Splunk Dev

Splunk socket programming with java SDK

disha
Contributor

I need to create the socket communication interface between splunk server and non-splunk server.
I am using java sdk to interact with splunk and searching the data and exporting it in a file. now I need to send this file thru socket to other server.
I know how to use java SDK and I know socket programming in java and how to send file over socket but I am not able to connect socket programming with java SDK.
like in java sdk we can connet with Service class but in socket programming we connect to the machine with Socket class.
Can anyone help me merging these two things to that I can connect two machines over socket and I can search and extract the data from splunk.
Thanks,

Tags (3)
0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

Should be relatively simple :

1) open your connection to Splunk using Service class
2) open your socket connection to destination server using the Socket class
3) use the Splunk Service object to execute the search
4) read in the search results
5) perform any data transformation/filtering
6) write results out over the socket connection to the destination server.

Depending on the volumes of data , you might be able to skip writing to/reading from a file and just work in memory.

View solution in original post

Damien_Dallimor
Ultra Champion

Should be relatively simple :

1) open your connection to Splunk using Service class
2) open your socket connection to destination server using the Socket class
3) use the Splunk Service object to execute the search
4) read in the search results
5) perform any data transformation/filtering
6) write results out over the socket connection to the destination server.

Depending on the volumes of data , you might be able to skip writing to/reading from a file and just work in memory.

Damien_Dallimor
Ultra Champion

Splunk Java SDK has a CSV Results Reader.

https://github.com/splunk/splunk-sdk-java/tree/master/splunk-external/com/splunk/external

These results readers are not part of the main SDK, but are included in the com.splunk.external module in the splunk-external.jar file. The JSON and CSV results readers also require third-party tokenizers for parsing (gson-2.1.jar and opencsv-2.3.jar)

Specify output to be "csv" when submitting the search.

Args queryArgs = new Args();
queryArgs.put("output_mode", "csv");

Code example here : https://gist.github.com/3270825

0 Karma

disha
Contributor

As in 4th step "read in the search result" I need to send result data in csv but with javasdk the search result reader is in XML so how can i get result in csv format?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...