Splunk Dev

Splunk socket programming with java SDK

disha
Contributor

I need to create the socket communication interface between splunk server and non-splunk server.
I am using java sdk to interact with splunk and searching the data and exporting it in a file. now I need to send this file thru socket to other server.
I know how to use java SDK and I know socket programming in java and how to send file over socket but I am not able to connect socket programming with java SDK.
like in java sdk we can connet with Service class but in socket programming we connect to the machine with Socket class.
Can anyone help me merging these two things to that I can connect two machines over socket and I can search and extract the data from splunk.
Thanks,

Tags (3)
0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

Should be relatively simple :

1) open your connection to Splunk using Service class
2) open your socket connection to destination server using the Socket class
3) use the Splunk Service object to execute the search
4) read in the search results
5) perform any data transformation/filtering
6) write results out over the socket connection to the destination server.

Depending on the volumes of data , you might be able to skip writing to/reading from a file and just work in memory.

View solution in original post

Damien_Dallimor
Ultra Champion

Should be relatively simple :

1) open your connection to Splunk using Service class
2) open your socket connection to destination server using the Socket class
3) use the Splunk Service object to execute the search
4) read in the search results
5) perform any data transformation/filtering
6) write results out over the socket connection to the destination server.

Depending on the volumes of data , you might be able to skip writing to/reading from a file and just work in memory.

Damien_Dallimor
Ultra Champion

Splunk Java SDK has a CSV Results Reader.

https://github.com/splunk/splunk-sdk-java/tree/master/splunk-external/com/splunk/external

These results readers are not part of the main SDK, but are included in the com.splunk.external module in the splunk-external.jar file. The JSON and CSV results readers also require third-party tokenizers for parsing (gson-2.1.jar and opencsv-2.3.jar)

Specify output to be "csv" when submitting the search.

Args queryArgs = new Args();
queryArgs.put("output_mode", "csv");

Code example here : https://gist.github.com/3270825

0 Karma

disha
Contributor

As in 4th step "read in the search result" I need to send result data in csv but with javasdk the search result reader is in XML so how can i get result in csv format?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...