Solved: Problem running search Sample from SDK - Query err...

wajihullahbaig · ‎03-22-2012

I am having problems running the search sample provided with the Java SDK. Which resides on my disk here

H:\splunk-splunk-sdk-java-0.1.0-3-gc7767c5\splunk-splunk-sdk-java-c7767c5\examples\search\com\splunk\sdk\search

Now, when I try to run the program I keep getting the and exception is caught.

    static void run(String[] args) throws IOException {
        Command command = Command.splunk("search");
        command.addRule("count", Integer.class, resultsCount);
        command.addRule("earliest_time", String.class, earliestTime);
        command.addRule("field_list", String.class, fieldListText);
        command.addRule("latest_time", String.class, latestTime);
        command.addRule("offset", Integer.class, offset);
        command.addRule("output", String.class, outputText);
        command.addRule("output_mode", String.class, outputModeText);
        command.addRule("status_buckets", Integer.class, statusBucketsText);
        command.addRule("verbose", "Display search progress");


       command.parse(args);

        if (command.args.length != 1)
            Command.error("Search e

xpression required");
    String query = command.args[0];

    int resultsCount = 100;
    if (command.opts.containsKey("count"))
        resultsCount = (Integer)command.opts.get("count");

    String earliestTime = null;
    if (command.opts.containsKey("earliest_time"))
        earliestTime = (String)command.opts.get("earliest_time");

    String fieldList = null;
    if (command.opts.containsKey("field_list"))
        fieldList = (String)command.opts.get("field_list");

    String latestTime = null;
    if (command.opts.containsKey("latest_time"))
        earliestTime = (String)command.opts.get("latest_time");

    int offset = 0;
    if (command.opts.containsKey("offset"))
        offset = (Integer)command.opts.get("offset");

    String output = "results";
    if (command.opts.containsKey("output")) {
        output = (String)command.opts.get("output");
        if (!Arrays.asList(outputChoices).contains(output))
            Command.error("Unsupported output: '%s'", output);
    }

    String outputMode = "xml";
    if (command.opts.containsKey("output_mode"))
        outputMode = (String)command.opts.get("output_mode");

    int statusBuckets = 0;
    if (command.opts.containsKey("status_buckets"))
        statusBuckets = (Integer)command.opts.get("status_buckets");

    boolean verbose = command.opts.containsKey("verbose");

    Service service = Service.connect(command.opts);

    // Check the syntax of the query.
    try {
        Args parseArgs = new Args("parse_only", true);
        service.parse(query, parseArgs);
    }
    catch (HttpException e) {
        String detail = e.getDetail();
        Command.error("query '%s' is invalid: %s", query, detail);
    }

With error printed
Error: query 'search=search error | head 10 -d output_mode=csv' is invalid:

What is the correct query? Looks like I am providing the wrong query in the command line arguments. Using NetBeans 7.1 IDE.

Please guide

apruneda_splunk · ‎03-22-2012

This page http://dev.splunk.com/view/SP-CAAAEFF#search has examples of how to form the search query when using the Java SDK command-line examples. For example:

java -jar search.jar 'search error | head 10' --output_mode=csv

View solution in original post

apruneda_splunk · ‎03-22-2012

This page http://dev.splunk.com/view/SP-CAAAEFF#search has examples of how to form the search query when using the Java SDK command-line examples. For example:

java -jar search.jar 'search error | head 10' --output_mode=csv

Problem running search Sample from SDK - Query error

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?