public void Configure() { var generalSplunkContext = new global::Splunk.Client.Context(Scheme.Https, "127.0.0.1", 8089); var transmitterArgs = new TransmitterArgs { Source = "Splunk.Sample", SourceType = "Splunk Sample Source" }; const string username = "******"; const string password = "******"; const string splunkIndex = "mysplunktest"; var serilogContext = new SplunkContext( generalSplunkContext, splunkIndex, username, password, null, transmitterArgs); Log.Logger = new LoggerConfiguration() .WriteTo.LiterateConsole() .WriteTo.SplunkViaHttp(serilogContext, 100, TimeSpan.FromSeconds(10)) .Enrich.WithThreadId() .Enrich.WithProperty("SplunkSample", "ViaHttp") .MinimumLevel.Debug() .CreateLogger(); }
public static async void StreamEventsAsync(this Service service, IEnumerable<string> splunkEvents, string index = null, TransmitterArgs args = null) { var stream = new MemoryStream(); var writer = new StreamWriter(stream); foreach (var splunkEvent in splunkEvents) { await writer.WriteLineAsync(splunkEvent); await writer.FlushAsync(); } stream.Position = 0; service.Transmitter.SendAsync(stream, index, args); }
/// <summary> /// Creates an instance of the SplunkViaHttp context /// </summary> public SplunkContext(Context context, string index, string username, string password, Namespace resourceNamespace = null, TransmitterArgs transmitterArgs = null) :base(context.Scheme, context.Host, context.Port) { Index = index; Username = username; Password = password; ResourceNamespace = resourceNamespace; TransmitterArgs = transmitterArgs; }
/// <summary> /// Creates an instance of the SplunkViaHttp context /// </summary> public SplunkContext(Context context, string index, string username, string password, Namespace resourceNamespace = null, TransmitterArgs transmitterArgs = null) : base(context.Scheme, context.Host, context.Port) { Index = index; Username = username; Password = password; ResourceNamespace = resourceNamespace; TransmitterArgs = transmitterArgs; }
static void Main() { ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true; //Generally it is not advised to log to Splunk via HTTP/HTTPS due to volume of data //This is available for mobile apps and other special cases. const string host = "127.0.0.1"; //Only used for HTTP/HTTPS scenarios var generalSplunkContext = new Context(Scheme.Https, host, 8089); var transmitterArgs = new TransmitterArgs { Source = "Splunk.Sample", SourceType = "Splunk Sample Source" }; const string username = "******"; const string password = "******"; const string splunkIndex = "mysplunktest"; var serilogContext = new SplunkContext(generalSplunkContext, splunkIndex, username, password, null, transmitterArgs); Log.Logger = new LoggerConfiguration() .Enrich.With(new ThreadIdEnricher()) .Enrich.WithMachineName() .WriteTo.ColoredConsole() .WriteTo.SplunkViaHttp(serilogContext, 10, TimeSpan.FromSeconds(5)) //See http://docs.splunk.com/Documentation/Splunk/6.1.3/Data/Monitornetworkports .WriteTo.SplunkViaUdp(host, 10000) .WriteTo.SplunkViaTcp(host, 10001) .CreateLogger(); var serilogLogger = Log.ForContext <Program>(); serilogLogger.Information("Hello from Serilog, running as {Username}!", Environment.UserName); var items = Enumerable.Range(1, 1000); foreach (var item in items) { serilogLogger.Information("Logging an int, what fun {Item}", item); } Console.WriteLine("OK"); Console.ReadLine(); }
public static async void StreamEventsAsync(this Service service, IEnumerable <string> splunkEvents, string index = null, TransmitterArgs args = null) { var stream = new MemoryStream(); var writer = new StreamWriter(stream); foreach (var splunkEvent in splunkEvents) { await writer.WriteLineAsync(splunkEvent); await writer.FlushAsync(); } stream.Position = 0; service.Transmitter.SendAsync(stream, index, args); }
/// <summary> /// Adds a sink that writes log events as to a Splunk instance via http. /// </summary> /// <param name="loggerConfiguration">The logger configuration.</param> /// <param name="context">The Splunk context to log to</param> /// <param name="password"></param> /// <param name="resourceNameSpace"></param> /// <param name="transmitterArgs"></param> /// <param name="batchSizeLimit">The size of the batch prior to logging</param> /// <param name="batchInterval">The interval on which to log via http</param> /// <param name="restrictedToMinimumLevel">The minimum log event level required in order to write an event to the sink.</param> /// <param name="formatProvider">Supplies culture-specific formatting information, or null.</param> /// <param name="index"></param> /// <param name="userName"></param> /// <returns>Logger configuration, allowing configuration to continue.</returns> /// <exception cref="ArgumentNullException">A required parameter is null.</exception> /// <remarks>TODO: Add link to splunk configuration and wiki</remarks> public static LoggerConfiguration SplunkViaHttp( this LoggerSinkConfiguration loggerConfiguration, Context context, string index, string userName, string password, int batchSizeLimit, TimeSpan batchInterval, Namespace resourceNameSpace, TransmitterArgs transmitterArgs, LogEventLevel restrictedToMinimumLevel = LevelAlias.Minimum, IFormatProvider formatProvider = null) { var sink = new SplunkViaHttpSink(new SplunkContext(context, index, userName, password, resourceNameSpace, transmitterArgs), batchSizeLimit,batchInterval, formatProvider); return loggerConfiguration.Sink(sink, restrictedToMinimumLevel); }
/// <summary> /// Adds a sink that writes log events as to a Splunk instance via http. /// </summary> /// <param name="loggerConfiguration">The logger configuration.</param> /// <param name="context">The Splunk context to log to</param> /// <param name="password"></param> /// <param name="resourceNameSpace"></param> /// <param name="transmitterArgs"></param> /// <param name="batchSizeLimit">The size of the batch prior to logging</param> /// <param name="batchInterval">The interval on which to log via http</param> /// <param name="restrictedToMinimumLevel">The minimum log event level required in order to write an event to the sink.</param> /// <param name="formatProvider">Supplies culture-specific formatting information, or null.</param> /// <param name="index"></param> /// <param name="userName"></param> /// <returns>Logger configuration, allowing configuration to continue.</returns> /// <exception cref="ArgumentNullException">A required parameter is null.</exception> /// <remarks>TODO: Add link to splunk configuration and wiki</remarks> public static LoggerConfiguration SplunkViaHttp( this LoggerSinkConfiguration loggerConfiguration, Context context, string index, string userName, string password, int batchSizeLimit, TimeSpan batchInterval, Namespace resourceNameSpace, TransmitterArgs transmitterArgs, LogEventLevel restrictedToMinimumLevel = LevelAlias.Minimum, IFormatProvider formatProvider = null) { var sink = new SplunkViaHttpSink(new SplunkContext(context, index, userName, password, resourceNameSpace, transmitterArgs), batchSizeLimit, batchInterval, formatProvider); return(loggerConfiguration.Sink(sink, restrictedToMinimumLevel)); }
static void Main() { ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true; FiddlerApplication.SetAppDisplayName("FiddlerToSplunk"); FiddlerApplication.OnNotification += OnNotification; FiddlerApplication.Log.OnLogString += OnLogString; FiddlerApplication.AfterSessionComplete += SessionComplete; _service = new Service(Scheme.Https, "localhost", 8089, new Namespace(user: "******", app: "search")); _args = new TransmitterArgs { Host = "localhost", Source = "FiddlerToSplunk", SourceType = "JSON" }; SplunkSetup("admin", "changeme").Wait(); FiddlerApplication.Startup(8877, true, false, true); MainFeedbackLoop(); FiddlerApplication.Shutdown(); }
/// <inheritdoc/> public virtual async Task SendAsync(Stream eventStream, string indexName = null, TransmitterArgs args = null) { using (var content = new StreamContent(eventStream)) { content.Headers.Add("x-splunk-input-mode", "streaming"); var arguments = Enumerable.Empty<Argument>(); if (indexName != null) { arguments = arguments.Concat(new Argument[] { new Argument("index", indexName) }); } if (args != null) { arguments = arguments.Concat(args); } using (var response = await this.Context.PostAsync(this.Namespace, StreamReceiver, content, arguments).ConfigureAwait(false)) { await response.EnsureStatusCodeAsync(HttpStatusCode.NoContent).ConfigureAwait(false); } } }
public async Task Transmitter1() { string indexName = string.Format("delete-me-{0}", Guid.NewGuid()); using (var service = await SdkHelper.CreateService()) { Index index = await service.Indexes.RecreateAsync(indexName); Assert.False(index.Disabled); await Task.Delay(2000); // Submit event using TransmitterArgs const string Source = "splunk-sdk-tests"; const string SourceType = "splunk-sdk-test-event"; const string Host = "test-host"; var transmitterArgs = new TransmitterArgs { Host = Host, Source = Source, SourceType = SourceType, }; Transmitter transmitter = service.Transmitter; SearchResult result; //// TODO: Check contentss result = await transmitter.SendAsync( MockContext.GetOrElse(string.Format("1, {0}, {1}, simple event", DateTime.Now, indexName)), indexName, transmitterArgs); Assert.NotNull(result); result = await transmitter.SendAsync( MockContext.GetOrElse(string.Format("2, {0}, {1}, simple event", DateTime.Now, indexName)), indexName, transmitterArgs); Assert.NotNull(result); using (MemoryStream stream = new MemoryStream()) { using (StreamWriter writer = new StreamWriter(stream, Encoding.UTF8, 4096, leaveOpen: true)) { writer.WriteLine( MockContext.GetOrElse(string.Format("1, {0}, {1}, stream event", DateTime.Now, indexName))); writer.WriteLine( MockContext.GetOrElse(string.Format("2, {0}, {1}, stream event", DateTime.Now, indexName))); } stream.Seek(0, SeekOrigin.Begin); await transmitter.SendAsync(stream, indexName, transmitterArgs); } await index.PollForUpdatedEventCount(4); var search = string.Format( "search index={0} host={1} source={2} sourcetype={3}", indexName, Host, Source, SourceType); using (SearchResultStream stream = await service.SearchOneShotAsync(search)) { Assert.Equal(0, stream.FieldNames.Count); Assert.False(stream.IsFinal); Assert.Equal(0, stream.ReadCount); foreach (SearchResult record in stream) { var fieldNames = stream.FieldNames; Assert.Equal(14, fieldNames.Count); Assert.Equal(14, record.FieldNames.Count); Assert.Equal(fieldNames.AsEnumerable(), record.FieldNames.AsEnumerable()); var memberNames = record.GetDynamicMemberNames(); var intersection = fieldNames.Intersect(memberNames); Assert.Equal(memberNames, intersection); } Assert.Equal(14, stream.FieldNames.Count); Assert.Equal(4, stream.ReadCount); } } }
public static async void SendEventAsync(this Service service, string splunkEvent, string index = null, TransmitterArgs args = null) { await service.Transmitter.SendAsync(splunkEvent, index, args); }
public async Task Transmitter1() { string indexName = string.Format("delete-me-{0}", Guid.NewGuid()); using (var service = await SdkHelper.CreateService()) { Index index = await service.Indexes.RecreateAsync(indexName); Assert.False(index.Disabled); await Task.Delay(2000); // Submit event using TransmitterArgs const string Source = "splunk-sdk-tests"; const string SourceType = "splunk-sdk-test-event"; const string Host = "test-host"; var transmitterArgs = new TransmitterArgs { Host = Host, Source = Source, SourceType = SourceType, }; ITransmitter transmitter = service.Transmitter; SearchResult result; //// TODO: Check contentss result = await transmitter.SendAsync( MockContext.GetOrElse(string.Format("1, {0}, {1}, simple event", DateTime.Now, indexName)), indexName, transmitterArgs); Assert.NotNull(result); result = await transmitter.SendAsync( MockContext.GetOrElse(string.Format("2, {0}, {1}, simple event", DateTime.Now, indexName)), indexName, transmitterArgs); Assert.NotNull(result); using (MemoryStream stream = new MemoryStream()) { using (StreamWriter writer = new StreamWriter(stream, Encoding.UTF8, 4096, leaveOpen: true)) { writer.WriteLine( MockContext.GetOrElse(string.Format("1, {0}, {1}, stream event", DateTime.Now, indexName))); writer.WriteLine( MockContext.GetOrElse(string.Format("2, {0}, {1}, stream event", DateTime.Now, indexName))); } stream.Seek(0, SeekOrigin.Begin); await transmitter.SendAsync(stream, indexName, transmitterArgs); } await index.PollForUpdatedEventCount(4); var search = string.Format( "search index={0} host={1} source={2} sourcetype={3}", indexName, Host, Source, SourceType); using (SearchResultStream stream = await service.SearchOneShotAsync(search)) { Assert.Equal(0, stream.FieldNames.Count); Assert.False(stream.IsFinal); Assert.Equal(0, stream.ReadCount); foreach (SearchResult record in stream) { var fieldNames = stream.FieldNames; Assert.Equal(14, fieldNames.Count); Assert.Equal(14, record.FieldNames.Count); Assert.Equal(fieldNames.AsEnumerable(), record.FieldNames.AsEnumerable()); var memberNames = record.GetDynamicMemberNames(); var intersection = fieldNames.Intersect(memberNames); Assert.Equal(memberNames, intersection); } Assert.Equal(14, stream.FieldNames.Count); Assert.Equal(4, stream.ReadCount); } } }
/// <inheritdoc/> public virtual async Task<SearchResult> SendAsync(string eventText, string indexName = null, TransmitterArgs args = null) { using (var content = new StringContent(eventText)) { var arguments = Enumerable.Empty<Argument>(); if (indexName != null) { arguments = arguments.Concat(new Argument[] { new Argument("index", indexName) }); } if (args != null) { arguments = arguments.Concat(args); } using (var response = await this.Context.PostAsync(this.Namespace, SimpleReceiver, content, arguments)) { await response.EnsureStatusCodeAsync(HttpStatusCode.OK); var reader = response.XmlReader; reader.Requires(await reader.MoveToDocumentElementAsync("response")); await reader.ReadElementSequenceAsync("results", "result"); var result = new SearchResult(SearchResultMetadata.Missing); await result.ReadXmlAsync(reader); await reader.ReadEndElementSequenceAsync("result", "results", "response"); return result; } } }
/// <summary> /// Asynchronously sends a single raw event to Splunk. /// </summary> /// <param name="eventText"> /// Raw event text. /// </param> /// <param name="indexName"> /// Name of the index. /// </param> /// <param name="args"> /// Arguments identifying the event type and destination. /// </param> /// <returns> /// An object representing the event created by Splunk. /// </returns> /// <seealso cref="M:Splunk.Client.ITransmitter.SendAsync(string,string,TransmitterArgs)"/> public Task<SearchResult> SendAsync(string eventText, string indexName = null, TransmitterArgs args = null) { Contract.Requires<ArgumentNullException>(eventText != null); return default(Task<SearchResult>); }
/// <summary> /// Asynchronously sends a stream of raw events to Splunk. /// </summary> /// <param name="eventStream"> /// The event stream. /// </param> /// <param name="indexName"> /// Name of the index. /// </param> /// <param name="args"> /// The arguments. /// </param> /// <returns> /// A <see cref="Stream"/> used to send events to Splunk. /// </returns> /// <seealso cref="M:Splunk.Client.ITransmitter.SendAsync(Stream,string,TransmitterArgs)"/> public Task SendAsync(Stream eventStream, string indexName = null, TransmitterArgs args = null) { Contract.Requires<ArgumentNullException>(eventStream != null); return default(Task); }
public static async void SendEventAsync(this Service service, string splunkEvent, string index = null, TransmitterArgs args=null) { await service.Transmitter.SendAsync(splunkEvent, index, args); }