Newest member of the Splunk’s SDK family – CSharp was finally released to the public last week.
Splunk SDK for CSharp is now available for download. The SDK enables all the basic use cases, some of which are listed below:
- Connect to Splunk
- Get data out from Splunk by running the blocking and asynchronous searches
- Export data from Splunk using the /export endpoint
- Write data into Splunk
- Manage Splunk objects
- and more …
Learn more and find out how to get started at Splunk SDK for CSharp. Download the SDK and let us know what you think at DevInfo.
Let’s take a look at some sample code …
Connect to Splunk
// Define the context of the Splunk service
ServiceArgs svcArgs = new ServiceArgs();
svcArgs.Host = "localhost";
svcArgs.Port = 8089;
// Create a Service instance and log in
Service service = new Service(svcArgs);
service = service.Login("admin", "changeme");
List Splunk objects, e.g. list of apps installed on Splunk
foreach (var app in service.GetApplications().Values)
{
Console.WriteLine(app.Name);
// Write a seperator between the name and the description of an app.
Console.WriteLine(Enumerable.Repeat('-', app.Name.Length).ToArray());
Console.WriteLine(app.Description);
Console.WriteLine();
}Run a search and display results
var jobs = service.GetJobs();
var job = jobs.Create("search index=_internal | head 10");
while (!job.IsDone)
{
Thread.Sleep(1000);
}
var outArgs = new Args
{
{ "output_mode", "json" },
};
using (var stream = job.Results(outArgs))
{
using (var rr = new ResultsReaderJson(stream))
{
foreach (var map in rr)
{
System.Console.WriteLine("EVENT:");
foreach (string key in map.Keys)
{
System.Console.WriteLine(" " + key + " -> " + map[key]);
}
}
}
}Write events into Splunk
var args = new Args
{
{ "source", "splunk-sdk-tests" },
{ "sourcetype", "splunk-sdk-test-event" }
};
Receiver receiver = new Receiver(service);
// Submit to default index using the simple receiver endpoint
receiver.Submit(args, "Hello World from C# SDK!");