Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Splunk Logging Libraries for .NET: Is there a ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Logging Libraries for .NET: http://dev.splunk.com/view/splunk-loglib-dotnet/SP-CAAAEX4
Most of the samples and articles on this website tells about hosted version of Splunk Enterprise. These code samples does not work with Splunk Cloud. Could anyone post a C# sample code for HTTP Event Collector that really works with Splunk Cloud?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay I figured it out. The default timestamp has "," in the it and this is not according jSON datetime format. changed my console app default culture, and it worked.
Thread.CurrentThread.CurrentCulture = new CultureInfo("en-US");
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay I figured it out. The default timestamp has "," in the it and this is not according jSON datetime format. changed my console app default culture, and it worked.
Thread.CurrentThread.CurrentCulture = new CultureInfo("en-US");
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just sniffed what httpEventCollector .NET logging library is doing, I can see its posting following _Json object;
{"time":"1480703033,509","event":{"id":"0","severity":"Information","message":"WannaBeCloudLoggingSystem"}}
This would not work, since its missing index values;
How to set Index within c# Code?
Here is my Code;
var traceSource = new TraceSource("MyConsoleApp");
traceSource.Switch.Level = SourceLevels.All;
traceSource.Listeners.Clear();
var myListener = new HttpEventCollectorTraceListener(
uri: new Uri("https://http-inputs-crapcloudlogger.splunkcloud.com/services/collector/event"),
token: "T O K E N");
myListener.AddLoggingFailureHandler((HttpEventCollectorException e) => {
Console.WriteLine("{0}", e);
});
try
{
traceSource.Listeners.Add(myListener);
}
catch(Exception ex)
{ Console.WriteLine("{0}", ex);
}
traceSource.TraceEvent(TraceEventType.Information,0,"WannaBeCloudLoggingSystem");
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would answer my question self:
Here is the way to create a Metadata for for index:
var meta = new HttpEventCollectorEventInfo.Metadata(index: "loggly", source: "microservice1", sourceType: "_json", host: "numb");
but the challenge i guess is not the INDEX, but the time format, If I remove values after commma in the time then it works,
{"time":"1480703033","event":{"id":"0","severity":"Information","message":"WannaBeCloudLoggingSystem"}}
but why does Splunk Cloud not accept its own time format as described here?
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
