While trying to solve this issue I found all sorts of stuff about swapping java versions and performing custom builds of the SDK. This was the solution that worked for me. Thank you Greg!

Hi shaskell,
Thanks I went through but I am getting the following error now.
I am using SDK 1.5.0 and JRE7.
Do you know how to resolve it? I have changed https to http in .splunkrc file.

java.lang.RuntimeException: Connection reset
at com.splunk.HttpService.send(HttpService.java:427)
at com.splunk.Service.send(Service.java:1293)
at com.splunk.HttpService.post(HttpService.java:308)
at com.splunk.Service.login(Service.java:1122)
at com.splunk.Service.login(Service.java:1101)
at com.splunk.Service.connect(Service.java:187)
at com.splunk.examples.search.Program.run(Unknown Source)
at com.splunk.examples.search.Program.main(Unknown Source)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275)
at java.io.BufferedInputStream.read(BufferedInputStream.java:334)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:690)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:633)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:661)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1324)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
at com.splunk.HttpService.send(HttpService.java:425)
... 7 more

You'll want to change the scheme back to https in your .splunkrc.

If you're using Oracle JDK try commenting out the following line from your java.security file.

#jdk.tls.disabledAlgorithms=SSLv3

I'm running CentOS 7 and modifying this line from /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/lib/security/java.security on the default OpenJDK install worked for me.

From:
jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 768

To:
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 768

The SDK uses SSLv3 by default which is disabled in the security settings.

Also, sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body | where '3' > 0 is not working though it did in Web.

For example:
(Not working)

java -jar dist/examples/search_oneshot.jar "sourcetype=SplunkRabbitMQ_messaging | spath input=msg_body | where '3' > 0" --output_mode=json

(Working)

java -jar dist/examples/search_oneshot.jar "search * |  tail 10" --output_mode=json

Is there any way to use sourcetype in CLI? I am getting Unknown search command 'sourcetype'. It worked in Splunk Web.

Update: By putting 'search' ahead of the command, it worked.

Actually, when i am using https and did enableSplunkdSSL = true, it did not work but when i did http and did enableSplunkdSSL = false it worked. I commented the required line in java.security also.
I know it's not recommended but do you have any workaround?