Skip to content

Instantly share code, notes, and snippets.

Damien Dallimore damiendallimore

Block or report user

Report or block damiendallimore

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View LogEventToSplunkExample.java
/**
* Logs an event to Splunk using the receivers/simple endpoint
*/
public static void logEventToSplunkExample() {
Service splunkService = connectAndLoginToSplunkExample();
// Get a Receiver object
Receiver receiver = splunkService.getReceiver();
// Set the sourcetype
View PrintRawResults.java
private static void printRawResults(InputStream stream) {
OutputStreamWriter writer = new OutputStreamWriter(System.out);
// stream results and write to STD OUT
try {
InputStreamReader reader = new InputStreamReader(stream);
int size = 1024;
char[] buffer = new char[size];
while (true) {
View AsyncSearchJobExample.java
/**
* Submit a search job exec_mode = normal , asynchronous
*/
public static void asyncSearchJobExample() {
Service splunkService = connectAndLoginToSplunkExample();
OutputMode outputMode = OutputMode.JSON;// xml,json,csv
JobArgs queryArgs = new JobArgs();
View RealTimeSearchExample.java
/**
* Submit a realtime search job exec_mode = normal , asynchronous
*/
public static void realTimeSearchExample() {
Service splunkService = connectAndLoginToSplunkExample();
JobArgs queryArgs = new JobArgs();
//5 minute sliding realtime window
View ExportSearchExample.java
/**
* Export search, no job SID is returned , synchronous
*/
public static void exportSearchExample() {
Service splunkService = connectAndLoginToSplunkExample();
String searchQuery = "search index=_internal * | head 10";
JobArgs queryArgs = new JobArgs();
queryArgs.setEarliestTime("-1d@d");
queryArgs.setLatestTime("now");
View SearchJobWithPagingExample.java
/**
* Submit a search job and page through results exec_mode = normal ,
* asynchronous
*
* The maximum number of events you can retrieve at a time is determined by
* the maxresultrows field, which is specified in a Splunk configuration
* file. The default value is 50000, but we don't recommend you change this.
* So, what if your job has more events than this limit? No problem--just
* retrieve your events in sets, using the count and offset attributes. Set
* the count (the number of events in a set) to maxresultrows, and increment
View SavedSearchExample.java
/**
* Saved Search Example
*/
public static void savedSearchExample() {
Service splunkService = connectAndLoginToSplunkExample();
String myQuery = "search index=_internal * | head 5";
String mySearchName = "My Test Search";
//create a new saved search
View SavedSearchWithRuntimeArgsExample.java
/**
* Saved Search with dynamic search arguments example
*/
public static void savedSearchWithRuntimeArgsExample() {
Service splunkService = connectAndLoginToSplunkExample();
String myQuery = "search index=_internal sourcetype=$args.mysourcetype$ | head 5";
String mySearchName = "My Test Search";
//create the saved search
View ProcessInputStream.java
/**
* Print out the results using an appropriate ResultsReader for the passed
* output mode.
*
* Using incremental streaming , data is parsed and returned in key-value
* pairs
*
* The JSON and CSV results readers requires an external jar (gson-2.1.jar,
* opencsv-2.3.jar) for json and csv parsing and is not part of the base
* Splunk Java SDK. These readers are found in the "com.splunk.external"
View NamespaceCreateEntityExample.java
/**
* Create an object(a saved search) in a namespace
*/
private static void namespaceCreateEntityExample() {
Service splunkService = connectAndLoginToSplunkExample();
ServiceArgs namespace = new ServiceArgs();
namespace.setOwner("admin");
namespace.setApp("search");
SavedSearchCollection savedSearches = splunkService.getSavedSearches(namespace);
You can’t perform that action at this time.