Getting Data In

Splunk Logging Libraries for .NET: Is there a C# sample code for HTTP Event Collector that works with Splunk Cloud?

maqsoodbhatti
Explorer

Splunk Logging Libraries for .NET: http://dev.splunk.com/view/splunk-loglib-dotnet/SP-CAAAEX4

Most of the samples and articles on this website tells about hosted version of Splunk Enterprise. These code samples does not work with Splunk Cloud. Could anyone post a C# sample code for HTTP Event Collector that really works with Splunk Cloud?

0 Karma
1 Solution

maqsoodbhatti
Explorer

Okay I figured it out. The default timestamp has "," in the it and this is not according jSON datetime format. changed my console app default culture, and it worked.

Thread.CurrentThread.CurrentCulture = new CultureInfo("en-US");

View solution in original post

maqsoodbhatti
Explorer

Okay I figured it out. The default timestamp has "," in the it and this is not according jSON datetime format. changed my console app default culture, and it worked.

Thread.CurrentThread.CurrentCulture = new CultureInfo("en-US");

maqsoodbhatti
Explorer

Just sniffed what httpEventCollector .NET logging library is doing, I can see its posting following _Json object;

{"time":"1480703033,509","event":{"id":"0","severity":"Information","message":"WannaBeCloudLoggingSystem"}}

This would not work, since its missing index values;

How to set Index within c# Code?

Here is my Code;

        var traceSource = new TraceSource("MyConsoleApp");
        traceSource.Switch.Level = SourceLevels.All;
        traceSource.Listeners.Clear();


        var myListener = new HttpEventCollectorTraceListener(
    uri: new Uri("https://http-inputs-crapcloudlogger.splunkcloud.com/services/collector/event"),
    token: "T O K E N");

        myListener.AddLoggingFailureHandler((HttpEventCollectorException e) => {
                Console.WriteLine("{0}", e);
            });

        try
            {
                traceSource.Listeners.Add(myListener);
            }
            catch(Exception ex)
            { Console.WriteLine("{0}", ex);
            }

        traceSource.TraceEvent(TraceEventType.Information,0,"WannaBeCloudLoggingSystem");
0 Karma

maqsoodbhatti
Explorer

I would answer my question self:

Here is the way to create a Metadata for for index:

var meta = new HttpEventCollectorEventInfo.Metadata(index: "loggly", source: "microservice1", sourceType: "_json", host: "numb");

but the challenge i guess is not the INDEX, but the time format, If I remove values after commma in the time then it works,

{"time":"1480703033","event":{"id":"0","severity":"Information","message":"WannaBeCloudLoggingSystem"}}

but why does Splunk Cloud not accept its own time format as described here?

http://dev.splunk.com/view/event-collector/SP-CAAAE6P

0 Karma
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...