Class: Rouge::Lexers::SPL2

Inherits:

RegexLexer

• Object
• RegexLexer
• Rouge::Lexers::SPL2

Defined in:

lib/rouge/lexers/spl2.rb

Class Method Summary

• .boolean_operators ⇒ Object

  Boolean / logical operators.

• .commands ⇒ Object

  SPL2 commands (verb-like operators that drive a pipeline).

• .constants ⇒ Object

  Boolean and null literals.

• .data_types ⇒ Object

  Built-in data types (used in custom function signatures, type statements, and constrained types).

• .detect?(text) ⇒ Boolean

  Pipelines very often start with ‘| <command>` or use `from $source` and feature distinctive `_time`, `index=`, or `sourcetype=` clauses.

• .eval_functions ⇒ Object

  Eval functions from the SPL2 eval functions quick reference.

• .keywords ⇒ Object

  Clause/structural keywords used inside commands and statements.

• .magic_fields ⇒ Object

  Built-in / magic field names referenced in the SPL2 search reference.

• .stats_functions ⇒ Object

  Stats / charting / aggregate / event-order / dataset functions.

• .word_operators ⇒ Object

  Operator-style word keywords.

Class Method Details

.boolean_operators ⇒ Object

Boolean / logical operators. Splunk requires uppercase for these.

# File 'lib/rouge/lexers/spl2.rb', line 61

def self.boolean_operators
  @boolean_operators ||= Set.new %w(AND OR NOT XOR)
end

.commands ⇒ Object

SPL2 commands (verb-like operators that drive a pipeline). Sourced from the SPL2 command quick reference.

# File 'lib/rouge/lexers/spl2.rb', line 30

def self.commands
  @commands ||= Set.new %w(
    addinfo append appendcols appendpipe bin branch convert decrypt
    dedup eval eventstats expand fields fieldsummary fillnull flatten
    from head into iplocation join loadjob lookup makemv makeresults
    mstats mvcombine mvexpand nomv ocsf rename replace reverse rex route
    search select sort spath spl1 stats streamstats table tags thru
    timechart timewrap tstats typer union untable where
  )
end

.constants ⇒ Object

Boolean and null literals.

# File 'lib/rouge/lexers/spl2.rb', line 66

def self.constants
  @constants ||= Set.new %w(true false null)
end

.data_types ⇒ Object

Built-in data types (used in custom function signatures, type statements, and constrained types).

# File 'lib/rouge/lexers/spl2.rb', line 72

def self.data_types
  @data_types ||= Set.new %w(
    any array boolean dataset double float int log_span long mv
    number object regex relative_time string time time_span
  )
end

.detect?(text) ⇒ Boolean

Pipelines very often start with ‘| <command>` or use `from $source` and feature distinctive `_time`, `index=`, or `sourcetype=` clauses.

Returns:

• (Boolean)

# File 'lib/rouge/lexers/spl2.rb', line 15

def self.detect?(text)
  return true if text.shebang?('spl2')

  head = text.lines.first(50).join

  return true if head =~ /\|\s*(?:search|from|stats|eval|where|fields|table|rex|spath)\b/i
  return true if head =~ /\bfrom\s+\$source\b/i
  return true if head =~ /\b(?:index|sourcetype|source|host)\s*=/
  return true if head =~ /\b_time\s*[=<>]/

  false
end

.eval_functions ⇒ Object

Eval functions from the SPL2 eval functions quick reference.

# File 'lib/rouge/lexers/spl2.rb', line 80

def self.eval_functions
  @eval_functions ||= Set.new %w(
    abs acos acosh all any asin asinh atan atan2 atanh batch_id
    batch_time case ceil ceiling cidrmatch cluster coalesce cos cosh
    exact exp filter floor getfields hypot if in instance_id ipmask
    isarray isbool isdouble isint ismv isnotnull isnull isnum isobject
    isstr json json_append json_array json_array_to_mv json_delete
    json_entries json_extend json_extract json_extract_exact
    json_has_key_exact json_keys json_object json_set json_set_exact
    json_valid len like ln log lower ltrim map match max md5 min
    mv_to_json_array mvappend mvcount mvdedup mvfilter mvfind mvindex
    mvjoin mvmap mvrange mvsort mvzip now null nullif object_to_array
    object_to_xml pi pow printf random reduce relative_time replace
    round rtrim searchmatch sha1 sha256 sha512 sigfig sin sinh spath
    split sqrt strftime strptime substr tan tanh time to_ocsf toarray
    tobool todouble toint tojson tomv tonumber toobject tostring trim
    typeof upper urldecode validate xml_to_object
  )
end

.keywords ⇒ Object

Clause/structural keywords used inside commands and statements. Includes uppercase SQL-style clauses used in ‘from` syntax (FROM, JOIN, SELECT, WHERE) — these are distinct from the lowercase pipeline commands of the same name.

# File 'lib/rouge/lexers/spl2.rb', line 45

def self.keywords
  @keywords ||= Set.new %w(
    AFTER APPLY AS ASC BEFORE BY DESC DISTINCT EXPORT FIT FROM FUNCTION
    GROUP GROUPBY HAVING IMPORT INNER JOIN LEFT LIMIT OFFSET ON ONCHANGE
    ORDER ORDERBY OUTER OUTPUT OUTPUTNEW RESET RETURN SELECT THROUGH TYPE
    WHERE WHILE
  )
end

.magic_fields ⇒ Object

Built-in / magic field names referenced in the SPL2 search reference.

# File 'lib/rouge/lexers/spl2.rb', line 112

def self.magic_fields
  @magic_fields ||= Set.new %w(
    _time _raw _index _indextime _sourcetype _source _host _path
    _bkt _cd _kv _meta _serial _si _subsecond
  )
end

.stats_functions ⇒ Object

Stats / charting / aggregate / event-order / dataset functions.

# File 'lib/rouge/lexers/spl2.rb', line 101

def self.stats_functions
  @stats_functions ||= Set.new %w(
    avg c count dataset dc distinct_count earliest earliest_time estdc
    estdc_error exactperc first last latest latest_time list max mean
    median min mode per_day per_hour per_minute per_second perc pivot
    range rate repeat span sparkline stdev stdevp sum sumsq unpivot
    values var varp
  )
end

.word_operators ⇒ Object

Operator-style word keywords. Treated as operators rather than statement keywords because they participate in expressions.

# File 'lib/rouge/lexers/spl2.rb', line 56

def self.word_operators
  @word_operators ||= Set.new %w(BETWEEN EXISTS IN IS LIKE)
end