Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Java sdk and search query

ceziefula
New Member
‎05-29-2012 06:00 AM

Hi

I am new to splunk. I have acquired the SDK and I am trying to run tests to see if I can query our production installation easily.

I built the splunk java sdk. I am trying to test the examples namely search.jar. I am looking at the code in program.java and trying to send a search string to it. I am having no luck.

I have have put the authentication username and password in the splunkrc file and this works.

The search string among various I have tried is

earliest=-30m sourcetype="xreGuide" 76.26.116.49

I get error SEarch expression required.

Can someone please tell me how to simulate the search syntax on the command line to do a simple search.

Tags (3)
0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎08-13-2012 04:41 PM

There is now an extensive search how-to topic posted on the dev portal. See How to search your data using the Java SDK.

Reply

sdaniels
Splunk Employee
Splunk Employee
‎05-29-2012 06:17 AM

You'll need the command 'search' at the beginning, and include the search in double quotes as your program argument. The sample application assumes the first and only non-dashed argument qualifiers ("--") is passed in as the entire search string argument. So this is what you should use:

"sourcetype=xreGuide earliest=-1m |stats count by remote_ip"

Command line details below and a couple of examples. Get it working from command line and you should be fine. Something like this:

./splunk search "sourcetype=xreGuide earliest=-30m 76.26.116.49"

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CLIsearchsyntax

The bottom of this page on GitHub has some examples and documentation.

https://github.com/splunk/splunk-sdk-java

Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...