splunk draw (development)

LauraBre · ‎08-23-2012

Hi,

I want to draw a graph but the chart that it appears is different of the chart which appears in splunk. I don't understand why because I test with other requests and it works so I want to know if it's a problem in syntax or, in splunk when I launch my search I have this "[subsearch]: Your timerange was substituted based on your search string Your timerange was substituted based on your search string" so it can be come from that?

Thx by advance,

Laura

package net.awl.bfi.splunk;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.util.Enumeration;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.splunk.Job;
import com.splunk.Service;

public class SplunkServlet extends HttpServlet {

    /**
     * 
     */
    private static final long serialVersionUID = 1L;

    private static String getContent() {
        Service service = new Service("odpcil01b", 8089);
        service.login("a532136", "admin");

        Job job = service
                .getJobs()
//              .create("search source=\"tcp:5540\" tkn Service_Type=\"*\" | timechart count(Service_Type) by Requester");
                .create("search source=\"laura_acs\" BCF=\"*\" earliest=-0d@d latest=now | multikv | eval ReportKey=today | append [search source=\"laura_acs\" BCF=\"*\" earliest=-1d@d latest=-0d@d| multikv | eval ReportKey=yesterday ] | append [search source=\"laura_acs\" BCF=* earliest=-7d@d latest=now| multikv | eval ReportKey=\"last 7 days\" ]|DEDUP ID_TRANS| timechart span=5m count as \"Nb transactions\"  by ReportKey");

        InputStream in = job.getTimeline();
        BufferedReader br = new BufferedReader(new InputStreamReader((in)));

        String output;
        System.out.println("Output from Server .... \n");
        StringBuffer buffer = new StringBuffer();
        try {
            while ((output = br.readLine()) != null) {
                buffer.append(output + "\n");
            }
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        return buffer.toString();
    }

    public void doGet(HttpServletRequest req, HttpServletResponse response)
            throws ServletException, IOException {

        response.setContentType("application/json");
        PrintWriter out = response.getWriter();
        out.println(getContent());


    }

    public void doPost(HttpServletRequest req, HttpServletResponse res) {
        System.out.println("do post proxy");
        Enumeration headerNames = req.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String headerName = (String) headerNames.nextElement();
            System.out.println(headerName);
            System.out.println(req.getHeader(headerName));
        }
    }
}

dart · ‎10-09-2012

Looks like you're getting the timeline, not the results. Try switching out getTimeLine for getResults

splunk draw (development)

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Are you a member of the Splunk Community?

splunk draw (development)

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...