I am running a Job and retrieving datas over 1 Gb. What happpens is that the job expires before I have time to load all the datas. Is there a way to save the job using the API or increase the time before the job expires ? ... View more

Hi, I've read several reports about how to get more than 100 results, but didn't find one addressing the Splunk Java API. The query is something like: search sourcetype="xxx" | table _raw My constraints are: - I want each event to be wrapped in a XML tag (result/field/v, as per Splunk response) to be XSL transformed later, so adding "| outputcsv" at the end of the query doesn't help for me as it wraps the whole response in a single xml tag I cannot process after. - Also, I cannot change the Splunk Server setup if anyone know how and what parameter to pass the code below to retrieve ALL results, please let me know: Job job = splunkService.getService().getJobs().create("my query"); while (!job.isDone()) { try { Thread.sleep(2000); } catch (InterruptedException e){} job.refresh(); } println("--- Event Count = " + job.getEventCount()); InputStream stream = job.getResults(); BufferedInputStream bis = new BufferedInputStream(stream); ByteArrayOutputStream buf = new ByteArrayOutputStream(); int result; try { result = bis.read(); while(result != -1) { byte b = (byte)result; buf.write(b); result = bis.read(); } } catch (IOException e){} ... View more

I've been evaluating Splunk last week: creating SourceType and uploading, indexing files. Fine. Now I switched to the Free version and I can't see the new SourceType I'm creating from now, The Add Data process goes smoothly, new datas shows in Manager » Data inputs » Files & directories* But doesn't show in App > Search > Source Type And the search returns 0 (cannot find the newly created sourceType) Is there some functional changes in Free Version ? Are there some logs I can look at ? (from the UI there is no error/warning msg) ... View more