- Splunk Answers
- :
- Using Splunk
- :
- Splunk Dev
- :
- Exception returned from Splunk when running simple...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Exception returned from Splunk when running simple search query via the splunk java sdk
Hi
I am running one of the simple search examples provided in the splunk Java SDK distribution:
public class Program {
public static void main(String[] args) {
try {
run(args);
}
catch (Exception e) {
e.printStackTrace();
System.exit(1);
}
}
static void run(String[] args) throws IOException {
Command command = Command.splunk("search");
command.parse(args);
if (command.args.length != 1)
Command.error("Search expression required");
String query = command.args[0];
Service service = Service.connect(command.opts);
// Check the syntax of the query.
try {
Args parseArgs = new Args("parse_only", true);
service.parse(query, parseArgs);
}
catch (HttpException e) {
String detail = e.getDetail();
Command.error("query '%s' is invalid: %s", query, detail);
}
// This is the simplest form of searching splunk. Note that additional
// arguments are allowed, but they are not shown in this example.
InputStream stream = service.oneshotSearch(query);
InputStreamReader reader = new InputStreamReader(stream, "UTF8");
try {
OutputStreamWriter writer = new OutputStreamWriter(System.out);
try {
int size = 1024;
char[] buffer = new char[size];
while (true) {
int count = reader.read(buffer);
if (count == -1) break;
writer.write(buffer, 0, count);
}
writer.write("\n");
}
finally {
writer.close();
}
}
finally {
reader.close();
}
}
}
When running the example from the command line as follows:
java com.splunk.examples.search_simple.Program "search * | head 10" --host=my_splunk_instance --port=80 --scheme=http
..I keep getting the following exception:
[Fatal Error] :1:50: White spaces are required between publicId and systemId.
com.splunk.HttpException: HTTP 400
at com.splunk.HttpException.create(HttpException.java:59)
at com.splunk.HttpService.send(HttpService.java:355)
at com.splunk.Service.send(Service.java:1203)
at com.splunk.HttpService.post(HttpService.java:212)
at com.splunk.Service.oneshotSearch(Service.java:1094)
at com.splunk.Service.oneshotSearch(Service.java:1115)
at com.splunk.examples.search_simple.Program.run(Program.java:70)
at com.splunk.examples.search_simple.Program.main(Program.java:34)
It appears as if the server is expecting the request in XML or JSON format. Any help much appreciated
Thanks
Joe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your command looks wrong, try this , replace with your actual enviornment values :
java com.splunk.examples.search_simple.Program "search * | head 10" --host=somehost --port=8089 --scheme=https --username=admin --password=somepass
Introducing the Splunk Community Dashboard Challenge!
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
