Deployment Architecture

splunk draw (development)

LauraBre
Communicator

Hi,

I want to draw a graph but the chart that it appears is different of the chart which appears in splunk. I don't understand why because I test with other requests and it works so I want to know if it's a problem in syntax or, in splunk when I launch my search I have this "[subsearch]: Your timerange was substituted based on your search string Your timerange was substituted based on your search string" so it can be come from that?

Thx by advance,

Laura

package net.awl.bfi.splunk;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.util.Enumeration;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.splunk.Job;
import com.splunk.Service;

public class SplunkServlet extends HttpServlet {

    /**
     * 
     */
    private static final long serialVersionUID = 1L;

    private static String getContent() {
        Service service = new Service("odpcil01b", 8089);
        service.login("a532136", "admin");

        Job job = service
                .getJobs()
//              .create("search source=\"tcp:5540\" tkn Service_Type=\"*\" | timechart count(Service_Type) by Requester");
                .create("search source=\"laura_acs\" BCF=\"*\" earliest=-0d@d latest=now | multikv | eval ReportKey=today | append [search source=\"laura_acs\" BCF=\"*\" earliest=-1d@d latest=-0d@d| multikv | eval ReportKey=yesterday ] | append [search source=\"laura_acs\" BCF=* earliest=-7d@d latest=now| multikv | eval ReportKey=\"last 7 days\" ]|DEDUP ID_TRANS| timechart span=5m count as \"Nb transactions\"  by ReportKey");

        InputStream in = job.getTimeline();
        BufferedReader br = new BufferedReader(new InputStreamReader((in)));

        String output;
        System.out.println("Output from Server .... \n");
        StringBuffer buffer = new StringBuffer();
        try {
            while ((output = br.readLine()) != null) {
                buffer.append(output + "\n");
            }
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        return buffer.toString();
    }

    public void doGet(HttpServletRequest req, HttpServletResponse response)
            throws ServletException, IOException {

        response.setContentType("application/json");
        PrintWriter out = response.getWriter();
        out.println(getContent());


    }

    public void doPost(HttpServletRequest req, HttpServletResponse res) {
        System.out.println("do post proxy");
        Enumeration headerNames = req.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String headerName = (String) headerNames.nextElement();
            System.out.println(headerName);
            System.out.println(req.getHeader(headerName));
        }
    }
}
Tags (1)
0 Karma

dart
Splunk Employee
Splunk Employee

Looks like you're getting the timeline, not the results. Try switching out getTimeLine for getResults

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...