Java SDK: Most efficient way to wait for a particu...

teresap · ‎01-23-2019

Some backstory:

I am writing end-to-end automation for a microservice that writes events to Splunk.
I use Java Splunk SDK version 1.6.3.0, which is the latest version stored on our artifactory
After I drop files in a particular folder on S3, our service calls various internal APIs and logs the status to Splunk.
After dropping the files, my automation needs to wait for a particular unique event to appear and then continues doing some internal validations.

I would like to be able to wait for a specific event to appear on Splunk, with a timeout of some number of seconds in case the event never happens. Currently I do this with a for loop and poll for the specified event to appear. However, I wonder if there might be a more efficient way to do this.

Here's a sample of an event I need to wait for:

{   
<snip/>
     file_url:   https://some.website/somefile.json 
     id:     12345  
     level:  30 
     msg:    File processing succeeded  
     name:   myservicename
<snip/>
}

And a sample query:

index=myindex sourcetype=myservicename msg="File processing succeeded" file_url="https://some.website/somefile.json" id="12345"

In this example, index, sourcetype, and msg are the same every time I run my test case. file_url and id are unique each time.

What is the recommended way to wait for a particular event? What kind of query is recommended (blocking/etc)?

Java SDK: Most efficient way to wait for a particular event

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation