How to return results in less than 1 second from S...

Anton_Pushkar_ · ‎02-21-2022

I am trying to get 10 events from Splunk. But it takes more than 40 minutes when UI returns results less than 1 sec

        String token = "token";
        String host = "splunk.mycompany.com";
        Map<String, Object> result = new HashMap<>();
        result.put("host", host);
        result.put("token", token);
        HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);

        Service service = new Service(result);
        Job job = service.getJobs().create("search index=some_index earliest=-1h |head 10");
        while (!job.isReady()) {
            try {
                Thread.sleep(500); // 500 ms
            } catch (Exception e) {
                // Handle exception here.
            }
        }

        // Read results
        try {
            ResultsReader reader = new ResultsReaderXml(job.getEvents());

            // Iterate over events and print _raw field
            reader.forEach(event -> System.out.println(event.get("_raw")));

        } catch (Exception e) {
            // Handle exception here.
        }

What can be a cause of this? This code is from Splunk java sdk GitHub page. Token, host, etc. are changed from real to stub due to NDA

How to return results in less than 1 second from Splunk java SDK?

SDK

SplunkJS

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation