Re: splunk draw (development)

LauraBre · ‎08-23-2012

Hi,

I want to draw a graph but the chart that it appears is different of the chart which appears in splunk. I don't understand why because I test with other requests and it works so I want to know if it's a problem in syntax or, in splunk when I launch my search I have this "[subsearch]: Your timerange was substituted based on your search string Your timerange was substituted based on your search string" so it can be come from that?

Thx by advance,

Laura

package net.awl.bfi.splunk;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.util.Enumeration;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.splunk.Job;
import com.splunk.Service;

public class SplunkServlet extends HttpServlet {

    /**
     * 
     */
    private static final long serialVersionUID = 1L;

    private static String getContent() {
        Service service = new Service("odpcil01b", 8089);
        service.login("a532136", "admin");

        Job job = service
                .getJobs()
//              .create("search source=\"tcp:5540\" tkn Service_Type=\"*\" | timechart count(Service_Type) by Requester");
                .create("search source=\"laura_acs\" BCF=\"*\" earliest=-0d@d latest=now | multikv | eval ReportKey=today | append [search source=\"laura_acs\" BCF=\"*\" earliest=-1d@d latest=-0d@d| multikv | eval ReportKey=yesterday ] | append [search source=\"laura_acs\" BCF=* earliest=-7d@d latest=now| multikv | eval ReportKey=\"last 7 days\" ]|DEDUP ID_TRANS| timechart span=5m count as \"Nb transactions\"  by ReportKey");

        InputStream in = job.getTimeline();
        BufferedReader br = new BufferedReader(new InputStreamReader((in)));

        String output;
        System.out.println("Output from Server .... \n");
        StringBuffer buffer = new StringBuffer();
        try {
            while ((output = br.readLine()) != null) {
                buffer.append(output + "\n");
            }
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        return buffer.toString();
    }

    public void doGet(HttpServletRequest req, HttpServletResponse response)
            throws ServletException, IOException {

        response.setContentType("application/json");
        PrintWriter out = response.getWriter();
        out.println(getContent());


    }

    public void doPost(HttpServletRequest req, HttpServletResponse res) {
        System.out.println("do post proxy");
        Enumeration headerNames = req.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String headerName = (String) headerNames.nextElement();
            System.out.println(headerName);
            System.out.println(req.getHeader(headerName));
        }
    }
}

dart · ‎10-09-2012

Looks like you're getting the timeline, not the results. Try switching out getTimeLine for getResults

splunk draw (development)

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation