splunk / splunk-sdk-csharp-pcl

Splunk's next generation C# SDK
https://dev.splunk.com/enterprise/docs/csharp
Apache License 2.0
64 stars 46 forks source link

Splunk Enterprise SDK for C

Version 2.2.9

Deprecation Notice

Please note that the Splunk Enterprise SDK for C# v2.x is deprecated.

What deprecation means

  • Splunk will no longer provide any feature enhancements, bug fixes and support to the Splunk Enterprise SDK for C# v2.x.
  • The resources relating to the Splunk Enterprise SDK for C# v2.x will soon be removed from dev.splunk.com and will only be available in the GitHub repository.
  • Apps that use the Splunk Enterprise SDK for C# v2.x will continue to work as they do now.
  • The Splunk Enterprise SDK for C# v2.x project will continue to be available as an archived repo on GitHub, should developers want to clone or fork the project.

Recommendation for new app development and app updates

Splunk is no longer investing in the Splunk Enterprise SDK for C# v2.x. We recommend that any app development be done using these other approaches:

For existing apps that use the Splunk Enterprise SDK for C# v2.x, we request that developers update their apps to use one of the above approaches. We encourage you to post your feedback and questions regarding this to Splunk Answers in the "Splunk Development" community with the tag splunk-csharp-sdk.

The Splunk Enterprise Software Development Kit (SDK) for C# contains library code and examples designed to enable developers to build applications using the Splunk platform.

The Splunk platform is a search engine and analytic environment that uses a distributed map-reduce architecture to efficiently index, search, and process large time-varying data sets.

The Splunk platform is popular with system administrators for aggregation and monitoring of IT machine data, security, compliance, and a wide variety of other scenarios that share a requirement to efficiently index, search, analyze, and generate real-time notifications from large volumes of time-series data.

The Splunk developer platform enables developers to take advantage of the same technology used by the Splunk platform to build exciting new applications.

For more information, see Splunk Enterprise SDK for C# on the Splunk Developer Portal.

What's new in Version 2.x

Version 2.0 introduces new modern APIs that leverage the latest .NET platform advancements.

Below is an example of a simple one shot search:

using Splunk.Client;

var service = new Service(new Uri("https://localhost:8089"));

//login
await service.LogOnAsync("admin", "changeme");

//create a One Shot Search and retrieve the results
var searchResults = await service.SearchOneShotSearchAsync("search index=_internal | head 10");

//loop through the results
foreach (var result in searchResults)
{
    //write out the raw event
    Console.WriteLine(string.Format("{0:D8}: {1}", ++recordNumber, result.GetValue("_raw")));
}

Supported platforms

This SDK supports .NET 4.5/Mono 3.4, PCL (Windows 8.1), iOS (via Xamarin.iOS), and Android (via Xamarin.Android) platforms.

Compatibility

The Splunk Enterprise SDK for C# version 2.x is a rewrite of the 1.x SDK, and introduces completely new APIs.

Important: Applications built with Splunk Enterprise SDK for C# version 1.x will not recompile using Splunk Enterprise SDK for C# version 2.xf.

Splunk Enterprise SDK for C# version 2.x includes a subset of the capability in version 1.0 of the SDK, and focuses on the most common customer scenarios. The major focus areas are search, search jobs, configuration, and modular inputs.

The areas that are covered are:

See the Splunk REST API Coverage for details.

Getting started with the Splunk Enterprise SDK for C

The Splunk Enterprise SDK for C# contains library code and examples that show how to programmatically interact with the Splunk platform for a variety of scenarios including searching, saved searches, data inputs, and many more, along with building complete applications.

Requirements

Here's what you need to get going with the Splunk Enterprise SDK for C# version 2.x.

Developer environments

The Splunk Enterprise SDK for C# supports development in the following environments:

Build the SDK

To build the SDK, the examples, and the unit tests after extracting or cloning the SDK:

  1. At the root level of the splunk-sdk-csharp-pcl directory, open the splunk-sdk-csharp-pcl.sln file in Visual Studio.
  2. On the BUILD menu, click Build Solution.

Examples and unit tests

The Splunk Enterprise SDK for C# includes full unit tests that run using xunit as well as several examples.

Solution layout

Directory Description
/src
   Splunk.Client Client for the Splunk Enterprise REST API.
   Splunk.ModularInputs Functionality for building modular inputs.
   Splunk.Client.Helpers Helper utilities used by tests and samples.
/examples
   Windows8/Search Contains a Windows Store Search App.
   authenticate Connects to a Splunk Enterprise instance and retrieves a session token.
   list_apps Lists installed applications on a Splunk Enterprise instance.
   mock-context Demonstrates how to use the included HTTP record/play framework for unit tests.
   mock-interface Demonstrates how to mock the functional interface for Splunk Enterprise entities.
   mock-object Demontrates how to mock concrete SDK objects and create fake HTTP responses for unit tests.
   normal-search Performs a normal search against a Splunk Enterprise instance and retrieves results using enumeration and Rx.
   random-numbers Sample modular input that returns randomly-generated numbers.
   saved-searches Creates a saved search and retrieves results.
   search-export Creates a search and uses the Export endpoint to return results.
   search-realtime Creates a real-time search.
   search-response-message-stream Demonstrates how to run long-running search jobs and use Job.GetSearchReponseMessageAsync.
   search Performs a oneshot search.
   submit Creates an index, then sends events to it over HTTP.
/tests
   unit-tests Contains unit tests for all of the classes in the SDK. Does not require a Splunk Enterprise instance.
   acceptance-tests Contains end-to-end tests using the SDK. By default, these tests run against a Splunk Enterprise instance. You can also run tests in playback mode by setting MockContext.Mode to "Playback" in App.Config.

Changelog

The CHANGELOG contains a description of changes for each version of the SDK. For the latest version, see the CHANGELOG.md on GitHub.

Branches

The master branch represents a stable and released version of the SDK. To learn about our branching model, see Branching Model on GitHub.

Documentation and resources

Resource Description
Splunk Developer Portal General developer documentation, tools, and examples
Integrate the Splunk platform using development tools for .NET Documentation for .NET development
Splunk Enterprise SDK for C# Reference SDK API reference documentation
REST API Reference Manual Splunk REST API reference documentation
Splunk>Docs General documentation for the Splunk platform
GitHub Wiki Documentation for this SDK's repository on GitHub

Community

Stay connected with other developers building on the Splunk platform.

Contributions

If you would like to contribute to the SDK, see Contributing to Splunk. For additional guidelines, see CONTRIBUTING.

Support

Contact Us

You can reach the Splunk Developer Platform team at devinfo@splunk.com.

License

The Splunk Enterprise Software Development Kit for C# is licensed under the Apache License 2.0. See LICENSE for details.