public void TestReadXmlSplunk5MVAndFieldRaw() { var input = this.OpenResourceFileFromDataFolder( Splunk502XmlInputFilePath); var reader = new ResultsReaderXml(input); Assert.IsFalse(reader.IsPreview); var events = reader.ToArray(); var valuesSi = events[0]["_si"].GetArray(); Assert.AreEqual(valuesSi.Length, 2); Assert.AreEqual(valuesSi[1], "_internal"); Assert.IsTrue(events[2]["_raw"].ToString().Contains( @"""GET /services/messages HTTP/1.1""")); Assert.IsFalse(events[2]["_raw"].ToString().Contains( @"<v")); // Verify handling of XML charactor escaping. Assert.AreEqual( @"..._-__[//:::._-]_""_/-///_/.""___""://:/-//?=.&=""_""/", events[1]["punct"]); }
public void TestReadXml() { var input = this.OpenResourceFileFromDataFolder( SplunkXmlInputFilePath); var reader = new ResultsReaderXml(input); this.TestRead(reader); }
public void TestReadXmlEmpty() { var input = this.OpenResourceFileFromDataFolder( Splunk502XmlEmptyInputFilePath); var reader = new ResultsReaderXml(input); Assert.IsFalse(reader.IsPreview); var fields = reader.Fields.ToArray(); Assert.AreEqual(0, fields.Length); var events = reader.ToArray(); Assert.AreEqual(0, events.Length); }
/// <summary> /// The main program /// </summary> /// <param name="argv">The command line arguments</param> public static void Main(string[] argv) { // Load connection info for Splunk server in .splunkrc file. var cli = Command.Splunk("search"); cli.AddRule("search", typeof(string), "search string"); cli.Parse(argv); if (!cli.Opts.ContainsKey("search")) { System.Console.WriteLine("Search query string required, use --search=\"query\""); Environment.Exit(1); } var service = Service.Connect(cli.Opts); var jobs = service.GetJobs(); var job = jobs.Create((string)cli.Opts["search"]); while (!job.IsDone) { Thread.Sleep(1000); } var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, // Return all entries. Count = 0 }; using (var stream = job.Results(outArgs)) { using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); foreach (string key in @event.Keys) { System.Console.WriteLine(" " + key + " -> " + @event[key]); } } } } }
/// <summary> /// Binds search results to GridView. /// </summary> /// <param name="sender">A sender</param> /// <param name="e">Event arguments</param> protected void Page_Load(object sender, EventArgs e) { // Load connection info for Splunk server in .splunkrc file, var cli = Command.Splunk(); var service = Service.Connect(cli.Opts); const string Search = "search * | stats count by sourcetype, source, host | sort -count"; var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, // Return all entries. Count = 0, }; using (var stream = service.Oneshot( Search, outArgs)) { using (var results = new ResultsReaderXml(stream)) { var summary = from @event in results let s = @event.ToDictionary( r => r.Key, // Convert event field values to string // type so that GridView can generate // columns for them. r => (string) r.Value) select new { source = s["source"], sourcetype = s["sourcetype"], host = s["host"], EventCount = s["count"], }; this.IndexSummaryGridView.DataSource = summary; this.IndexSummaryGridView.DataBind(); } } }
/// <summary> /// Binds search results to GridView. /// </summary> /// <param name="sender">A sender</param> /// <param name="e">Event arguments</param> protected void Page_Load(object sender, EventArgs e) { // Load connection info for Splunk server in .splunkrc file, var cli = Command.Splunk(); var service = Service.Connect(cli.Opts); const string Search = "search * | stats count by sourcetype, source, host | sort -count"; var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, // Return all entries. Count = 0, }; using (var stream = service.Oneshot( Search, outArgs)) { using (var results = new ResultsReaderXml(stream)) { var summary = from @event in results let s = @event.ToDictionary( r => r.Key, // Convert event field values to string // type so that GridView can generate // columns for them. r => (string)r.Value) select new { source = s["source"], sourcetype = s["sourcetype"], host = s["host"], EventCount = s["count"], }; this.IndexSummaryGridView.DataSource = summary; this.IndexSummaryGridView.DataBind(); } } }
public void TestReadXmlPreviewAndFields() { var input = this.OpenResourceFileFromDataFolder( Splunk435PreviewXmlInputFilePath); var reader = new ResultsReaderXml(input); Assert.IsTrue(reader.IsPreview); var fields = reader.Fields.ToArray(); Assert.AreEqual(fields[0], "_cd"); Assert.AreEqual(fields[fields.Length - 1], "version"); CollectionAssert.Contains(fields, "_raw"); CollectionAssert.Contains(fields, "mean_preview_period"); var events = reader.ToArray(); var event0 = events[0]; Assert.AreEqual(event0["_cd"], "54:8568"); Assert.AreEqual( (int)event0["timestartpos"], 0); Assert.AreEqual(events.Length, 10); var event9 = events[9]; var expectedRawFieldValue = @"12-19-2012 11:50:14.351 -0800 INFO Metrics - group=search_concurrency, system total, active_hist_searches=0, active_realtime_searches=0"; var expectedSegmentedRaw = "<v xml:space=\"preserve\" trunc=\"0\">12-19-2012 11:50:14.351 -0800 INFO Metrics - group=<sg h=\"1\">search</sg>_concurrency, system total, active_hist_searches=0, active_realtime_searches=0</v>"; Assert.AreEqual(expectedRawFieldValue, event9["_raw"]); Assert.AreEqual(expectedSegmentedRaw, event9.SegmentedRaw); }
public void JobResultStream() { var cli = SplunkSDKHelper.Command.Splunk("search"); cli.AddRule("search", typeof(string), "search string"); cli.Opts["search"] = "search index=_internal * | head 10 "; var service = Service.Connect(cli.Opts); var jobs = service.GetJobs(); var job = jobs.Create((string)cli.Opts["search"]); while (!job.IsDone) { System.Threading.Thread.Sleep(1000); } var outArgs = new JobResultsArgs { OutputMode = JobResultsArgs.OutputModeEnum.Xml, Count = 0 }; try { using (var stream = job.Results(outArgs)) { using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); GC.Collect(); foreach (string key in @event.Keys) { System.Console.WriteLine(" " + key + " -> " + @event[key]); } } } } } catch (Exception e) { Assert.Fail(string.Format("Reading Job result throw exception : {0} ", e)); } try { using (var stream = service.Export((string)cli.Opts["search"])) { using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); GC.Collect(); foreach (string key in @event.Keys) { System.Console.WriteLine(" " + key + " -> " + @event[key]); } } } } } catch (Exception e) { Assert.Fail(string.Format("Export result throw exception : {0} ", e)); } }
public void IndexArgs() { string indexName = "sdk-tests2"; DateTimeOffset offset = new DateTimeOffset(DateTime.Now); string now = DateTime.UtcNow.ToString("yyyy-MM-dd'T'HH:mm:ss") + string.Format("{0}{1} ", offset.Offset.Hours.ToString("D2"), offset.Offset.Minutes.ToString("D2")); Service service = this.Connect(); Index index = service.GetIndexes().Get(indexName); index.Enable(); Assert.IsFalse(index.IsDisabled); Args indexProperties = GetIndexProperties(index); ClearIndex(service, indexName, index); // submit event to index using variable arguments index.Submit(indexProperties, now + " Hello World. \u0150"); index.Submit(indexProperties, now + " Goodbye World. \u0150"); WaitUntilEventCount(index, 2, 45); ClearIndex(service, indexName, index); // stream event to index with variable arguments Stream streamArgs = index.Attach(indexProperties); streamArgs.Write(Encoding.UTF8.GetBytes(now + " Hello World again. \u0150\r\n")); streamArgs.Write(Encoding.UTF8.GetBytes(now + " Goodbye World again.\u0150\r\n")); streamArgs.Close(); WaitUntilEventCount(index, 2, 45); // submit event using ReceiverSubmitArgs const string Source = "splunk-sdk-tests"; const string SourceType = "splunk-sdk-test-event"; const string Host = "test-host"; var args = new ReceiverSubmitArgs { Index = indexName, Host = Host, Source = Source, SourceType = SourceType, }; var receiver = service.GetReceiver(); receiver.Submit(args, "Hello World."); receiver.Submit(args, "Goodbye world."); WaitUntilEventCount(index, 4, 45); // verify the fields of events in the index matching the args. using (var stream = service.Oneshot( string.Format( "search index={0} host={1} source={2} sourcetype={3}", indexName, Host, Source, SourceType))) using (var reader = new ResultsReaderXml(stream)) { Assert.AreEqual(2, reader.Count()); } ClearIndex(service, indexName, index); index.Clean(180); Assert.AreEqual(0, index.TotalEventCount, "Expected the total event count to be 0"); }
/// <summary> /// The main program /// </summary> /// <param name="argv">The command line arguments</param> public static void Main(string[] argv) { Command cli = Command.Splunk("search_realtime"); cli.AddRule("search", typeof(string), "search string"); cli.Parse(argv); if (!cli.Opts.ContainsKey("search")) { System.Console.WriteLine( "Search query string required, use --search=\"query\""); Environment.Exit(1); } var service = Service.Connect(cli.Opts); // Realtime window is 5 minutes var queryArgs = new JobArgs { SearchMode = JobArgs.SearchModeEnum.Realtime, EarliestTime = "rt-5m", LatestTime = "rt", }; var job = service.GetJobs().Create( (string)cli.Opts["search"], queryArgs); var outputArgs = new JobResultsPreviewArgs { OutputMode = JobResultsPreviewArgs.OutputModeEnum.Xml, // Return all entries. Count = 0 }; for (var i = 0; i < 5; i++) { System.Console.WriteLine(); System.Console.WriteLine(); System.Console.WriteLine("Snapshot " + i + ":"); using (var stream = job.ResultsPreview(outputArgs)) { using (var rr = new ResultsReaderXml(stream)) { foreach (var @event in rr) { System.Console.WriteLine("EVENT:"); foreach (string key in @event.Keys) { System.Console.WriteLine( " " + key + " -> " + @event[key]); } } } } Thread.Sleep(500); } job.Cancel(); }