- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Search result Not consistent
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Search result Not consistent
Hello Folks,
I am new to splunk SDK and i am trying to write a code that search and return a search result from the splunk log instantly.
I am using splunk sdk for java to connect and fecth the details from logs.
below is what i am trying to achieve:
- Run a transaction in my application (which is configured with splunk)
- search for a keyword in the log after the transaction is completed.
below the code that i used to connect to splunk:
private static Service connectToSplunk() {
try {
if(splunkService== null) {
loadSplunkPropertiesValues();
HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
ServiceArgs loginArgs = new ServiceArgs();
loginArgs.setUsername(properties.getProperty("splunkLoginUserId"));
loginArgs.setPassword(properties.getProperty("splunkLoginPassword"));
loginArgs.setHost(properties.getProperty("splunkHost"));
loginArgs.setPort(Integer.valueOf(properties.getProperty("splunkPort")));
splunkService = Service.connect(loginArgs);
}
return splunkService;
}
catch(Exception e) {
}
}
below function to get the details from the splunk:
private static String getLogDetailsFromSplunk( Service service , String keyword) {
JobArgs jobArgs = new JobArgs();
jobArgs.setExecutionMode(JobArgs.ExecutionMode.NORMAL);
jobArgs.setEarliestTime(properties.getProperty("jobArgsEarliestTime"));
jobArgs.setLatestTime(properties.getProperty("jobArgsLatestTime"));
jobArgs.setStatusBuckets(300);
String sql ="search sourcetype=emsa_main source="*/logs/cuor-instrument-lifecycle-manager-*" | search msg="BDD Test for database retry queue:database:*" | head 10";
Job job = service.getJobs().create(sql, jobArgs);
StringBuffer strLog = new StringBuffer("");
String strLogAll = null;
// checking if the job is completed
while (!job.isDone()) {
try {
Thread.sleep(500);
} catch (Exception e) {
}
}
try{
Args outputArgs = new Args();
outputArgs.put("output_mode","json");
InputStream stream = job.getResults(outputArgs);
byte[] buffer = new byte[100000];
while(stream.read(buffer)!=-1)
strLogAll =new String(buffer);
//System.out.println(strLogAll);
//strLog.append(new String(buffer));
}
catch(Exception ne) {
}
return strLogAll;
}
Using the above code, i am able to get the details from the log/splunk. The concern that i am facing is that sometimes, the keyword that i am looking for is found in the result returned, sometimes not.
I am trying to figure out what is the possible causes. i had set the earliest_time to 45 seconds(which is a requirement). Could anyone give me some clue on what could be the possible reasons. A feedback or suggestion would be really appreciated.
Thanks
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
