Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Getting Search Results using Java REST API

misteryuku
Communicator
‎03-08-2012 06:38 PM

Am i right to say that the results derived from the Splunk search is returned as XML by default?
I was using the Java Splunk REST API to get the results.

This is the code that i used :

InputStream dataStream = job.getResults();

Does this input stream data contain XML?

I attempted to output the data as XML file using Java but sometimes I can view the XML file and most of the time i ran the same Splunk search using Java and when i view the xml file on the browsers, I saw the message that says something like XML must have a top level element and sometimes there is a blank space on the browser and the windows notepad.

What is the cause of this problem? I need an answer urgently!!!!!

Tags (4)
0 Karma
Reply

harikag
New Member
‎07-29-2019 05:16 AM

@misteryuku & @psanford_splunk could you please help me in writing a java code to export search results in json format..i have tried the above method but still failing to get the result.

0 Karma
Reply

psanford_splunk
Splunk Employee
Splunk Employee
‎03-08-2012 11:56 PM

Hi - You can set the output_mode on your results to json, xml, csv. Take a look at this code that sets the output mode to JSON.

Job job = service.getJobs().create("search index=twitter | head 5"); 

    while (!job.isDone()) 
    {
           try
           {
                Thread.sleep(2000);
           }
           catch (InterruptedException e) {}

           job.refresh();
    }

    Map<String, Object> outputArgs = new HashMap<String, Object>();
    outputArgs.put("output_mode", "json");

    InputStream stream = job.getResults(outputArgs);

    InputStreamReader reader = new InputStreamReader(stream);
    OutputStreamWriter writer = new OutputStreamWriter(System.out);

    int size = 1024;
    char[] buffer = new char[size];

    try
    {

    while (true) {
        int count = reader.read(buffer);
        if (count == -1) break;
        writer.write(buffer, 0, count);
    }

    writer.write("\n");
    writer.close();
    reader.close();
    }
    catch (Exception e) {}

    job.cancel();
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...