/**
* Send data to server.
*
* @param string $message
*
* @return bool
*/
protected function send($message)
{
try {
$params = ['username' => $this->login, 'password' => $this->password, 'host' => $this->host, 'port' => 8089, 'scheme' => 'https'];
$splunkService = new \Splunk_Service($params);
$splunkService->login();
$params = ['source' => $this->project, 'sourcetype' => 'json_auto_timestamp', 'host' => gethostname() ?: null];
$splunkReceiver = $splunkService->getReceiver();
$result = $splunkReceiver->submit($message, $params);
return $result;
} catch (Exception $e) {
var_dump($e->getMessage());
}
return true;
//return $statusCode == 200;
}
/**
* Returns a Splunk_Service connected to a mock Http object.
*/
protected function loginToMockService($secondPostReturnValue = NULL, $secondPostExpectedArgs = NULL, $extraConnectArgs = array())
{
$http = $this->getMock('Splunk_Http');
$service = new Splunk_Service(array_merge(array('http' => $http), $extraConnectArgs));
$httpResponse = (object) array('status' => 200, 'reason' => 'OK', 'headers' => array(), 'body' => '
<response>
<sessionKey>' . SplunkTest::MOCK_SESSION_TOKEN . '</sessionKey>
</response>');
if ($secondPostReturnValue === NULL) {
$http->expects($this->once())->method('post')->will($this->returnValue($httpResponse));
} else {
$http->expects($this->at(0))->method('post')->will($this->returnValue($httpResponse))->with($this->anything());
$m = $http->expects($this->at(1))->method('post')->will($this->returnValue($secondPostReturnValue));
if ($secondPostExpectedArgs !== NULL) {
call_user_func_array(array($m, 'with'), $secondPostExpectedArgs);
}
}
$service->login();
return array($service, $http);
}
echo $run_time = "\r\n<br>开始:" . date('Y-m-d H:i:s') . ',生成时间:' . $get_date;
Common::TimedTaskLog($log_filename, $run_time);
$search = 'search send_host="107.150.99.249" AND ip_dst="10.11.3.120" earliest=' . date("m/d/Y:00:00:00", strtotime($get_date)) . ' latest=' . date("m/d/Y:23:59:59", strtotime($get_date)) . ' | where not like(ip_src," 10.11.3.%") | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_country send_host | eval IQR=p75-p25';
//$search = 'search send_host="107.150.99.249" AND ip_dst="10.11.3.120" earliest="08/03/2015:5:00:00" latest="08/04/2015:12:00:00" | where not like(ip_src," 10.11.3.%") | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_country send_host | eval IQR=p75-p25';
echo $search;
// Modify by zhouyf 2015-06-15 修改ip地址
//$search = 'search send_host="115.231.160.100" OR send_host="119.97.132.122" OR send_host="218.60.24.70" OR send_host="117.27.155.52" OR send_host="58.22.107.133" OR send_host="221.228.81.164" earliest='.date("m/d/Y:00:00:00",strtotime($get_date)).' latest='.date("m/d/Y:23:59:59",strtotime($get_date)).' | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_region send_host | eval IQR=p75-p25';
//$search = 'search send_host="115.231.160.100" earliest="05/28/2015:5:00:00" latest="05/28/2015:10:00:00" | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_region send_host | eval IQR=p75-p25'; $search = 'search send_host="115.231.160.100" earliest="05/27/2015:12:00:00" latest="05/27/2015:16:00:00" | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_region send_host | eval IQR=p75-p25';
//echo '<br>'.$search;
$s_time = microtime(true);
if ($search !== '') {
try {
// Login and start search job
$service = new Splunk_Service($SplunkExamples_connectArguments);
// (NOTE: Can throw HTTP 401 if bad credentials)
$service->login();
// (NOTE: Can throw HTTP 400 if search command not recognized)
$job = $service->getJobs()->create($search, array('exec_mode' => 'blocking'));
// (NOTE: Can throw HTTP 400 if search command arguments not recognized)
$results = $job->getResults();
//echo '<br>results';
//var_dump($results);
$messages = array();
} catch (Exception $e) {
// Generate fake result that contains the exception message
$results = array();
$e_time = microtime(true);
echo $log_content = '<br>Splunk error info:' . $e->getMessage() . '<br>run_time:' . ($e_time - $s_time);
Common::TimedTaskLog($log_filename, $log_content);
exit;
}
