public async Task EventWriterConvertsSeverityEnumValueToName()
        {
            var stdout = new StringWriter();
            var stderr = new StringWriter();
            var writer = new EventWriter(stdout, stderr, null);
            await writer.LogAsync(Severity.Info, "Test");

            await writer.LogAsync(Severity.Warning, "Test");

            await writer.LogAsync(Severity.Error, "Test");

            var events = stderr.GetStringBuilder().ToString();

            Assert.Contains("INFO Test", events);
            Assert.Contains("WARNING Test", events);
            Assert.Contains("ERROR Test", events);
        }
Exemple #2
0
        /// <summary>
        /// Splunk callback use to launch the plugin
        /// </summary>
        /// <param name="inputDefinition">Retrieve the config set into inputs.conf</param>
        /// <param name="eventWriter">event writer use to communicate with splunk</param>
        /// <returns></returns>
        public override async Task StreamEventsAsync(InputDefinition inputDefinition, EventWriter eventWriter)
        {
            var splunkHome = Environment.GetEnvironmentVariable("SPLUNK_HOME");
            var profile    = inputDefinition.Name.Split(new string[] { "://" }, StringSplitOptions.RemoveEmptyEntries)[1];
            await eventWriter.LogAsync(Severity.Info, "Splunk-ETW select " + profile + " profile");

            string iniPath = Path.Combine(new string[] { splunkHome, "etc", "apps", "Splunk-ETW", "profile", profile + ".ini" });
            await eventWriter.LogAsync(Severity.Info, "Splunk-ETW load " + iniPath);

            try
            {
                var trace = TraceManager.BuildFromConfig(new FileIniDataParser().ReadFile(iniPath), new SplunkWriter(eventWriter, inputDefinition.Name));
                await Task.Run(() => trace.Start());
            }
            catch (Exception e)
            {
                await eventWriter.LogAsync(Severity.Error, e.ToString());
            }
        }
Exemple #3
0
        /// <summary>
        /// Write events to Splunk from this modular input.
        /// </summary>
        /// <remarks>
        /// This function will be invoked once for each instance of the modular input, though that invocation
        /// may or may not be in separate processes, depending on how the modular input is configured. It should
        /// extract the arguments it needs from <tt>inputDefinition</tt>, then write events to <tt>eventWriter</tt>
        /// (which is thread safe).
        /// </remarks>
        /// <param name="inputDefinition">a specification of this instance of the modular input.</param>
        /// <param name="eventWriter">an object that handles writing events to Splunk.</param>
        public override async Task StreamEventsAsync(InputDefinition inputDefinition, EventWriter eventWriter)
        {
            try
            {
                string logfilepath     = ((SingleValueParameter)(inputDefinition.Parameters["logfilepath"])).ToString();
                Int32  maxmessagecount = ((SingleValueParameter)(inputDefinition.Parameters["maxmessagecount"])).ToInt32();
                Int32  cycletime       = ((SingleValueParameter)(inputDefinition.Parameters["cycletime"])).ToInt32();

                //Setup the options input
                OptionsStruct localOptionsStruct = new OptionsStruct();
                localOptionsStruct.LogDirectory = logfilepath;

                // Initialize the log reader
                aaLogReader.aaLogReader logReader = new aaLogReader.aaLogReader(localOptionsStruct);

                // Write an entry to the Splunk system log indicating we have initialized
                await eventWriter.LogAsync(Severity.Info, "Initialized Log reader for path " + logfilepath + " and message count " + maxmessagecount.ToString());

                while (true)
                {
                    await(Task.Delay(cycletime));

                    //Simple call to get all unread records, limiting the return count to max message count
                    List <LogRecord> logRecords = logReader.GetUnreadRecords((ulong)maxmessagecount);

                    // Loop through each lastRecordRead and send to Splunk
                    foreach (LogRecord record in logRecords)
                    {
                        await eventWriter.QueueEventForWriting(new Event
                        {
                            Stanza = inputDefinition.Name,
                            Data   = record.ToKVP()
                        });
                    }
                }
            }
            catch (Exception ex)
            {
                // Eat error message
                await eventWriter.LogAsync(Severity.Error, ex.ToString());
            }
        }
        /// <summary>
        ///
        /// </summary>
        public override void VisitBatchReport()
        {
            writer.LogAsync(Severity.Info, string.Format("VisitBatchReport: {0}", this.reportObjectList.Count)).Wait();

            foreach (ReportObject report in reportObjectList)
            {
                writer.QueueEventForWriting(new Event {
                    Time = report.Date, Source = this.streamName, Data = report.ConvertToXml()
                }).Wait();
            }
        }
Exemple #5
0
        private async Task <string> GetConfigurationValue(InputDefinition definition, string keyName, EventWriter writer, bool log = true)
        {
            Parameter parameter;

            if (definition.Parameters.TryGetValue(keyName, out parameter))
            {
                await writer.LogAsync(Severity.Info, string.Format("Value for [{0}] retrieved successfully: {1}", keyName, log ? parameter.ToString() : "# Value not logged #"));

                return(parameter.ToString());
            }
            else
            {
                return(null);
            }
        }
Exemple #6
0
        public override async Task StreamEventsAsync(InputDefinition inputDefinition, EventWriter eventWriter)
        {
            #region Get param values

            string streamName = inputDefinition.Name;
            await eventWriter.LogAsync(Severity.Info, string.Format("Name of Stanza is : {0}", inputDefinition.Name));

            string reportName = await GetConfigurationValue(inputDefinition, ConstantReportName, eventWriter);

            string emailAddress = await GetConfigurationValue(inputDefinition, ConstantEmailAddress, eventWriter);

            string password = await GetConfigurationValue(inputDefinition, ConstantPassword, eventWriter, false);

            string start = await GetConfigurationValue(inputDefinition, ConstantStartDate, eventWriter);

            DateTime startDateTime = start.TryParseDateTime(DateTime.MinValue);
            string   end           = await GetConfigurationValue(inputDefinition, ConstantEndDate, eventWriter);

            DateTime endDateTime = end.TryParseDateTime(DateTime.MinValue);

            #endregion Get param values

            ReportingContext context = new ReportingContext();
            context.UserName     = emailAddress;
            context.Password     = password;
            context.FromDateTime = startDateTime;
            context.ToDateTime   = endDateTime;
            context.SetLogger(new SplunkTraceLogger(eventWriter));

            IReportVisitor visitor = new SplunkReportVisitor(streamName, eventWriter);

            while (true)
            {
                await Task.Delay(1000);

                ReportingStream stream = new ReportingStream(context, reportName, streamName);
                stream.RetrieveData(visitor);
            }
        }
Exemple #7
0
        /// <summary>
        /// Pulls down commit data from GitHub and creates events for each commit, which are then streamed to Splunk.
        /// </summary>
        /// <remarks>
        /// This function will be invoked once for each instance of the modular input, though that invocation
        /// may or may not be in separate processes, depending on how the modular input is configured. It should
        /// extract the arguments it needs from <tt>inputDefinition</tt>, then write events to <tt>eventWriter</tt>
        /// (which is thread safe).
        /// </remarks>
        /// <param name="inputDefinition">The definition for this instance of the GitHub input, representing a GitHub repository.</param>
        /// <param name="eventWriter">An object that handles writing events to Splunk.</param>
        public override async Task StreamEventsAsync(InputDefinition inputDefinition, EventWriter eventWriter)
        {
            var owner              = ((SingleValueParameter)inputDefinition.Parameters["Owner"]).ToString();
            var repository         = ((SingleValueParameter)inputDefinition.Parameters["Repository"]).ToString();
            var checkpointFilePath = Path.Combine(inputDefinition.CheckpointDirectory, owner + " " + repository + ".txt");

            var productHeader = new ProductHeaderValue("splunk-sdk-csharp-github-commits");
            ObservableGitHubClient client;

            if (!inputDefinition.Parameters.ContainsKey("Token") || String.IsNullOrWhiteSpace(((SingleValueParameter)inputDefinition.Parameters["Token"]).ToString()))
            {
                client = new ObservableGitHubClient(productHeader);
            }
            else
            {
                client = new ObservableGitHubClient(productHeader, new InMemoryCredentialStore(new Credentials(((SingleValueParameter)inputDefinition.Parameters["Token"]).ToString())));
            }

            var shaKeys = new HashSet <string>();

            var    fileReader = new StreamReader(File.Open(checkpointFilePath, System.IO.FileMode.OpenOrCreate));
            string line;

            while (!String.IsNullOrWhiteSpace(line = await fileReader.ReadLineAsync()))
            {
                shaKeys.Add(line);
            }
            fileReader.Close();

            bool done       = false;
            var  fileWriter = new StreamWriter(checkpointFilePath);

            // Use Rx to stream an event for each commit as they come in
            client.Repository.Commits.GetAll(owner, repository).Subscribe(
                async githubCommit =>
            {
                if (!shaKeys.Contains(githubCommit.Sha))
                {
                    await StreamCommit(githubCommit, eventWriter, owner, repository);
                    await fileWriter.WriteLineAsync(githubCommit.Sha);     // Write to the checkpoint file
                    shaKeys.Add(githubCommit.Sha);
                    await eventWriter.LogAsync(Severity.Info, repository + " indexed a Github commit with sha: " + githubCommit.Sha);
                }
            },
                async e =>
            {
                //error handing goes here
                await eventWriter.LogAsync(Severity.Error, e.GetType() + " - " + e.StackTrace);
            },
                () =>
            {
                //completion handling goes here
                fileWriter.Close();
                done = true;
            }
                );

            // Wait for Rx subscribe to finish above
            while (!done)
            {
                await Task.Delay(100);
            }
        }
Exemple #8
0
 public void LogInformation(string message)
 {
     writer.LogAsync(Severity.Info, message).Wait();
 }