/** * Send data to server. * * @param string $message * * @return bool */ protected function send($message) { try { $params = ['username' => $this->login, 'password' => $this->password, 'host' => $this->host, 'port' => 8089, 'scheme' => 'https']; $splunkService = new \Splunk_Service($params); $splunkService->login(); $params = ['source' => $this->project, 'sourcetype' => 'json_auto_timestamp', 'host' => gethostname() ?: null]; $splunkReceiver = $splunkService->getReceiver(); $result = $splunkReceiver->submit($message, $params); return $result; } catch (Exception $e) { var_dump($e->getMessage()); } return true; //return $statusCode == 200; }
/** * Returns a Splunk_Service connected to a mock Http object. */ protected function loginToMockService($secondPostReturnValue = NULL, $secondPostExpectedArgs = NULL, $extraConnectArgs = array()) { $http = $this->getMock('Splunk_Http'); $service = new Splunk_Service(array_merge(array('http' => $http), $extraConnectArgs)); $httpResponse = (object) array('status' => 200, 'reason' => 'OK', 'headers' => array(), 'body' => ' <response> <sessionKey>' . SplunkTest::MOCK_SESSION_TOKEN . '</sessionKey> </response>'); if ($secondPostReturnValue === NULL) { $http->expects($this->once())->method('post')->will($this->returnValue($httpResponse)); } else { $http->expects($this->at(0))->method('post')->will($this->returnValue($httpResponse))->with($this->anything()); $m = $http->expects($this->at(1))->method('post')->will($this->returnValue($secondPostReturnValue)); if ($secondPostExpectedArgs !== NULL) { call_user_func_array(array($m, 'with'), $secondPostExpectedArgs); } } $service->login(); return array($service, $http); }
echo $run_time = "\r\n<br>开始:" . date('Y-m-d H:i:s') . ',生成时间:' . $get_date; Common::TimedTaskLog($log_filename, $run_time); $search = 'search send_host="107.150.99.249" AND ip_dst="10.11.3.120" earliest=' . date("m/d/Y:00:00:00", strtotime($get_date)) . ' latest=' . date("m/d/Y:23:59:59", strtotime($get_date)) . ' | where not like(ip_src," 10.11.3.%") | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_country send_host | eval IQR=p75-p25'; //$search = 'search send_host="107.150.99.249" AND ip_dst="10.11.3.120" earliest="08/03/2015:5:00:00" latest="08/04/2015:12:00:00" | where not like(ip_src," 10.11.3.%") | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_country send_host | eval IQR=p75-p25'; echo $search; // Modify by zhouyf 2015-06-15 修改ip地址 //$search = 'search send_host="115.231.160.100" OR send_host="119.97.132.122" OR send_host="218.60.24.70" OR send_host="117.27.155.52" OR send_host="58.22.107.133" OR send_host="221.228.81.164" earliest='.date("m/d/Y:00:00:00",strtotime($get_date)).' latest='.date("m/d/Y:23:59:59",strtotime($get_date)).' | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_region send_host | eval IQR=p75-p25'; //$search = 'search send_host="115.231.160.100" earliest="05/28/2015:5:00:00" latest="05/28/2015:10:00:00" | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_region send_host | eval IQR=p75-p25'; $search = 'search send_host="115.231.160.100" earliest="05/27/2015:12:00:00" latest="05/27/2015:16:00:00" | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_region send_host | eval IQR=p75-p25'; //echo '<br>'.$search; $s_time = microtime(true); if ($search !== '') { try { // Login and start search job $service = new Splunk_Service($SplunkExamples_connectArguments); // (NOTE: Can throw HTTP 401 if bad credentials) $service->login(); // (NOTE: Can throw HTTP 400 if search command not recognized) $job = $service->getJobs()->create($search, array('exec_mode' => 'blocking')); // (NOTE: Can throw HTTP 400 if search command arguments not recognized) $results = $job->getResults(); //echo '<br>results'; //var_dump($results); $messages = array(); } catch (Exception $e) { // Generate fake result that contains the exception message $results = array(); $e_time = microtime(true); echo $log_content = '<br>Splunk error info:' . $e->getMessage() . '<br>run_time:' . ($e_time - $s_time); Common::TimedTaskLog($log_filename, $log_content); exit; }