public void TestReadXmlSplunk5MVAndFieldRaw()
{
var input = this.OpenResourceFileFromDataFolder(
Splunk502XmlInputFilePath);
var reader = new ResultsReaderXml(input);
Assert.IsFalse(reader.IsPreview);
var events = reader.ToArray();
var valuesSi = events[0]["_si"].GetArray();
Assert.AreEqual(valuesSi.Length, 2);
Assert.AreEqual(valuesSi[1], "_internal");
Assert.IsTrue(events[2]["_raw"].ToString().Contains(
@"""GET /services/messages HTTP/1.1"""));
Assert.IsFalse(events[2]["_raw"].ToString().Contains(
@"<v"));
// Verify handling of XML charactor escaping.
Assert.AreEqual(
@"..._-__[//:::._-]_""_/-///_/.""___""://:/-//?=.&=""_""/",
events[1]["punct"]);
}
public void TestReadXml()
{
var input = this.OpenResourceFileFromDataFolder(
SplunkXmlInputFilePath);
var reader = new ResultsReaderXml(input);
this.TestRead(reader);
}
public void TestReadXmlEmpty()
{
var input = this.OpenResourceFileFromDataFolder(
Splunk502XmlEmptyInputFilePath);
var reader = new ResultsReaderXml(input);
Assert.IsFalse(reader.IsPreview);
var fields = reader.Fields.ToArray();
Assert.AreEqual(0, fields.Length);
var events = reader.ToArray();
Assert.AreEqual(0, events.Length);
}
/// <summary>
/// The main program
/// </summary>
/// <param name="argv">The command line arguments</param>
public static void Main(string[] argv)
{
// Load connection info for Splunk server in .splunkrc file.
var cli = Command.Splunk("search");
cli.AddRule("search", typeof(string), "search string");
cli.Parse(argv);
if (!cli.Opts.ContainsKey("search"))
{
System.Console.WriteLine("Search query string required, use --search=\"query\"");
Environment.Exit(1);
}
var service = Service.Connect(cli.Opts);
var jobs = service.GetJobs();
var job = jobs.Create((string)cli.Opts["search"]);
while (!job.IsDone)
{
Thread.Sleep(1000);
}
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0
};
using (var stream = job.Results(outArgs))
{
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
foreach (string key in @event.Keys)
{
System.Console.WriteLine(" " + key + " -> " + @event[key]);
}
}
}
}
}
/// <summary>
/// Binds search results to GridView.
/// </summary>
/// <param name="sender">A sender</param>
/// <param name="e">Event arguments</param>
protected void Page_Load(object sender, EventArgs e)
{
// Load connection info for Splunk server in .splunkrc file,
var cli = Command.Splunk();
var service = Service.Connect(cli.Opts);
const string Search =
"search * | stats count by sourcetype, source, host | sort -count";
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0,
};
using (var stream = service.Oneshot(
Search,
outArgs))
{
using (var results = new ResultsReaderXml(stream))
{
var summary = from @event in results
let s = @event.ToDictionary(
r => r.Key,
// Convert event field values to string
// type so that GridView can generate
// columns for them.
r => (string) r.Value)
select new
{
source = s["source"],
sourcetype = s["sourcetype"],
host = s["host"],
EventCount = s["count"],
};
this.IndexSummaryGridView.DataSource = summary;
this.IndexSummaryGridView.DataBind();
}
}
}
/// <summary>
/// Binds search results to GridView.
/// </summary>
/// <param name="sender">A sender</param>
/// <param name="e">Event arguments</param>
protected void Page_Load(object sender, EventArgs e)
{
// Load connection info for Splunk server in .splunkrc file,
var cli = Command.Splunk();
var service = Service.Connect(cli.Opts);
const string Search =
"search * | stats count by sourcetype, source, host | sort -count";
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0,
};
using (var stream = service.Oneshot(
Search,
outArgs))
{
using (var results = new ResultsReaderXml(stream))
{
var summary = from @event in results
let s = @event.ToDictionary(
r => r.Key,
// Convert event field values to string
// type so that GridView can generate
// columns for them.
r => (string)r.Value)
select new
{
source = s["source"],
sourcetype = s["sourcetype"],
host = s["host"],
EventCount = s["count"],
};
this.IndexSummaryGridView.DataSource = summary;
this.IndexSummaryGridView.DataBind();
}
}
}
public void TestReadXmlPreviewAndFields()
{
var input = this.OpenResourceFileFromDataFolder(
Splunk435PreviewXmlInputFilePath);
var reader = new ResultsReaderXml(input);
Assert.IsTrue(reader.IsPreview);
var fields = reader.Fields.ToArray();
Assert.AreEqual(fields[0], "_cd");
Assert.AreEqual(fields[fields.Length - 1], "version");
CollectionAssert.Contains(fields, "_raw");
CollectionAssert.Contains(fields, "mean_preview_period");
var events = reader.ToArray();
var event0 = events[0];
Assert.AreEqual(event0["_cd"], "54:8568");
Assert.AreEqual(
(int)event0["timestartpos"],
0);
Assert.AreEqual(events.Length, 10);
var event9 = events[9];
var expectedRawFieldValue =
@"12-19-2012 11:50:14.351 -0800 INFO Metrics - group=search_concurrency, system total, active_hist_searches=0, active_realtime_searches=0";
var expectedSegmentedRaw =
"<v xml:space=\"preserve\" trunc=\"0\">12-19-2012 11:50:14.351 -0800 INFO Metrics - group=<sg h=\"1\">search</sg>_concurrency, system total, active_hist_searches=0, active_realtime_searches=0</v>";
Assert.AreEqual(expectedRawFieldValue, event9["_raw"]);
Assert.AreEqual(expectedSegmentedRaw, event9.SegmentedRaw);
}
public void JobResultStream()
{
var cli = SplunkSDKHelper.Command.Splunk("search");
cli.AddRule("search", typeof(string), "search string");
cli.Opts["search"] = "search index=_internal * | head 10 ";
var service = Service.Connect(cli.Opts);
var jobs = service.GetJobs();
var job = jobs.Create((string)cli.Opts["search"]);
while (!job.IsDone)
{
System.Threading.Thread.Sleep(1000);
}
var outArgs = new JobResultsArgs
{
OutputMode = JobResultsArgs.OutputModeEnum.Xml,
Count = 0
};
try
{
using (var stream = job.Results(outArgs))
{
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
GC.Collect();
foreach (string key in @event.Keys)
{
System.Console.WriteLine(" " + key + " -> " + @event[key]);
}
}
}
}
}
catch (Exception e)
{
Assert.Fail(string.Format("Reading Job result throw exception : {0} ", e));
}
try
{
using (var stream = service.Export((string)cli.Opts["search"]))
{
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
GC.Collect();
foreach (string key in @event.Keys)
{
System.Console.WriteLine(" " + key + " -> " + @event[key]);
}
}
}
}
}
catch (Exception e)
{
Assert.Fail(string.Format("Export result throw exception : {0} ", e));
}
}
public void IndexArgs()
{
string indexName = "sdk-tests2";
DateTimeOffset offset = new DateTimeOffset(DateTime.Now);
string now = DateTime.UtcNow.ToString("yyyy-MM-dd'T'HH:mm:ss") +
string.Format("{0}{1} ", offset.Offset.Hours.ToString("D2"), offset.Offset.Minutes.ToString("D2"));
Service service = this.Connect();
Index index = service.GetIndexes().Get(indexName);
index.Enable();
Assert.IsFalse(index.IsDisabled);
Args indexProperties = GetIndexProperties(index);
ClearIndex(service, indexName, index);
// submit event to index using variable arguments
index.Submit(indexProperties, now + " Hello World. \u0150");
index.Submit(indexProperties, now + " Goodbye World. \u0150");
WaitUntilEventCount(index, 2, 45);
ClearIndex(service, indexName, index);
// stream event to index with variable arguments
Stream streamArgs = index.Attach(indexProperties);
streamArgs.Write(Encoding.UTF8.GetBytes(now + " Hello World again. \u0150\r\n"));
streamArgs.Write(Encoding.UTF8.GetBytes(now + " Goodbye World again.\u0150\r\n"));
streamArgs.Close();
WaitUntilEventCount(index, 2, 45);
// submit event using ReceiverSubmitArgs
const string Source = "splunk-sdk-tests";
const string SourceType = "splunk-sdk-test-event";
const string Host = "test-host";
var args = new ReceiverSubmitArgs
{
Index = indexName,
Host = Host,
Source = Source,
SourceType = SourceType,
};
var receiver = service.GetReceiver();
receiver.Submit(args, "Hello World.");
receiver.Submit(args, "Goodbye world.");
WaitUntilEventCount(index, 4, 45);
// verify the fields of events in the index matching the args.
using (var stream =
service.Oneshot(
string.Format(
"search index={0} host={1} source={2} sourcetype={3}",
indexName,
Host,
Source,
SourceType)))
using (var reader = new ResultsReaderXml(stream))
{
Assert.AreEqual(2, reader.Count());
}
ClearIndex(service, indexName, index);
index.Clean(180);
Assert.AreEqual(0, index.TotalEventCount, "Expected the total event count to be 0");
}
/// <summary>
/// The main program
/// </summary>
/// <param name="argv">The command line arguments</param>
public static void Main(string[] argv)
{
Command cli = Command.Splunk("search_realtime");
cli.AddRule("search", typeof(string), "search string");
cli.Parse(argv);
if (!cli.Opts.ContainsKey("search"))
{
System.Console.WriteLine(
"Search query string required, use --search=\"query\"");
Environment.Exit(1);
}
var service = Service.Connect(cli.Opts);
// Realtime window is 5 minutes
var queryArgs = new JobArgs
{
SearchMode = JobArgs.SearchModeEnum.Realtime,
EarliestTime = "rt-5m",
LatestTime = "rt",
};
var job = service.GetJobs().Create(
(string)cli.Opts["search"],
queryArgs);
var outputArgs = new JobResultsPreviewArgs
{
OutputMode = JobResultsPreviewArgs.OutputModeEnum.Xml,
// Return all entries.
Count = 0
};
for (var i = 0; i < 5; i++)
{
System.Console.WriteLine();
System.Console.WriteLine();
System.Console.WriteLine("Snapshot " + i + ":");
using (var stream = job.ResultsPreview(outputArgs))
{
using (var rr = new ResultsReaderXml(stream))
{
foreach (var @event in rr)
{
System.Console.WriteLine("EVENT:");
foreach (string key in @event.Keys)
{
System.Console.WriteLine(
" " + key + " -> " + @event[key]);
}
}
}
}
Thread.Sleep(500);
}
job.Cancel();
}
