Solved: Search on Java SDK, can get whole data

BenisLion · ‎08-15-2013

Hi, I am new to Splunk, And I'm trying to get the latest 6 months's data(about 11,000 datas), and store into Mongo db.
I've tried example codes. However, I find everytime I can only get about 1500 datas. I don't know why.
There's my codes.

public ResultsReaderJson getDataFromSplunk() {
    // Create a simple search job
    String searchquery="search *";
    Job job = conn.getService().getJobs().create(searchQuery);
    // Wait for the job to finish
    while (!job.isDone()) {
        try {
            Thread.sleep(500);
        } catch (InterruptedException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }

    // Specify JSON as the output mode for results
    JobResultsArgs resultsArgs = new JobResultsArgs();
    resultsArgs.setOutputMode(JobResultsArgs.OutputMode.JSON);

    // Display results in JSON using ResultsReaderJson
    InputStream jobResults = job.getResults(resultsArgs);
    ResultsReaderJson results = null;
    try {
        results = new ResultsReaderJson(jobResults);
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    return results;
}

I can't solve this problem by myself, and so I really need help. Thank you!

Damien_Dallimor · ‎08-18-2013

Look at this example for performing an export.

http://dev.splunk.com/view/SP-CAAAEHQ#exportjob

View solution in original post

Damien_Dallimor · ‎08-18-2013

Look at this example for performing an export.

http://dev.splunk.com/view/SP-CAAAEHQ#exportjob

Search on Java SDK, can get whole data

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!