public void InitializeEtwListener() { payload = GetNewPayloadObject(); var configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"]; EtwProviderSession(EtwListenerConfig.SessionName, EtwListenerConfig.ProviderId, true); var _etw = EtwTdhObservable.FromSession(EtwListenerConfig.SessionName); KqlNodeHub = KqlNodeHub.FromKqlQuery(_etw, DefaultOutput, EtwListenerConfig.ObservableName, EtwListenerConfig.KqlQuery); GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001); var textOfJsonConfig = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}")); SentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig); if (SentinelApiConfig.UseMmaCertificate) { logAnalyticsX509Certificate2 = CertificateManagement.FindOdsCertificateByWorkspaceId(SentinelApiConfig.WorkspaceId); } else { logAnalyticsX509Certificate2 = CertificateManagement.FindCertificateByThumbprint("MY", SentinelApiConfig.CertificateThumbprint, StoreLocation.LocalMachine); } GlobalLog.WriteToStringBuilderLog($"SampleData load [{configurationFile}].", 14001); var sampleData = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"XMLFile1.xml")); UploadBatchToLogAnalytics(sampleData, logAnalyticsX509Certificate2); }
static void UploadRealTime() { var etw = EtwTdhObservable.FromSession(_sessionName); var transformed = etw .Select(e => new EtwEvent(e)); var ku = new BlockingKustoUploader <EtwEvent>( _demoMode ? kscbAdmin : kscbIngest, _tableName, 10000, TimeSpan.FromSeconds(10)); using (transformed.Subscribe(ku)) { Console.WriteLine(); Console.WriteLine("Listening to real-time session '{0}'. Press Enter to termintate", _sessionName); Console.ReadLine(); } }