Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting no results using Splunk JAVA SDK to run a search query with the stats command?

tmurray3
Path Finder
‎09-29-2014 03:02 PM

I am trying to use the JAVA Splunk SDK to run a query and return the results. I can get the events of the search returned if I use the search query: 

String mySearch = "search index=auth \"Start:*.*\"";

However, when I try to use the stats commands with the above query, I get no results:

String mySearch = "search index=auth \"Start:*.*\" | stats count by TypeOfService";

I have tried various approaches, but unable to get the results.

Here is my latest code example:

public void search() {
    String mySearch = "search index=auth \"Start:*.*\" | stats count by TypeOfService";
    JobArgs jobArgs = new JobArgs();
    jobArgs.setEarliestTime("-1m");
    jobArgs.setLatestTime("now");
    Job job = service.getJobs().create(mySearch,jobArgs);

    // Wait for the job to finish
    while (!job.isDone()) {
        try {
            Thread.sleep(500);
        } catch (InterruptedException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }

    // Specify JSON as the output mode for results
    JobResultsArgs resultsArgs = new JobResultsArgs();
    resultsArgs.setOutputMode(JobResultsArgs.OutputMode.JSON);

    // Display results in JSON using ResultsReaderJson
    InputStream results = job.getResults(resultsArgs);
    ResultsReaderJson resultsReader=null;
    try {
        resultsReader = new ResultsReaderJson(results);
        HashMap<String, String> event;
        System.out.println("\nFormatted results from the search job as JSON\n");
        while ((event = resultsReader.getNextEvent()) != null) {
            for (String key: event.keySet())
                System.out.println("   " + key + ":  " + event.get(key));
        }
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } finally {

        try {
            resultsReader.close();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }
Tags (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

tmurray3
Path Finder
‎09-30-2014 07:59 AM

The problem was related to the TypeOfService in the "stats count by TypeOfService" clause. The permissions on the field extraction TypeOfService was private and specific to an APP. I updated the permissions to Global (All apps), and was able to get the expected results.

View solution in original post

Reply
Solved! Jump to solution
Solution

tmurray3
Path Finder
‎09-30-2014 07:59 AM

The problem was related to the TypeOfService in the "stats count by TypeOfService" clause. The permissions on the field extraction TypeOfService was private and specific to an APP. I updated the permissions to Global (All apps), and was able to get the expected results.

Reply
Get Updates on the Splunk Community!

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...