Developing for Splunk Enterprise
Highlighted

Splunk socket programming with java SDK

Contributor

I need to create the socket communication interface between splunk server and non-splunk server.
I am using java sdk to interact with splunk and searching the data and exporting it in a file. now I need to send this file thru socket to other server.
I know how to use java SDK and I know socket programming in java and how to send file over socket but I am not able to connect socket programming with java SDK.
like in java sdk we can connet with Service class but in socket programming we connect to the machine with Socket class.
Can anyone help me merging these two things to that I can connect two machines over socket and I can search and extract the data from splunk.
Thanks,

Tags (3)
0 Karma
Highlighted

Re: Splunk socket programming with java SDK

Ultra Champion

Should be relatively simple :

1) open your connection to Splunk using Service class
2) open your socket connection to destination server using the Socket class
3) use the Splunk Service object to execute the search
4) read in the search results
5) perform any data transformation/filtering
6) write results out over the socket connection to the destination server.

Depending on the volumes of data , you might be able to skip writing to/reading from a file and just work in memory.

View solution in original post

Highlighted

Re: Splunk socket programming with java SDK

Contributor

As in 4th step "read in the search result" I need to send result data in csv but with javasdk the search result reader is in XML so how can i get result in csv format?

0 Karma
Highlighted

Re: Splunk socket programming with java SDK

Ultra Champion

Splunk Java SDK has a CSV Results Reader.

https://github.com/splunk/splunk-sdk-java/tree/master/splunk-external/com/splunk/external

These results readers are not part of the main SDK, but are included in the com.splunk.external module in the splunk-external.jar file. The JSON and CSV results readers also require third-party tokenizers for parsing (gson-2.1.jar and opencsv-2.3.jar)

Specify output to be "csv" when submitting the search.

Args queryArgs = new Args();
queryArgs.put("output_mode", "csv");

Code example here : https://gist.github.com/3270825

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.