https://community.splunk.com/t5/Splunk-Dev/Java-sdk-and-search-query/m-p/62310#M857 <P>Hi</P> <P>I am new to splunk. I have acquired the SDK and I am trying to run tests to see if I can query our production installation easily.</P> <P>I built the splunk java sdk. I am trying to test the examples namely search.jar. I am looking at the code in program.java and trying to send a search string to it. I am having no luck.</P> <P>I have have put the authentication username and password in the splunkrc file and this works.</P> <P>The search string among various I have tried is </P> <P>earliest=-30m sourcetype="xreGuide" 76.26.116.49</P> <P>I get error SEarch expression required.</P> <P>Can someone please tell me how to simulate the search syntax on the command line to do a simple search.</P> Tue, 29 May 2012 13:00:04 GMT ceziefula 2012-05-29T13:00:04Z https://community.splunk.com/t5/Splunk-Dev/Java-sdk-and-search-query/m-p/62310#M857 <P>Hi</P> <P>I am new to splunk. I have acquired the SDK and I am trying to run tests to see if I can query our production installation easily.</P> <P>I built the splunk java sdk. I am trying to test the examples namely search.jar. I am looking at the code in program.java and trying to send a search string to it. I am having no luck.</P> <P>I have have put the authentication username and password in the splunkrc file and this works.</P> <P>The search string among various I have tried is </P> <P>earliest=-30m sourcetype="xreGuide" 76.26.116.49</P> <P>I get error SEarch expression required.</P> <P>Can someone please tell me how to simulate the search syntax on the command line to do a simple search.</P> Tue, 29 May 2012 13:00:04 GMT https://community.splunk.com/t5/Splunk-Dev/Java-sdk-and-search-query/m-p/62310#M857 ceziefula 2012-05-29T13:00:04Z https://community.splunk.com/t5/Splunk-Dev/Java-sdk-and-search-query/m-p/62311#M858 <P>You'll need the command 'search' at the beginning, and include the search in double quotes as your program argument. The sample application assumes the first and only non-dashed argument qualifiers ("--") is passed in as the entire search string argument. So this is what you should use:</P> <PRE><CODE>"sourcetype=xreGuide earliest=-1m |stats count by remote_ip" </CODE></PRE> <P>Command line details below and a couple of examples. Get it working from command line and you should be fine. Something like this: </P> <P>./splunk search "sourcetype=xreGuide earliest=-30m 76.26.116.49"</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CLIsearchsyntax">http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CLIsearchsyntax</A></P> <P>The bottom of this page on GitHub has some examples and documentation.</P> <P><A href="https://github.com/splunk/splunk-sdk-java">https://github.com/splunk/splunk-sdk-java</A></P> Tue, 29 May 2012 13:17:14 GMT https://community.splunk.com/t5/Splunk-Dev/Java-sdk-and-search-query/m-p/62311#M858 sdaniels 2012-05-29T13:17:14Z https://community.splunk.com/t5/Splunk-Dev/Java-sdk-and-search-query/m-p/62312#M859 <P>There is now an extensive search how-to topic posted on the dev portal. See <A href="http://dev.splunk.com/view/SP-CAAAEHQ">How to search your data using the Java SDK</A>.</P> Mon, 13 Aug 2012 23:41:47 GMT https://community.splunk.com/t5/Splunk-Dev/Java-sdk-and-search-query/m-p/62312#M859 ChrisG 2012-08-13T23:41:47Z