I need to create the socket communication interface between splunk server and non-splunk server.
I am using java sdk to interact with splunk and searching the data and exporting it in a file. now I need to send this file thru socket to other server.
I know how to use java SDK and I know socket programming in java and how to send file over socket but I am not able to connect socket programming with java SDK.
like in java sdk we can connet with Service class but in socket programming we connect to the machine with Socket class.
Can anyone help me merging these two things to that I can connect two machines over socket and I can search and extract the data from splunk.
Should be relatively simple :
1) open your connection to Splunk using Service class
2) open your socket connection to destination server using the Socket class
3) use the Splunk Service object to execute the search
4) read in the search results
5) perform any data transformation/filtering
6) write results out over the socket connection to the destination server.
Depending on the volumes of data , you might be able to skip writing to/reading from a file and just work in memory.
As in 4th step "read in the search result" I need to send result data in csv but with javasdk the search result reader is in XML so how can i get result in csv format?
Splunk Java SDK has a CSV Results Reader.
These results readers are not part of the main SDK, but are included in the com.splunk.external module in the splunk-external.jar file. The JSON and CSV results readers also require third-party tokenizers for parsing (gson-2.1.jar and opencsv-2.3.jar)
Specify output to be "csv" when submitting the search.
Args queryArgs = new Args();
Code example here : https://gist.github.com/3270825