/// <summary>
/// The main program
/// </summary>
/// <param name="argv">The command line arguments</param>
public static void Main(string[] argv)
{
// Load connection info for Splunk server in .splunkrc file.
var cli = Command.Splunk("search");
cli.AddRule("search", typeof(string), "search string");
cli.Parse(argv);
if (!cli.Opts.ContainsKey("search"))
{
System.Console.WriteLine("Search query string required, use --search=\"query\"");
Environment.Exit(1);
}
var service = Service.Connect(cli.Opts);
var jobs = service.GetJobs();
var job = jobs.Create((string)cli.Opts["search"]);
while (!job.IsDone)
{
Thread.Sleep(1000);
}
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0
};
using (var stream = job.Results(outArgs))
{
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
foreach (string key in @event.Keys)
{
System.Console.WriteLine(" " + key + " -> " + @event[key]);
}
}
}
}
}
/// <summary>
/// Binds search results to GridView.
/// </summary>
/// <param name="sender">A sender</param>
/// <param name="e">Event arguments</param>
protected void Page_Load(object sender, EventArgs e)
{
// Load connection info for Splunk server in .splunkrc file,
var cli = Command.Splunk();
var service = Service.Connect(cli.Opts);
const string Search =
"search * | stats count by sourcetype, source, host | sort -count";
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0,
};
using (var stream = service.Oneshot(
Search,
outArgs))
{
using (var results = new ResultsReaderXml(stream))
{
var summary = from @event in results
let s = @event.ToDictionary(
r => r.Key,
// Convert event field values to string
// type so that GridView can generate
// columns for them.
r => (string) r.Value)
select new
{
source = s["source"],
sourcetype = s["sourcetype"],
host = s["host"],
EventCount = s["count"],
};
this.IndexSummaryGridView.DataSource = summary;
this.IndexSummaryGridView.DataBind();
}
}
}
/// <summary>
/// Binds search results to GridView.
/// </summary>
/// <param name="sender">A sender</param>
/// <param name="e">Event arguments</param>
protected void Page_Load(object sender, EventArgs e)
{
// Load connection info for Splunk server in .splunkrc file,
var cli = Command.Splunk();
var service = Service.Connect(cli.Opts);
const string Search =
"search * | stats count by sourcetype, source, host | sort -count";
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0,
};
using (var stream = service.Oneshot(
Search,
outArgs))
{
using (var results = new ResultsReaderXml(stream))
{
var summary = from @event in results
let s = @event.ToDictionary(
r => r.Key,
// Convert event field values to string
// type so that GridView can generate
// columns for them.
r => (string)r.Value)
select new
{
source = s["source"],
sourcetype = s["sourcetype"],
host = s["host"],
EventCount = s["count"],
};
this.IndexSummaryGridView.DataSource = summary;
this.IndexSummaryGridView.DataBind();
}
}
}
public void JobResultStream()
{
var cli = SplunkSDKHelper.Command.Splunk("search");
cli.AddRule("search", typeof(string), "search string");
cli.Opts["search"] = "search index=_internal * | head 10 ";
var service = Service.Connect(cli.Opts);
var jobs = service.GetJobs();
var job = jobs.Create((string)cli.Opts["search"]);
while (!job.IsDone)
{
System.Threading.Thread.Sleep(1000);
}
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
Count = 0
};
try
{
using (var stream = job.Results(outArgs))
{
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
GC.Collect();
foreach (string key in @event.Keys)
{
System.Console.WriteLine(" " + key + " -> " + @event[key]);
}
}
}
}
}
catch (Exception e)
{
Assert.Fail(string.Format("Reading Job result throw exception : {0} ", e));
}
try
{
using (var stream = service.Export((string)cli.Opts["search"]))
{
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
GC.Collect();
foreach (string key in @event.Keys)
{
System.Console.WriteLine(" " + key + " -> " + @event[key]);
}
}
}
}
}
catch (Exception e)
{
Assert.Fail(string.Format("Export result throw exception : {0} ", e));
}
}
