Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Java sdk and search query

ceziefula
New Member
‎05-29-2012 06:00 AM

Hi

I am new to splunk. I have acquired the SDK and I am trying to run tests to see if I can query our production installation easily.

I built the splunk java sdk. I am trying to test the examples namely search.jar. I am looking at the code in program.java and trying to send a search string to it. I am having no luck.

I have have put the authentication username and password in the splunkrc file and this works.

The search string among various I have tried is

earliest=-30m sourcetype="xreGuide" 76.26.116.49

I get error SEarch expression required.

Can someone please tell me how to simulate the search syntax on the command line to do a simple search.

Tags (3)
0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎08-13-2012 04:41 PM

There is now an extensive search how-to topic posted on the dev portal. See How to search your data using the Java SDK.

Reply

sdaniels
Splunk Employee
Splunk Employee
‎05-29-2012 06:17 AM

You'll need the command 'search' at the beginning, and include the search in double quotes as your program argument. The sample application assumes the first and only non-dashed argument qualifiers ("--") is passed in as the entire search string argument. So this is what you should use:

"sourcetype=xreGuide earliest=-1m |stats count by remote_ip"

Command line details below and a couple of examples. Get it working from command line and you should be fine. Something like this:

./splunk search "sourcetype=xreGuide earliest=-30m 76.26.116.49"

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CLIsearchsyntax

The bottom of this page on GitHub has some examples and documentation.

https://github.com/splunk/splunk-sdk-java

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...