Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
/**
* Saved Search with dynamic search arguments example
*/
public static void savedSearchWithRuntimeArgsExample() {
Service splunkService = connectAndLoginToSplunkExample();
String myQuery = "search index=_internal sourcetype=$args.mysourcetype$ | head 5";
String mySearchName = "My Test Search";
//create the saved search
SavedSearch savedSearch = splunkService.getSavedSearches().create(mySearchName, myQuery);
// Set the arguments for dispatching the saved search
SavedSearchDispatchArgs dispatchArgs = new SavedSearchDispatchArgs();
// These attributes have setter methods
dispatchArgs.setDispatchEarliestTime("-20m@m");
dispatchArgs.setDispatchLatestTime("now");
// This attribute is set using generic key-value pair
dispatchArgs.add("span", "5min");
// The value of the field variable "mysourcetype" is also set as a key-value pair
dispatchArgs.add("args.mysourcetype", "splunkd");
try {
//dispatch the search job
Job jobSavedSearch = savedSearch.dispatch(dispatchArgs);
while (!jobSavedSearch.isDone()) {
try {
Thread.sleep(500);
} catch (Exception e) {
}
}
processInputStream(jobSavedSearch.getResults(), OutputMode.XML);
} catch (Exception e) {
}
//remove the saved search
splunkService.getSavedSearches().remove(mySearchName);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.