/// <summary>
/// The main program
/// </summary>
/// <param name="argv">The command line arguments</param>
public static void Main(string[] argv)
{
// Load connection info for Splunk server in .splunkrc file.
var component = new SplunkComponent();
component.OpenInput("main");
component.CloseInput(false);
var cli = Command.Splunk("search");
cli.AddRule("search", typeof(string), "search string");
cli.Parse(argv);
if (!cli.Opts.ContainsKey("search"))
{
System.Console.WriteLine("Search query string required, use --search=\"query\"");
Environment.Exit(1);
}
var service = Service.Connect(cli.Opts);
var jobs = service.GetJobs();
var job = jobs.Create((string)cli.Opts["search"]);
while (!job.IsDone)
{
Thread.Sleep(1000);
}
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0
};
using (var stream = job.Results(outArgs))
{
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
foreach (string key in @event.Keys)
{
System.Console.WriteLine(" " + key + " -> " + @event[key]);
}
}
}
}
}
/// <summary>
/// An example program to perform a oneshot search.
/// </summary>
/// <param name="argv">The command line arguments</param>
public static void Main(string[] argv)
{
// Load connection info for Splunk server in .splunkrc file.
var cli = Command.Splunk("search_oneshot");
cli.AddRule("search", typeof(string), "search string");
cli.Parse(argv);
if (!cli.Opts.ContainsKey("search"))
{
System.Console.WriteLine(
"Search query string required, use --search=\"query\"");
Environment.Exit(1);
}
var service = Service.Connect(cli.Opts);
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0,
};
using (var stream = service.Oneshot(
(string)cli.Opts["search"], outArgs))
{
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
foreach (string key in @event.Keys)
{
System.Console.WriteLine(
" " + key + " -> " + @event[key]);
}
}
}
}
}
public string GetAllResults()
{
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0
};
using (var stream = job.Results(outArgs))
{
var setting = new XmlReaderSettings
{
ConformanceLevel = ConformanceLevel.Fragment,
};
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
events.Add(@event);
}
}
using (var rr = XmlReader.Create(stream, setting))
{
return rr.ReadOuterXml();
}
}
return null;
}
/// <summary>
/// The main program
/// </summary>
/// <param name="argv">The command line arguments</param>
public static void Main(string[] argv)
{
Command cli = Command.Splunk("search_realtime");
cli.AddRule("search", typeof(string), "search string");
cli.Parse(argv);
if (!cli.Opts.ContainsKey("search"))
{
System.Console.WriteLine(
"Search query string required, use --search=\"query\"");
Environment.Exit(1);
}
var service = Service.Connect(cli.Opts);
// Realtime window is 5 minutes
var queryArgs = new JobArgs
{
SearchMode = JobArgs.SearchModeEnum.Realtime,
EarliestTime = "rt-5m",
LatestTime = "rt",
};
var job = service.GetJobs().Create(
(string)cli.Opts["search"],
queryArgs);
var outputArgs = new JobResultsPreviewArgs
{
OutputMode = JobResultsPreviewArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0
};
for (var i = 0; i < 5; i++)
{
System.Console.WriteLine();
System.Console.WriteLine();
System.Console.WriteLine("Snapshot " + i + ":");
using (var stream = job.ResultsPreview(outputArgs))
{
using(var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
foreach (string key in @event.Keys)
{
System.Console.WriteLine(
" " + key + " -> " + @event[key]);
}
}
}
}
Thread.Sleep(500);
}
job.Cancel();
}
public void IndexArgs()
{
string indexName = "sdk-tests2";
DateTimeOffset offset = new DateTimeOffset(DateTime.Now);
string now = DateTime.UtcNow.ToString("yyyy-MM-dd'T'HH:mm:ss") +
string.Format("{0}{1} ", offset.Offset.Hours.ToString("D2"), offset.Offset.Minutes.ToString("D2"));
Service service = this.Connect();
Index index = service.GetIndexes().Get(indexName);
index.Enable();
Assert.IsFalse(index.IsDisabled);
Args indexProperties = GetIndexProperties(index);
ClearIndex(service, indexName, index);
// submit event to index using variable arguments
index.Submit(indexProperties, now + " Hello World. \u0150");
index.Submit(indexProperties, now + " Goodbye World. \u0150");
WaitUntilEventCount(index, 2, 45);
ClearIndex(service, indexName, index);
// stream event to index with variable arguments
Stream streamArgs = index.Attach(indexProperties);
streamArgs.Write(Encoding.UTF8.GetBytes(now + " Hello World again. \u0150\r\n"));
streamArgs.Write(Encoding.UTF8.GetBytes(now + " Goodbye World again.\u0150\r\n"));
streamArgs.Close();
WaitUntilEventCount(index, 2, 45);
// submit event using ReceiverSubmitArgs
const string Source = "splunk-sdk-tests";
const string SourceType = "splunk-sdk-test-event";
const string Host = "test-host";
var args = new ReceiverSubmitArgs
{
Index = indexName,
Host = Host,
Source = Source,
SourceType = SourceType,
};
var receiver = service.GetReceiver();
receiver.Submit(args, "Hello World.");
receiver.Submit(args, "Goodbye world.");
WaitUntilEventCount(index, 4, 45);
// verify the fields of events in the index matching the args.
using (var stream =
service.Oneshot(
string.Format(
"search index={0} host={1} source={2} sourcetype={3}",
indexName,
Host,
Source,
SourceType)))
using (var reader = new ResultsReaderXml(stream))
{
Assert.AreEqual(2, reader.Count());
}
ClearIndex(service, indexName, index);
index.Clean(180);
Assert.AreEqual(0, index.TotalEventCount, "Expected the total event count to be 0");
}
public void JobResultStream()
{
var cli = SplunkSDKHelper.Command.Splunk("search");
cli.AddRule("search", typeof(string), "search string");
cli.Opts["search"] = "search index=_internal * | head 10 ";
var service = Service.Connect(cli.Opts);
var jobs = service.GetJobs();
var job = jobs.Create((string)cli.Opts["search"]);
while (!job.IsDone)
{
System.Threading.Thread.Sleep(1000);
}
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
Count = 0
};
try
{
using (var stream = job.Results(outArgs))
{
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
GC.Collect();
foreach (string key in @event.Keys)
{
System.Console.WriteLine(" " + key + " -> " + @event[key]);
}
}
}
}
}
catch (Exception e)
{
Assert.Fail(string.Format("Reading Job result throw exception : {0} ", e));
}
try
{
using (var stream = service.Export((string)cli.Opts["search"]))
{
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
GC.Collect();
foreach (string key in @event.Keys)
{
System.Console.WriteLine(" " + key + " -> " + @event[key]);
}
}
}
}
}
catch (Exception e)
{
Assert.Fail(string.Format("Export result throw exception : {0} ", e));
}
}
