Java sdk and search query

ceziefula · ‎05-29-2012

Hi

I am new to splunk. I have acquired the SDK and I am trying to run tests to see if I can query our production installation easily.

I built the splunk java sdk. I am trying to test the examples namely search.jar. I am looking at the code in program.java and trying to send a search string to it. I am having no luck.

I have have put the authentication username and password in the splunkrc file and this works.

The search string among various I have tried is

earliest=-30m sourcetype="xreGuide" 76.26.116.49

I get error SEarch expression required.

Can someone please tell me how to simulate the search syntax on the command line to do a simple search.

ChrisG · ‎08-13-2012

There is now an extensive search how-to topic posted on the dev portal. See How to search your data using the Java SDK.

sdaniels · ‎05-29-2012

You'll need the command 'search' at the beginning, and include the search in double quotes as your program argument. The sample application assumes the first and only non-dashed argument qualifiers ("--") is passed in as the entire search string argument. So this is what you should use:

"sourcetype=xreGuide earliest=-1m |stats count by remote_ip"

Command line details below and a couple of examples. Get it working from command line and you should be fine. Something like this:

./splunk search "sourcetype=xreGuide earliest=-30m 76.26.116.49"

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CLIsearchsyntax

The bottom of this page on GitHub has some examples and documentation.

https://github.com/splunk/splunk-sdk-java

Java sdk and search query

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms