Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Java sdk and search query

ceziefula
New Member
‎05-29-2012 06:00 AM

Hi

I am new to splunk. I have acquired the SDK and I am trying to run tests to see if I can query our production installation easily.

I built the splunk java sdk. I am trying to test the examples namely search.jar. I am looking at the code in program.java and trying to send a search string to it. I am having no luck.

I have have put the authentication username and password in the splunkrc file and this works.

The search string among various I have tried is

earliest=-30m sourcetype="xreGuide" 76.26.116.49

I get error SEarch expression required.

Can someone please tell me how to simulate the search syntax on the command line to do a simple search.

Tags (3)
0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎08-13-2012 04:41 PM

There is now an extensive search how-to topic posted on the dev portal. See How to search your data using the Java SDK.

Reply

sdaniels
Splunk Employee
Splunk Employee
‎05-29-2012 06:17 AM

You'll need the command 'search' at the beginning, and include the search in double quotes as your program argument. The sample application assumes the first and only non-dashed argument qualifiers ("--") is passed in as the entire search string argument. So this is what you should use:

"sourcetype=xreGuide earliest=-1m |stats count by remote_ip"

Command line details below and a couple of examples. Get it working from command line and you should be fine. Something like this:

./splunk search "sourcetype=xreGuide earliest=-30m 76.26.116.49"

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CLIsearchsyntax

The bottom of this page on GitHub has some examples and documentation.

https://github.com/splunk/splunk-sdk-java

Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
Top