I have an authentication token which I have found success using curls and the REST API. I'm trying to drop limited log events from a Java application in AWS. All of the documentation that I can find discusses using username and password with the Java SDK client. But I only have HEC token and endpoint. It's working perfectly fine on my test Splunk. service = new Service("HOST",Port); String credentials = "Username:Password"; String basicAuthHeader = Base64.encode(credentials.getBytes()); service.setToken("Basic " + basicAuthHeader); But i don't have username and password for production Splunk, have only HEC endpoint and token. So when I am trying to do service = new Service("HOST",Port); service.setToken("MY HEC TOKEN"); I am getting UnAuthorized Exception  Is there any way to use Java SDK w/o username and password. ... View more

Hi, Q1. We are trying to push data using Splunk SDK for java and using attachWith() to ingest the data. But how we can override host, sourcetype and time field using the same. Q2. attach() takes Args argument with which we can override host and sourcetype but time is again not there.  As mentioned in the documentation, our preference is also using attachWIth. Please suggest the right way to do the same. myIndex.attachWith(new ReceiverBehavior() { public void run(OutputStream stream) throws IOException { Writer out = new OutputStreamWriter(stream, "UTF8"); for (int i = 0; i < 2; i++) { out.write("This is my msg"); } out.flush(); } }); We are referring https://dev.splunk.com/enterprise/docs/java/sdk-java/howtousesdkjava/howtogetdatasdkjava  ... View more

Hi,   When i am using Splunk admin username and password, am able to get the indexes via below code HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2); ServiceArgs loginArgs = new ServiceArgs(); loginArgs.setUsername("USER"); loginArgs.setPassword("PASS"); loginArgs.setHost("HOST"); loginArgs.setPort(8089); loginArgs.setScheme("https"); Service service = Service.connect(loginArgs); System.out.println("printing indexes" + service.getIndexes().values().toString()); But when I am trying to connect with the HEC token created via Splunk Web, I am getting 401 UnAuthorized exception HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2); Service service = new Service("HOST", 8089); service.setToken("xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"); System.out.println("printing indexes" + service.getIndexes().values().toString()); Am getting below exception Exception in thread "main" com.splunk.HttpException: HTTP 401 -- Unauthorized at com.splunk.HttpException.create(HttpException.java:84) at com.splunk.HttpService.send(HttpService.java:500) at com.splunk.Service.send(Service.java:1295) at com.splunk.HttpService.get(HttpService.java:169) at com.splunk.ResourceCollection.list(ResourceCollection.java:288) at com.splunk.ResourceCollection.refresh(ResourceCollection.java:331) should I use service.setToken("Basic" + "xxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"); or there should be other configuration required to use token? ... View more

Hi, We are using Spark Apps to ingest the data into Splunk. For that, we are referring to https://dev.splunk.com/enterprise/docs/java/sdk-java/howtousesdkjava/howtogetdatasdkjava documentation.  We are planning to use attachWith. Is there any other/better way to achieve the same. There are a lot of examples in Java. Is there any better documentation/example to ingest bulk data(In TBs) via Spark Apps.  ... View more

We have a number of files containing events. Each event has a unique id in itself. but the same event(with the same event_id) can exist in other files as well. We want 1 event to be indexed 1 time in Splunk and if the event with the same event_id comes again just avoid it. This is the same as _id in Elastic Search or another database's primary key. Is it possible to achieve the same in Splunk? If yes, How?     ... View more