Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the fastest way to turn Splunk search results into analyzable text using Java Eclipse?

DreadEclipse
Explorer
‎06-02-2016 01:44 PM

I am writing a series of programs to make regular calls to the Splunk server and quickly sort the results of a search. The only language I use is Java, specifically the Eclipse IDE. I have the Splunk SDK downloaded and installed and added successfully to my Eclipse project. I have successfully connected to splunk using my credentials.

My goal is to access the splunk dashboard and retrieve all the events that result from a specific search, returning them as Strings or else in a .txt file. I have read the documentation extensively and tried several solutions including service.export and MultiResultsReaderXml but neither seem speedy enough for my desires and neither seems to produce the Strings I need, namely the specific words of the Events from the search. Both seem like they would have to run for hours just to run a query on a one second time frame. I need to be able to search at least an hour. Since the beginning of time would be even better.

The rest of the program is designed to use the text shown in the Splunk events, and should work once I have this last piece. Whether there is a quicker way or not, please let me know.

Thanks!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DreadEclipse
Explorer
‎06-06-2016 10:36 AM

So, it turns out the easiest way to grab data is just to do a straight out search. Use the .export command in java and then, in the parenthesis type exactly the same search you put into Splunk, but type "search " in front with a space after it. This will give an overall search. To search for a specific time range, add "earliest=-" followed by the time range (like 1h for one hour or 15s for fifteen seconds), without the quotes, of course. This takes the search from about 3 hours to about 6 seconds, a very nice 180,000% increase in performance!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

harikag
New Member
‎07-30-2019 12:42 AM

@ppablo_splunk Hi, I have the same requirement and followed the same but somehow i am unable to do the export search. Could you please help me in it.

0 Karma
Reply
Solved! Jump to solution
Solution

DreadEclipse
Explorer
‎06-06-2016 10:36 AM

So, it turns out the easiest way to grab data is just to do a straight out search. Use the .export command in java and then, in the parenthesis type exactly the same search you put into Splunk, but type "search " in front with a space after it. This will give an overall search. To search for a specific time range, add "earliest=-" followed by the time range (like 1h for one hour or 15s for fifteen seconds), without the quotes, of course. This takes the search from about 3 hours to about 6 seconds, a very nice 180,000% increase in performance!

0 Karma
Reply
Get Updates on the Splunk Community!

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...
Top