Some backstory:
- I am writing end-to-end automation for a microservice that writes events to Splunk.
- I use Java Splunk SDK version 1.6.3.0, which is the latest version stored on our artifactory
- After I drop files in a particular folder on S3, our service calls various internal APIs and logs the status to Splunk.
- After dropping the files, my automation needs to wait for a particular unique event to appear and then continues doing some internal validations.
I would like to be able to wait for a specific event to appear on Splunk, with a timeout of some number of seconds in case the event never happens. Currently I do this with a for loop and poll for the specified event to appear. However, I wonder if there might be a more efficient way to do this.
Here's a sample of an event I need to wait for:
{
<snip/>
file_url: https://some.website/somefile.json
id: 12345
level: 30
msg: File processing succeeded
name: myservicename
<snip/>
}
And a sample query:
index=myindex sourcetype=myservicename msg="File processing succeeded" file_url="https://some.website/somefile.json" id="12345"
In this example, index, sourcetype, and msg are the same every time I run my test case. file_url and id are unique each time.
What is the recommended way to wait for a particular event? What kind of query is recommended (blocking/etc)?
