$search = 'search send_host="107.150.99.249" AND ip_dst="10.11.3.120" earliest=' . date("m/d/Y:00:00:00", strtotime($get_date)) . ' latest=' . date("m/d/Y:23:59:59", strtotime($get_date)) . ' | where not like(ip_src," 10.11.3.%") | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_country send_host | eval IQR=p75-p25'; //$search = 'search send_host="107.150.99.249" AND ip_dst="10.11.3.120" earliest="08/03/2015:5:00:00" latest="08/04/2015:12:00:00" | where not like(ip_src," 10.11.3.%") | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_country send_host | eval IQR=p75-p25'; echo $search; // Modify by zhouyf 2015-06-15 修改ip地址 //$search = 'search send_host="115.231.160.100" OR send_host="119.97.132.122" OR send_host="218.60.24.70" OR send_host="117.27.155.52" OR send_host="58.22.107.133" OR send_host="221.228.81.164" earliest='.date("m/d/Y:00:00:00",strtotime($get_date)).' latest='.date("m/d/Y:23:59:59",strtotime($get_date)).' | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_region send_host | eval IQR=p75-p25'; //$search = 'search send_host="115.231.160.100" earliest="05/28/2015:5:00:00" latest="05/28/2015:10:00:00" | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_region send_host | eval IQR=p75-p25'; $search = 'search send_host="115.231.160.100" earliest="05/27/2015:12:00:00" latest="05/27/2015:16:00:00" | lookup mygeocn clientip as ip_src | stats avg(rtt) as avg_rtt ,stdev(rtt) as stdev_rtt ,count as nums , median(rtt) as mrtt ,max(rtt) as max_rtt ,p25(rtt) as p25, p75(rtt) as p75 ,p95(rtt) as p95 , p99(rtt) as p99 by client_region send_host | eval IQR=p75-p25'; //echo '<br>'.$search; $s_time = microtime(true); if ($search !== '') { try { // Login and start search job $service = new Splunk_Service($SplunkExamples_connectArguments); // (NOTE: Can throw HTTP 401 if bad credentials) $service->login(); // (NOTE: Can throw HTTP 400 if search command not recognized) $job = $service->getJobs()->create($search, array('exec_mode' => 'blocking')); // (NOTE: Can throw HTTP 400 if search command arguments not recognized) $results = $job->getResults(); //echo '<br>results'; //var_dump($results); $messages = array(); } catch (Exception $e) { // Generate fake result that contains the exception message $results = array(); $e_time = microtime(true); echo $log_content = '<br>Splunk error info:' . $e->getMessage() . '<br>run_time:' . ($e_time - $s_time); Common::TimedTaskLog($log_filename, $log_content); exit; } $columnNames = NULL; #loop result
<?php require_once '../Splunk.php'; require_once 'settings.php'; $method = $_SERVER['REQUEST_METHOD']; $action = array_key_exists('action', $_REQUEST) ? $_REQUEST['action'] : 'help'; $id = array_key_exists('id', $_REQUEST) ? $_REQUEST['id'] : ''; $service = new Splunk_Service($SplunkExamples_connectArguments); // (NOTE: Can throw HTTP 401 if bad credentials) $service->login(); if ($id !== '') { $job = $service->getJobs()->get($id, Splunk_Namespace::createUser(NULL, NULL)); } if ($method === 'GET') { if ($action === 'help') { header('Location: list_jobs.php'); exit; } else { if ($action === 'view') { // (continue) } else { if ($action === 'pause') { $job->pause(); header('Location: list_jobs.php'); exit; } else { if ($action === 'unpause') { $job->unpause(); header('Location: list_jobs.php'); exit; } else {
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Jobs | Splunk SDK for PHP Examples</title> <link rel="stylesheet" type="text/css" href="shared/style.css" /> </head> <body> <?php require 'shared/navbar.php'; ?> <h2>Jobs</h2> <?php $service = new Splunk_Service($SplunkExamples_connectArguments); // (NOTE: Can throw HTTP 401 if bad credentials) $service->login(); // Get all jobs $jobs = $service->getJobs()->items(array('namespace' => Splunk_Namespace::createUser(NULL, NULL))); ?> <table class="table table-bordered table-striped"> <thead> <tr> <th>Search Expression</th> <th>Owner</th> <th>App</th> <th>Status</th> <th>Actions</th> </tr> </thead> <?php foreach ($jobs as $job) { echo '<tr><td>';
"/> <input type="submit" value="Search" class="btn"/> </form> <?php if ($search !== '') { ?> <h2>Progress</h2> <?php try { // Login and start search job $service = new Splunk_Service($SplunkExamples_connectArguments); // (NOTE: Can throw HTTP 401 if bad credentials) $service->login(); // (NOTE: Can throw HTTP 400 if search command not recognized) $job = $service->getJobs()->create($search); // Print progress of the job as it is running echo '<ul>'; while (!$job->isDone()) { echo '<li>'; printf("%03.1f%%", $job->getProgress() * 100); echo '</li>'; flush(); usleep(0.5 * 1000000); $job->refresh(); } echo '<li>Done</li>'; echo '</ul>'; // (NOTE: Can throw HTTP 400 if search command arguments not recognized) $results = $job->getResults(); $messages = array();