/// <summary>
/// Run the given query with the given query args.
/// </summary>
/// <param name="service">The service</param>
/// <param name="query">The search query</param>
/// <param name="args">The args</param>
/// <returns>The job</returns>
private Job Run(Service service, string query, JobArgs args)
{
return service.GetJobs().Create(query, args);
}
/// <summary>
/// The main program
/// </summary>
/// <param name="argv">The command line arguments</param>
public static void Main(string[] argv)
{
Command cli = Command.Splunk("search_realtime");
cli.AddRule("search", typeof(string), "search string");
cli.Parse(argv);
if (!cli.Opts.ContainsKey("search"))
{
System.Console.WriteLine(
"Search query string required, use --search=\"query\"");
Environment.Exit(1);
}
var service = Service.Connect(cli.Opts);
// Realtime window is 5 minutes
var queryArgs = new JobArgs
{
SearchMode = JobArgs.SearchModeEnum.Realtime,
EarliestTime = "rt-5m",
LatestTime = "rt",
};
var job = service.GetJobs().Create(
(string)cli.Opts["search"],
queryArgs);
var outputArgs = new JobResultsPreviewArgs
{
OutputMode = JobResultsPreviewArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0
};
for (var i = 0; i < 5; i++)
{
System.Console.WriteLine();
System.Console.WriteLine();
System.Console.WriteLine("Snapshot " + i + ":");
using (var stream = job.ResultsPreview(outputArgs))
{
using(var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
foreach (string key in @event.Keys)
{
System.Console.WriteLine(
" " + key + " -> " + @event[key]);
}
}
}
}
Thread.Sleep(500);
}
job.Cancel();
}
public void RemoteServerList()
{
const string ParamName = "remote_server_list";
var array = new string[] { "first", "second" };
var args1 = new JobArgs
{
RemoteServerList = array,
};
Assert.AreEqual("first,second", args1[ParamName]);
var args2 = new JobExportArgs
{
RemoteServerList = array,
};
Assert.AreEqual("first,second", args2[ParamName]);
}
/// <summary>
/// Creates a search with a UTF-8 pre-encoded search request.
/// </summary>
/// <remarks>
/// A "oneshot" request is invalid. To create a oneshot search,
/// use the <see cref="Service.Oneshot(string)"/> method instead.
/// </remarks>
/// <param name="query">The search query.</param>
/// <param name="args">Additional arguments for this job.</param>
/// <returns>The job.</returns>
public Job Create(string query, JobArgs args)
{
return(this.Create(query, (Args)args));
}