Skip to content
This repository has been archived by the owner on Apr 4, 2023. It is now read-only.

Latest commit

 

History

History
234 lines (152 loc) · 14.6 KB

README.md

File metadata and controls

234 lines (152 loc) · 14.6 KB

Splunk Enterprise SDK for C#

Version 2.2.9

Deprecation Notice

Please note that the Splunk Enterprise SDK for C# v2.x is deprecated.

What deprecation means

  • Splunk will no longer provide any feature enhancements, bug fixes and support to the Splunk Enterprise SDK for C# v2.x.
  • The resources relating to the Splunk Enterprise SDK for C# v2.x will soon be removed from dev.splunk.com and will only be available in the GitHub repository.
  • Apps that use the Splunk Enterprise SDK for C# v2.x will continue to work as they do now.
  • The Splunk Enterprise SDK for C# v2.x project will continue to be available as an archived repo on GitHub, should developers want to clone or fork the project.

Recommendation for new app development and app updates

Splunk is no longer investing in the Splunk Enterprise SDK for C# v2.x. We recommend that any app development be done using these other approaches:

  • Directly using the Splunk REST API in the language of their choice.

For existing apps that use the Splunk Enterprise SDK for C# v2.x, we request that developers update their apps to use one of the above approaches. We encourage you to post your feedback and questions regarding this to Splunk Answers in the "Splunk Development" community with the tag splunk-csharp-sdk.

The Splunk Enterprise Software Development Kit (SDK) for C# contains library code and examples designed to enable developers to build applications using the Splunk platform.

The Splunk platform is a search engine and analytic environment that uses a distributed map-reduce architecture to efficiently index, search, and process large time-varying data sets.

The Splunk platform is popular with system administrators for aggregation and monitoring of IT machine data, security, compliance, and a wide variety of other scenarios that share a requirement to efficiently index, search, analyze, and generate real-time notifications from large volumes of time-series data.

The Splunk developer platform enables developers to take advantage of the same technology used by the Splunk platform to build exciting new applications.

For more information, see Splunk Enterprise SDK for C# on the Splunk Developer Portal.

What's new in Version 2.x

Version 2.0 introduces new modern APIs that leverage the latest .NET platform advancements.

  • Async. All APIs are 100% asynchronous supporting the new async/await features.
  • All APIs follow .NET guidelines and abide by FxCop and StyleCop rules.
  • Reactive Extensions. Splunk Enterprise query results implement IObservable, allowing usage with the .NET Reactive Extensions.
  • Support for cross-platform development. The Splunk API client (Splunk.Client.dll) in the new version is a Portable Class Library supporting .NET development on multiple platforms.

Below is an example of a simple one shot search:

using Splunk.Client;

var service = new Service(new Uri("https://localhost:8089"));

//login
await service.LogOnAsync("admin", "changeme");

//create a One Shot Search and retrieve the results
var searchResults = await service.SearchOneShotSearchAsync("search index=_internal | head 10");

//loop through the results
foreach (var result in searchResults)
{
    //write out the raw event
    Console.WriteLine(string.Format("{0:D8}: {1}", ++recordNumber, result.GetValue("_raw")));
}

Supported platforms

This SDK supports .NET 4.5/Mono 3.4, PCL (Windows 8.1), iOS (via Xamarin.iOS), and Android (via Xamarin.Android) platforms.

Compatibility

The Splunk Enterprise SDK for C# version 2.x is a rewrite of the 1.x SDK, and introduces completely new APIs.

Important: Applications built with Splunk Enterprise SDK for C# version 1.x will not recompile using Splunk Enterprise SDK for C# version 2.xf.

Splunk Enterprise SDK for C# version 2.x includes a subset of the capability in version 1.0 of the SDK, and focuses on the most common customer scenarios. The major focus areas are search, search jobs, configuration, and modular inputs.

The areas that are covered are:

  • Login
  • Access control (users and passwords)
  • Searches (normal, blocking, oneshot, and export)
  • Jobs
  • Reports (saved searches)
  • Configuration and properties
  • Indexes
  • Inputs (sending simple and streamed events to Splunk Enterprise)
  • Applications
  • Modular inputs

See the Splunk REST API Coverage for details.

Getting started with the Splunk Enterprise SDK for C#

The Splunk Enterprise SDK for C# contains library code and examples that show how to programmatically interact with the Splunk platform for a variety of scenarios including searching, saved searches, data inputs, and many more, along with building complete applications.

Requirements

Here's what you need to get going with the Splunk Enterprise SDK for C# version 2.x.

  • Splunk Enterprise

    If you haven't already installed Splunk Enterprise, download it here. For more information, see the Splunk Enterprise Installation Manual.

    The Splunk Enterprise SDK for C# has been tested with Splunk Enterprise 7.0 and 7.2.

  • Splunk Enterprise SDK for C#

    • Use the MyGet feed

      Download the Splunk SDK C# NuGet packages from MyGet. Add the following feed to your package sources in Visual Studio: https://splunk.myget.org/F/splunk-sdk-csharp-pcl/

      The following packages are in that feed:

      • Splunk.Client: Client for the Splunk Enterprise REST API. This library is portable.

      • Splunk.ModularInputs: Functionality for building modular inputs.

        Note: Both packages are published to NuGet when the SDK is released.

    • Get the source

      Download the Splunk Enterprise SDK for C# ZIP file and extract the contents. If you are want to contribute to the Splunk Enterprise SDK for C#, clone the repository from GitHub.

Developer environments

The Splunk Enterprise SDK for C# supports development in the following environments:

  • Microsoft Visual Studio 2012 and later

    You must also install Code Contracts for .NET.

    Note: Close Visual Studio before installing Code Contracts. Otherwise, the installation will not work, despite appearing to.

    To run the unit tests, install an xUnit runner. If you use resharper, install its xUnit.net Test Support. Otherwise, install the xUnit.net runner for Visual Studio 2012 and 2013.

  • Xamarin Studio and Mono Develop

    You must set the MonoCS compilation constant in the project settings for Splunk.Client.csproj and Splunk.ModularInputs.csproj.

    To run the unit tests, download xUnit and run it using the command-line tools or GUI runner.

Build the SDK

To build the SDK, the examples, and the unit tests after extracting or cloning the SDK:

  1. At the root level of the splunk-sdk-csharp-pcl directory, open the splunk-sdk-csharp-pcl.sln file in Visual Studio.
  2. On the BUILD menu, click Build Solution.

Examples and unit tests

The Splunk Enterprise SDK for C# includes full unit tests that run using xunit as well as several examples.

Solution layout

Directory Description
/src
   Splunk.Client Client for the Splunk Enterprise REST API.
   Splunk.ModularInputs Functionality for building modular inputs.
   Splunk.Client.Helpers Helper utilities used by tests and samples.
/examples
   Windows8/Search Contains a Windows Store Search App.
   authenticate Connects to a Splunk Enterprise instance and retrieves a session token.
   list_apps Lists installed applications on a Splunk Enterprise instance.
   mock-context Demonstrates how to use the included HTTP record/play framework for unit tests.
   mock-interface Demonstrates how to mock the functional interface for Splunk Enterprise entities.
   mock-object Demontrates how to mock concrete SDK objects and create fake HTTP responses for unit tests.
   normal-search Performs a normal search against a Splunk Enterprise instance and retrieves results using enumeration and Rx.
   random-numbers Sample modular input that returns randomly-generated numbers.
   saved-searches Creates a saved search and retrieves results.
   search-export Creates a search and uses the Export endpoint to return results.
   search-realtime Creates a real-time search.
   search-response-message-stream Demonstrates how to run long-running search jobs and use Job.GetSearchReponseMessageAsync.
   search Performs a oneshot search.
   submit Creates an index, then sends events to it over HTTP.
/tests
   unit-tests Contains unit tests for all of the classes in the SDK. Does not require a Splunk Enterprise instance.
   acceptance-tests Contains end-to-end tests using the SDK. By default, these tests run against a Splunk Enterprise instance. You can also run tests in playback mode by setting MockContext.Mode to "Playback" in App.Config.

Changelog

The CHANGELOG contains a description of changes for each version of the SDK. For the latest version, see the CHANGELOG.md on GitHub.

Branches

The master branch represents a stable and released version of the SDK. To learn about our branching model, see Branching Model on GitHub.

Documentation and resources

Resource Description
Splunk Developer Portal General developer documentation, tools, and examples
Integrate the Splunk platform using development tools for .NET Documentation for .NET development
Splunk Enterprise SDK for C# Reference SDK API reference documentation
REST API Reference Manual Splunk REST API reference documentation
Splunk>Docs General documentation for the Splunk platform
GitHub Wiki Documentation for this SDK's repository on GitHub

Community

Stay connected with other developers building on the Splunk platform.

Contributions

If you would like to contribute to the SDK, see Contributing to Splunk. For additional guidelines, see CONTRIBUTING.

Support

  • You will be granted support if you or your company are already covered under an existing maintenance/support agreement. Submit a new case in the Support Portal and include "Splunk Enterprise SDK for C# PCL" in the subject line.

    If you are not covered under an existing maintenance/support agreement, you can find help through the broader community at Splunk Answers.

  • Splunk will NOT provide support for SDKs if the core library (the code in the 1. src directory) has been modified. If you modify an SDK and want support, you can find help through the broader community and Splunk Answers.

    We would also like to know why you modified the core library, so please send feedback to [email protected].

  • File any issues on GitHub.

Contact Us

You can reach the Splunk Developer Platform team at [email protected].

License

The Splunk Enterprise Software Development Kit for C# is licensed under the Apache License 2.0. See LICENSE for details.