static void LinqOperators()
{
IEnumerable <EventRecord> all = EvtxEnumerable.ReadLog("Security");
var processStart = all.Filter(e => e.Id == 4688).Take(10);
foreach (var ps in processStart)
{
Console.WriteLine(ps.Properties[5].Value);
}
}
static void RxOperators()
{
// This sample illustrates how Push LINQ works,
// using IObservable<T> as interface to compose pipelines
IObservable <EventRecord> all = EvtxEnumerable.ReadLog("Security").ToObservable();
var result = all
.Where(e => e.Id == 4688)
.Select(e => e.ToXml())
.Select(xml => Xml2Dynamic(xml))
.Select(d => Dynamic2Csv(d));
result.Subscribe(csv => Console.WriteLine(csv));
}
static void LinqToObjects()
{
// building a pipeline by using extension methods
IEnumerable <string> pipeline = EvtxEnumerable.ReadLog("Security")
.Take(1000)
.Where(e => e.Id == 4688)
.Select(e => e.ToXml())
.ToArray();
// the same query, using comprehension syntax
IEnumerable <string> query = (
from e in EvtxEnumerable.ReadLog("Security").Take(1000)
where e.Id == 4688
select e.ToXml()
).ToArray();
// Stop on a breakpoint in the following line and inspect
// the variables "pipeline" and "query"
}
static void PushInsidePull()
{
// This sample shows running Rx pipeline inside pull environment
// It is a stepping stone to build Cosmos Extractor that can host Rx rules
IEnumerable <string> all = EvtxEnumerable.ReadLog("Security")
.Take(1000)
.Select(e => e.ToXml())
.ToArray();
// mouse-hover on the following .Where to see that it is
// push (real-time) implementation
var result = all.ReplayRealTimeRule(
o => o.Where(e => e.Contains("4688"))
);
foreach (var xml in result)
{
Console.WriteLine(xml);
}
}