/// <summary> /// The main program /// </summary> /// <param name="argv">The command line arguments</param> public static void Main(string[] argv) { // Load connection info for Splunk server in .splunkrc file. var cli = Command.Splunk("search"); cli.AddRule("search", typeof(string), "search string"); cli.Parse(argv); if (!cli.Opts.ContainsKey("search")) { System.Console.WriteLine("Search query string required, use --search=\"query\""); Environment.Exit(1); } var service = Service.Connect(cli.Opts); var jobs = service.GetJobs(); var job = jobs.Create((string)cli.Opts["search"]); while (!job.IsDone) { Thread.Sleep(1000); } var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, // Return all entries. Count = 0 }; using (var stream = job.Results(outArgs)) { using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); foreach (string key in @event.Keys) { System.Console.WriteLine(" " + key + " -> " + @event[key]); } } } } }
/// <summary> /// Binds search results to GridView. /// </summary> /// <param name="sender">A sender</param> /// <param name="e">Event arguments</param> protected void Page_Load(object sender, EventArgs e) { // Load connection info for Splunk server in .splunkrc file, var cli = Command.Splunk(); var service = Service.Connect(cli.Opts); const string Search = "search * | stats count by sourcetype, source, host | sort -count"; var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, // Return all entries. Count = 0, }; using (var stream = service.Oneshot( Search, outArgs)) { using (var results = new ResultsReaderXml(stream)) { var summary = from @event in results let s = @event.ToDictionary( r => r.Key, // Convert event field values to string // type so that GridView can generate // columns for them. r => (string) r.Value) select new { source = s["source"], sourcetype = s["sourcetype"], host = s["host"], EventCount = s["count"], }; this.IndexSummaryGridView.DataSource = summary; this.IndexSummaryGridView.DataBind(); } } }
/// <summary> /// Binds search results to GridView. /// </summary> /// <param name="sender">A sender</param> /// <param name="e">Event arguments</param> protected void Page_Load(object sender, EventArgs e) { // Load connection info for Splunk server in .splunkrc file, var cli = Command.Splunk(); var service = Service.Connect(cli.Opts); const string Search = "search * | stats count by sourcetype, source, host | sort -count"; var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, // Return all entries. Count = 0, }; using (var stream = service.Oneshot( Search, outArgs)) { using (var results = new ResultsReaderXml(stream)) { var summary = from @event in results let s = @event.ToDictionary( r => r.Key, // Convert event field values to string // type so that GridView can generate // columns for them. r => (string)r.Value) select new { source = s["source"], sourcetype = s["sourcetype"], host = s["host"], EventCount = s["count"], }; this.IndexSummaryGridView.DataSource = summary; this.IndexSummaryGridView.DataBind(); } } }
public void JobResultStream() { var cli = SplunkSDKHelper.Command.Splunk("search"); cli.AddRule("search", typeof(string), "search string"); cli.Opts["search"] = "search index=_internal * | head 10 "; var service = Service.Connect(cli.Opts); var jobs = service.GetJobs(); var job = jobs.Create((string)cli.Opts["search"]); while (!job.IsDone) { System.Threading.Thread.Sleep(1000); } var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, Count = 0 }; try { using (var stream = job.Results(outArgs)) { using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); GC.Collect(); foreach (string key in @event.Keys) { System.Console.WriteLine(" " + key + " -> " + @event[key]); } } } } } catch (Exception e) { Assert.Fail(string.Format("Reading Job result throw exception : {0} ", e)); } try { using (var stream = service.Export((string)cli.Opts["search"])) { using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); GC.Collect(); foreach (string key in @event.Keys) { System.Console.WriteLine(" " + key + " -> " + @event[key]); } } } } } catch (Exception e) { Assert.Fail(string.Format("Export result throw exception : {0} ", e)); } }