/// <summary> /// The main program /// </summary> /// <param name="argv">The command line arguments</param> public static void Main(string[] argv) { // Load connection info for Splunk server in .splunkrc file. var component = new SplunkComponent(); component.OpenInput("main"); component.CloseInput(false); var cli = Command.Splunk("search"); cli.AddRule("search", typeof(string), "search string"); cli.Parse(argv); if (!cli.Opts.ContainsKey("search")) { System.Console.WriteLine("Search query string required, use --search=\"query\""); Environment.Exit(1); } var service = Service.Connect(cli.Opts); var jobs = service.GetJobs(); var job = jobs.Create((string)cli.Opts["search"]); while (!job.IsDone) { Thread.Sleep(1000); } var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, // Return all entries. Count = 0 }; using (var stream = job.Results(outArgs)) { using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); foreach (string key in @event.Keys) { System.Console.WriteLine(" " + key + " -> " + @event[key]); } } } } }
/// <summary> /// An example program to perform a oneshot search. /// </summary> /// <param name="argv">The command line arguments</param> public static void Main(string[] argv) { // Load connection info for Splunk server in .splunkrc file. var cli = Command.Splunk("search_oneshot"); cli.AddRule("search", typeof(string), "search string"); cli.Parse(argv); if (!cli.Opts.ContainsKey("search")) { System.Console.WriteLine( "Search query string required, use --search=\"query\""); Environment.Exit(1); } var service = Service.Connect(cli.Opts); var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, // Return all entries. Count = 0, }; using (var stream = service.Oneshot( (string)cli.Opts["search"], outArgs)) { using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); foreach (string key in @event.Keys) { System.Console.WriteLine( " " + key + " -> " + @event[key]); } } } } }
public string GetAllResults() { var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, // Return all entries. Count = 0 }; using (var stream = job.Results(outArgs)) { var setting = new XmlReaderSettings { ConformanceLevel = ConformanceLevel.Fragment, }; using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { events.Add(@event); } } using (var rr = XmlReader.Create(stream, setting)) { return rr.ReadOuterXml(); } } return null; }
/// <summary> /// The main program /// </summary> /// <param name="argv">The command line arguments</param> public static void Main(string[] argv) { Command cli = Command.Splunk("search_realtime"); cli.AddRule("search", typeof(string), "search string"); cli.Parse(argv); if (!cli.Opts.ContainsKey("search")) { System.Console.WriteLine( "Search query string required, use --search=\"query\""); Environment.Exit(1); } var service = Service.Connect(cli.Opts); // Realtime window is 5 minutes var queryArgs = new JobArgs { SearchMode = JobArgs.SearchModeEnum.Realtime, EarliestTime = "rt-5m", LatestTime = "rt", }; var job = service.GetJobs().Create( (string)cli.Opts["search"], queryArgs); var outputArgs = new JobResultsPreviewArgs { OutputMode = JobResultsPreviewArgs.OutputModeEnum.Xml, // Return all entries. Count = 0 }; for (var i = 0; i < 5; i++) { System.Console.WriteLine(); System.Console.WriteLine(); System.Console.WriteLine("Snapshot " + i + ":"); using (var stream = job.ResultsPreview(outputArgs)) { using(var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); foreach (string key in @event.Keys) { System.Console.WriteLine( " " + key + " -> " + @event[key]); } } } } Thread.Sleep(500); } job.Cancel(); }
public void IndexArgs() { string indexName = "sdk-tests2"; DateTimeOffset offset = new DateTimeOffset(DateTime.Now); string now = DateTime.UtcNow.ToString("yyyy-MM-dd'T'HH:mm:ss") + string.Format("{0}{1} ", offset.Offset.Hours.ToString("D2"), offset.Offset.Minutes.ToString("D2")); Service service = this.Connect(); Index index = service.GetIndexes().Get(indexName); index.Enable(); Assert.IsFalse(index.IsDisabled); Args indexProperties = GetIndexProperties(index); ClearIndex(service, indexName, index); // submit event to index using variable arguments index.Submit(indexProperties, now + " Hello World. \u0150"); index.Submit(indexProperties, now + " Goodbye World. \u0150"); WaitUntilEventCount(index, 2, 45); ClearIndex(service, indexName, index); // stream event to index with variable arguments Stream streamArgs = index.Attach(indexProperties); streamArgs.Write(Encoding.UTF8.GetBytes(now + " Hello World again. \u0150\r\n")); streamArgs.Write(Encoding.UTF8.GetBytes(now + " Goodbye World again.\u0150\r\n")); streamArgs.Close(); WaitUntilEventCount(index, 2, 45); // submit event using ReceiverSubmitArgs const string Source = "splunk-sdk-tests"; const string SourceType = "splunk-sdk-test-event"; const string Host = "test-host"; var args = new ReceiverSubmitArgs { Index = indexName, Host = Host, Source = Source, SourceType = SourceType, }; var receiver = service.GetReceiver(); receiver.Submit(args, "Hello World."); receiver.Submit(args, "Goodbye world."); WaitUntilEventCount(index, 4, 45); // verify the fields of events in the index matching the args. using (var stream = service.Oneshot( string.Format( "search index={0} host={1} source={2} sourcetype={3}", indexName, Host, Source, SourceType))) using (var reader = new ResultsReaderXml(stream)) { Assert.AreEqual(2, reader.Count()); } ClearIndex(service, indexName, index); index.Clean(180); Assert.AreEqual(0, index.TotalEventCount, "Expected the total event count to be 0"); }
public void JobResultStream() { var cli = SplunkSDKHelper.Command.Splunk("search"); cli.AddRule("search", typeof(string), "search string"); cli.Opts["search"] = "search index=_internal * | head 10 "; var service = Service.Connect(cli.Opts); var jobs = service.GetJobs(); var job = jobs.Create((string)cli.Opts["search"]); while (!job.IsDone) { System.Threading.Thread.Sleep(1000); } var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, Count = 0 }; try { using (var stream = job.Results(outArgs)) { using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); GC.Collect(); foreach (string key in @event.Keys) { System.Console.WriteLine(" " + key + " -> " + @event[key]); } } } } } catch (Exception e) { Assert.Fail(string.Format("Reading Job result throw exception : {0} ", e)); } try { using (var stream = service.Export((string)cli.Opts["search"])) { using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); GC.Collect(); foreach (string key in @event.Keys) { System.Console.WriteLine(" " + key + " -> " + @event[key]); } } } } } catch (Exception e) { Assert.Fail(string.Format("Export result throw exception : {0} ", e)); } }