req_from_ts Requested start timestamp of query in epoch
* milliseconds.
*
* @param req_to_ts Requested end timestamp of query in epoch milliseconds.
* If it doesn't match the requested start timestamp, there may be more results
* to be retrieved (for descending timestamp order queries).
*
* @param act_from_ts Actual start timestamp of query in epoch milliseconds.
*
* @param act_to_ts Actual end timestamp of query in epoch milliseconds.
* If it doesn't match the requested end timestamp, there may be more results to
* be retrieved (for ascending timestamp order queries).
*
* @param order_by_asc Equal to 1 if req_from_ts <= req_to_ts, otherwise 0.
*
* @param quota Request quota for results. When exceeded, query will
* return, even if there are more pending results.
*
* @param stop_monotonic_ut Monotonic time in usec after which the query
* will be timed out.
*
* @param chartname Chart name of log source to be queried, as it appears
* on the netdata dashboard. If this is defined and not an empty string, the
* filename parameter is ignored.
*
* @param filename Full path of log source to be queried. Will only be used
* if the chartname is not used.
*
* @param keyword The keyword to be searched. IMPORTANT! Regular expressions
* are supported (if sanitize_keyword is not set) but have not been tested
* extensively, so use with caution!
*
* @param ignore_case If set to any integer other than 0, the query will be
* case-insensitive. If not set or if set to 0, the query will be case-sensitive
*
* @param sanitize_keyword If set to any integer other than 0, the keyword
* will be sanitized before used by the regex engine (which means the keyword
* cannot be a regular expression, as it will be taken as a literal input).
*
* @param results_buff Buffer of BUFFER type to store the results of the
* query in.
*
* @param results_buff->size Defines the maximum quota of results to be
* expected. If exceeded, the query will return the results obtained so far.
*
* @param results_buff->len The exact size of the results matched.
*
* @param results_buff->buffer String containing the results of the query.
*
* @param num_lines Number of log records that match the keyword.
*
* @warning results_buff->size argument must be <= MAX_LOG_MSG_SIZE.
*/
typedef struct logs_query_params {
msec_t req_from_ts;
msec_t req_to_ts;
msec_t act_from_ts;
msec_t act_to_ts;
int order_by_asc;
unsigned long quota;
bool *cancelled;
usec_t stop_monotonic_ut;
char *chartname[LOGS_MANAG_MAX_COMPOUND_QUERY_SOURCES];
char *filename[LOGS_MANAG_MAX_COMPOUND_QUERY_SOURCES];
char *keyword;
int ignore_case;
int sanitize_keyword;
BUFFER *results_buff;
unsigned long num_lines;
} logs_query_params_t;
typedef struct logs_query_res_hdr {
msec_t timestamp;
size_t text_size;
int matches;
char log_source[20];
char log_type[20];
char basename[20];
char filename[50];
char chartname[20];
} logs_query_res_hdr_t;
/**
* @brief Check if query should be terminated.
* @param p_query_params See documentation of logs_query_params_t struct.
* @return true if query should be terminated of false otherwise.
*/
bool terminate_logs_manag_query(logs_query_params_t *p_query_params);
/**
* @brief Primary query API.
* @param p_query_params See documentation of logs_query_params_t struct.
* @return enum of LOGS_QRY_RES_ERR_CODE with result of query
* @todo Cornercase if filename not found in DB? Return specific message?
*/
const logs_qry_res_err_t *execute_logs_manag_query(logs_query_params_t *p_query_params);
#ifdef ENABLE_LOGSMANAGEMENT_TESTS
/* Used as public only for unit testing, normally defined as static */
char *sanitise_string(char *s);
#endif // ENABLE_LOGSMANAGEMENT_TESTS
#endif // QUERY_H_
|
