Splunk Search

Why does index creation via Java SDK returns null value?

New Member

Hi colleagues,
I am trying to create index using the Java SDK for Splunk and to reset the "FrozenTimePeriodInSecs" property afterwards.
The code snippet follows:

ServiceArgs loginArgs = new ServiceArgs();
        loginArgs.setUsername("admin");
        loginArgs.setPassword("admin");
        loginArgs.setHost("host");
        loginArgs.setPort(8089);

String indexName = "testIndex_" + System.currentTimeMillis(); 

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);        
Service splunkService = Service.connect(login);
IndexCollection indexCollection = splunkService.getIndexes();
Index createdIndex = indexCollection.create(indexName);
createdIndex.setFrozenTimePeriodInSecs(retentionPeriod);
createdIndex.update();

I run into java.lang.NullPointerException because apparently the the IndexCollection.create(String indexName); returns a null value.
Any idea what am I doing wrong?

0 Karma

New Member

Hi all,

I have found the root cause.
The problem is with the capital "I" in the testIndex_<timestamp>.
It turns out that despite my attempt to create an index with name testIndex_<timestamp> (capital "I") on the backend an index with name testindex_<timestamp> (lower case "i") is created.

The method IndexCollection.create(String indexName) sends internal GET request attempting to obtain the Index object, having the original name testIndex_<timestamp> with (capital "I") and since on the back end there is no such thing that method returns null value.

In my opinion that is a bug.

0 Karma

SplunkTrust
SplunkTrust

Index names are always lower case. Per the Managing Indexers and Clusters of Indexers docs: "User-defined index names must consist of only numbers, lowercase letters, underscores, and hyphens."

Splunk probably should block attempts to create an index with an invalid name or warn that it changed the name, but I see no bug here.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

New Member

On line 10 I actually pass the loginArgs and not login.

0 Karma