Getting Data In

Splunk Logging Libraries for .NET: Is there a C# sample code for HTTP Event Collector that works with Splunk Cloud?

maqsoodbhatti
Explorer

Splunk Logging Libraries for .NET: http://dev.splunk.com/view/splunk-loglib-dotnet/SP-CAAAEX4

Most of the samples and articles on this website tells about hosted version of Splunk Enterprise. These code samples does not work with Splunk Cloud. Could anyone post a C# sample code for HTTP Event Collector that really works with Splunk Cloud?

0 Karma
1 Solution

maqsoodbhatti
Explorer

Okay I figured it out. The default timestamp has "," in the it and this is not according jSON datetime format. changed my console app default culture, and it worked.

Thread.CurrentThread.CurrentCulture = new CultureInfo("en-US");

View solution in original post

maqsoodbhatti
Explorer

Okay I figured it out. The default timestamp has "," in the it and this is not according jSON datetime format. changed my console app default culture, and it worked.

Thread.CurrentThread.CurrentCulture = new CultureInfo("en-US");

maqsoodbhatti
Explorer

Just sniffed what httpEventCollector .NET logging library is doing, I can see its posting following _Json object;

{"time":"1480703033,509","event":{"id":"0","severity":"Information","message":"WannaBeCloudLoggingSystem"}}

This would not work, since its missing index values;

How to set Index within c# Code?

Here is my Code;

        var traceSource = new TraceSource("MyConsoleApp");
        traceSource.Switch.Level = SourceLevels.All;
        traceSource.Listeners.Clear();


        var myListener = new HttpEventCollectorTraceListener(
    uri: new Uri("https://http-inputs-crapcloudlogger.splunkcloud.com/services/collector/event"),
    token: "T O K E N");

        myListener.AddLoggingFailureHandler((HttpEventCollectorException e) => {
                Console.WriteLine("{0}", e);
            });

        try
            {
                traceSource.Listeners.Add(myListener);
            }
            catch(Exception ex)
            { Console.WriteLine("{0}", ex);
            }

        traceSource.TraceEvent(TraceEventType.Information,0,"WannaBeCloudLoggingSystem");
0 Karma

maqsoodbhatti
Explorer

I would answer my question self:

Here is the way to create a Metadata for for index:

var meta = new HttpEventCollectorEventInfo.Metadata(index: "loggly", source: "microservice1", sourceType: "_json", host: "numb");

but the challenge i guess is not the INDEX, but the time format, If I remove values after commma in the time then it works,

{"time":"1480703033","event":{"id":"0","severity":"Information","message":"WannaBeCloudLoggingSystem"}}

but why does Splunk Cloud not accept its own time format as described here?

http://dev.splunk.com/view/event-collector/SP-CAAAE6P

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...