For SDK code, I've been trying just about every example on the CAAAEHQ page. I have tried one-shot and export searches off of the service object, tweaking every parameter I could find.
Currently, I'm attempting the following:
private InputStream getSearchResults()
{
String searchQuery_normal = "search index=\"[our_index]\"
source=\"[our_source]\" | stats
avg(response_time) AS avg_resp_time by
host | fields host, avg_resp_time ";
JobArgs jobargs = new JobArgs();
// jobargs.setExecutionMode(JobArgs.ExecutionMode.NORMAL);
jobargs.put("earliest_time", "-1h@h");
jobargs.put("latest_time", "now");
jobargs.setExecutionMode(JobArgs.ExecutionMode.BLOCKING);
Job job = service.getJobs().create(searchQuery_normal,
jobargs);
while (!job.isDone()) {
try {
Thread.sleep(500);
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
System.out.println("Search job ID: " + job.getSid());
return job.getResults();
If I curl the following URL, I get back a SID from the REST API:
https://[ouraccount].splunkcloud.com:8089/servicesNS/[myusername]/atc_apps/search/jobs -d search="search index=[our_index] sourcetype=[our_sourcetype] earliest=\"-1h@h\" latest=\"now\" | stats avg(response_time) by host"
Using the REST API to compare responses, with the first SID, I get back XML response elements that contain a single field tag with a k value of host. With the latter SID, I get response elements that contain the desired two field tags; one host, and one avg(response_time)
... View more