Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
/**
* Submit a realtime search job exec_mode = normal , asynchronous
*/
public static void realTimeSearchExample() {
Service splunkService = connectAndLoginToSplunkExample();
JobArgs queryArgs = new JobArgs();
//5 minute sliding realtime window
queryArgs.setEarliestTime("rt-5m");
queryArgs.setLatestTime("rt");
queryArgs.setAutoCancel(3600);
// submit the job
Job job = splunkService.getJobs().create("search index=_internal",queryArgs);
// result params
JobResultsArgs outputArgs = new JobResultsArgs();
outputArgs.setOutputMode(OutputMode.RAW);
// variables used in the realtime polling logic
int resultsOffset = 0;
InputStream stream = null;
OutputStreamWriter writer = new OutputStreamWriter(System.out);
boolean pollRealtimeResults = true;
try {
while (pollRealtimeResults) {
job.refresh();
int resultsCount = job.getResultPreviewCount();
// wait for something to show up
if (resultsCount <= resultsOffset) {
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
}
continue;
}
// we have some realtime results ready, request "count" number of results from the "offset" mark
outputArgs.setCount(resultsCount);
outputArgs.setOffset(resultsOffset);
stream = job.getResultsPreview(outputArgs);
// stream results and write to STD OUT
try {
InputStreamReader reader = new InputStreamReader(stream);
int size = 1024;
char[] buffer = new char[size];
while (true) {
int count = reader.read(buffer);
if (count == -1)
break;
writer.write(buffer, 0, count);
}
writer.flush();
reader.close();
} catch (Exception e) {
}
// increment our results cursor
resultsOffset = resultsCount;
}
} finally {
try {
writer.close();
} catch (IOException e) {
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.