Skip to content

Instantly share code, notes, and snippets.

Damien Dallimore damiendallimore

View GitHub Profile
View LogEventToSplunkExample.java
/**
* Logs an event to Splunk using the receivers/simple endpoint
*/
public static void logEventToSplunkExample() {
Service splunkService = connectAndLoginToSplunkExample();
// Get a Receiver object
Receiver receiver = splunkService.getReceiver();
// Set the sourcetype
View PrintRawResults.java
private static void printRawResults(InputStream stream) {
OutputStreamWriter writer = new OutputStreamWriter(System.out);
// stream results and write to STD OUT
try {
InputStreamReader reader = new InputStreamReader(stream);
int size = 1024;
char[] buffer = new char[size];
while (true) {
View AsyncSearchJobExample.java
/**
* Submit a search job exec_mode = normal , asynchronous
*/
public static void asyncSearchJobExample() {
Service splunkService = connectAndLoginToSplunkExample();
OutputMode outputMode = OutputMode.JSON;// xml,json,csv
JobArgs queryArgs = new JobArgs();
View RealTimeSearchExample.java
/**
* Submit a realtime search job exec_mode = normal , asynchronous
*/
public static void realTimeSearchExample() {
Service splunkService = connectAndLoginToSplunkExample();
JobArgs queryArgs = new JobArgs();
//5 minute sliding realtime window
View ExportSearchExample.java
/**
* Export search, no job SID is returned , synchronous
*/
public static void exportSearchExample() {
Service splunkService = connectAndLoginToSplunkExample();
String searchQuery = "search index=_internal * | head 10";
JobArgs queryArgs = new JobArgs();
queryArgs.setEarliestTime("-1d@d");
queryArgs.setLatestTime("now");
View SearchJobWithPagingExample.java
/**
* Submit a search job and page through results exec_mode = normal ,
* asynchronous
*
* The maximum number of events you can retrieve at a time is determined by
* the maxresultrows field, which is specified in a Splunk configuration
* file. The default value is 50000, but we don't recommend you change this.
* So, what if your job has more events than this limit? No problem--just
* retrieve your events in sets, using the count and offset attributes. Set
* the count (the number of events in a set) to maxresultrows, and increment
View SavedSearchExample.java
/**
* Saved Search Example
*/
public static void savedSearchExample() {
Service splunkService = connectAndLoginToSplunkExample();
String myQuery = "search index=_internal * | head 5";
String mySearchName = "My Test Search";
//create a new saved search
View SavedSearchWithRuntimeArgsExample.java
/**
* Saved Search with dynamic search arguments example
*/
public static void savedSearchWithRuntimeArgsExample() {
Service splunkService = connectAndLoginToSplunkExample();
String myQuery = "search index=_internal sourcetype=$args.mysourcetype$ | head 5";
String mySearchName = "My Test Search";
//create the saved search
View ProcessInputStream.java
/**
* Print out the results using an appropriate ResultsReader for the passed
* output mode.
*
* Using incremental streaming , data is parsed and returned in key-value
* pairs
*
* The JSON and CSV results readers requires an external jar (gson-2.1.jar,
* opencsv-2.3.jar) for json and csv parsing and is not part of the base
* Splunk Java SDK. These readers are found in the "com.splunk.external"
View NamespaceCreateEntityExample.java
/**
* Create an object(a saved search) in a namespace
*/
private static void namespaceCreateEntityExample() {
Service splunkService = connectAndLoginToSplunkExample();
ServiceArgs namespace = new ServiceArgs();
namespace.setOwner("admin");
namespace.setApp("search");
SavedSearchCollection savedSearches = splunkService.getSavedSearches(namespace);
You can’t perform that action at this time.