Damien Dallimore, profile picture
Uploaded byDamien Dallimore
POTX, PDF7,134 views

Using the Splunk Java SDK

This document provides an overview and agenda for a presentation on using the Splunk Java SDK. The presenter is introduced as a developer evangelist for Splunk. The agenda includes an overview of the Splunk platform, REST API and SDKs, a detailed look at the Java SDK, examples of using the SDK to log events, search data, and work with saved searches, and a discussion of ways to think outside the box when using Splunk with Java.

Embed presentation

Downloaded 186 times
Using the Splunk Java SDK Presented by Damien Dallimore Developer Evangelist at Splunk Copyright © 2012 Splunk Inc.
About me • Developer Evangelist at Splunk since July 2012 • http://dev.splunk.com • http://splunk-base.splunk.com • Slides available for my “Splunking the JVM” session • Splunk Community Member • Splunk4JMX • SplunkJavaLogging • SplunkBase Answers • Splunk Architect and Administrator • Coder, hacker, architect of Enterprise Java solutions around the globe in many different industries(aviation, core banking, card payments etc…) • Yes, I do have an accent , so please restrain all your sheep, Lord of the Rings and Kim Dotcom heckles until beer o’clock  2
Agenda • Overview of the Splunk Platform • REST API & SDKs • Java SDK overview • Code, Code, Code ! • Thinking outside the Square • Alternate JVM Languages • Making it easier for developers to log to Splunk • Splunk is not just for Production • Questions (feel free to yell out at any time also)
Splunk & Developers Accelerate development & Machine Data SplunkUI Custom/Existing testing with proactive (Splunk Apps) Applications monitoring SDKs Search, chart and graph Save and schedule searches as alerts Integrate data from Splunk into Export search results your existing IT environment for Manage inputs and indexes Add & remove users and roles operational visibility REST APIs Quickly deliver real-time Splunkd business insights from Big Data outside of IT 4
REST API & SDKs
What you can do with the SDKs & API • Integrate with third-party reporting tools and portals • Log directly to Splunk • Integrate Splunk search results into your application • Extract data for archiving, compliance • Build a custom UI of your choice 6
Splunk REST API • Exposes an API method for every feature in the product • Whatever you can do in the UI – you can do through the API. • Run searches • Manage Splunk configurations • API is RESTful • Endpoints are served by splunkd • Requests are GET, POST, and DELETE HTTP methods • Responses are Atom XML Feeds • JSON coming in 5.0 • Versioning coming in 5.0 • Search results can be output in CSV/JSON/XML 7
Language SDKs • The SDKs make it easier for you to use the raw REST API , abstracting away much of the lower level plumbing, so you can instead just focus on developer productivity • Handling HTTP access • Authenticating • Managing namespaces • Simplifying access to REST endpoints • Building the correct URL for an endpoint • Displaying simplified output for searches • Input of data to a Splunk index • Python, Java, Javascript in beta - Supported • PHP available now! • Still study the core REST API though , if you’re anything like me you like to know what is going on under the hood 8
Java SDK overview
Java SDK Design Principles • Provide comprehensive coverage of the REST API • Have a 1:1 mapping of endpoint to class in the SDK • Provide implementation that felt intuitive to a Java developer • Lowest common denominator for build – ANT (Any maven people out there?) • Project support for Eclipse and IntelliJ – to ease getting started 10
Get the Java SDK setup • Open sourced under the Apache v2.0 license • Clone from Github : git clone https://github.com/splunk/splunk-sdk-java.git • Current release status is “beta” • Project level support for Eclipse and Intellij IDE’s • I use Eclipse with the eGit plugin • Pre-requisites • JRE 6+ • Ant (builds, javadoc generation) • Splunk installed • Run the unit tests and examples • Setup a “.splunkrc” file in your user’s home directory • Run an Ant build • Run examples with the command line wrappers • Run the Junit tests from Ant or within your IDE 11
Key Java SDK Concepts • Namespaces • owner : splunk username • app : app context • sharing : user | app | global | system • Defaults to current user and default app • Service class • Instantiate an object to connect and login • Entry point for REST API calls • Client/Server state • Need to maintain state explicitly • update() : to push changes to splunkd • refresh() : to get changes from splunkd 12
Java SDK Class Model HTTPService Resource Service ResourceCollection Entity EntityCollection Application Index Input InputCollection SavedSearchCollection • Collections use a common mechanism to create and remove entities • Entities use a common mechanism to retrieve and update property values, and access entity metadata • Service is a wrapper that facilitates access to all Splunk REST endpoints 13
public String codeTime(){ return “Lets Rock n Roll”; }
Connecting / Authenticating 15
Simple Entity Retrieval 16
Logging Events via HTTP REST Uses receivers/simple endpoint Uses receivers/stream endpoint 17
Logging Events via Raw TCP If you don’t already have a TCP port listening, simply create one via the REST API Setup Log to Splunk Teardown 18
Searching Overview • Search query • a set of commands and functions you use to retrieve events from an index or a real-time stream , "search * | head 10". • Saved search • a search query that has been saved to be used again and can be set up to run on a regular schedule • Search job • an instance of a completed or still-running search operation.Using a search ID you can access the results of the search when they become available. Job results are saved for a period of time on the server and can be retrieved • Search Modes • Normal : asynchronous , poll job for status and results • Blocking : synchronous , a job handle is returned when search is completed • Oneshot : synchronous , no job handle is returned, results are streamed • Export : synchronous, not a search per say, doesn’t create a job, results are streamed oldest to newest Heaps more juicy examples here : http://dev.splunk.com/view/SP-CAAAEHQ 19
Blocking Searches A Job is created No Job is created 20
Non-Blocking Search 21
Non-Blocking Search (with Paging) • “maxresultrows” in Splunk config default 50K • Not recommended to change this • If result set > 50K , then page through results 22
Realtime Search 23
Saved Search 24
Processing CSV/JSON/XML results 25
Client/Server State 26
Namespaces 27
Thinking outside the square
Alternate JVM Languages Scala Groovy Clojure Javascript(Rhino) JRuby PHP(Quercus) Ceylon Kotlin Jython We don’t need SDK’s for these languages , we can just use the Java SDK ! 29
Scala “SDK” 30
Groovy “SDK” 31
SplunkJavaLogging • A logging framework to allow developers to as seamlessly as possible integrate Splunk best practice logging semantics into their code. • Custom handler/appender implementations(REST and Raw TCP) for the 3 most prevalent Java logging frameworks in play. Splunk events directly from your code. • LogBack • Log4j • java.util.logging • Implementation of the SPLUNK CIM(Common Information Model) 32
Developers just log as they are used to Better A-HA 2012-08-07 15:54:06:644+1200 name="Failed Login" event_id="someID" app="myapp" user="jane" somefieldname="foobar" 33
Logging Framework takes care of the Splunk transport , REST or Raw TCP 34
<barf>Typical Java Stacktraces in logs</barf> 35
SplunkJavaLogging is your friend 36
Java Stacktraces in Splunk 37
Use Splunk in dev/test => better quality delivered to prod Testing Tools • It’s not good enough to assert that your Splunk software is production ready because the Java SDK load test “doesn’t make it fall over” Execute Tests • Splunk the app’s machine data throughout REST Perform test assertions the lifecycle of the test • Via a Splunk SDK, enrich your test harness Splunk REST% TCP /% pass/fail assertions with outputs of Splunk Your Java SDK SplunkD searches App Other Universal% • Catch malignant code tumors that may have Metrics Forwarder flown under the radar that your harness alone couldn’t possibly know about. • Grinder + Java SDK + Assertions 38
Contact Details Always more than happy to be contacted for questions, feedback, collaborations, ideas that will change the world etc… Email : ddallimore@splunk.com SplunkBase: damiend Github: damiendallimore Twitter : @damiendallimore Blog : http://blogs.splunk.com/dev Splunk Dev Platform Team : devinfo@splunk.com 39
Links Gists for all code examples : https://gist.github.com/damiendallimore Java SDK Homepage : http://dev.splunk.com/view/java-sdk/SP-CAAAECN Java SDK Github repository : https://github.com/splunk/splunk-sdk-java SplunkJavaLogging : https://github.com/damiendallimore/SplunkJavaLogging Splunk Best Practice Logging : http://dev.splunk.com/view/logging-best- practices/SP-CAAADP6 Splunk REST API : http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents 40
//Thanks for coming ! System.exit(5150);

More Related Content

PPT
Java sdk quickstart
bySplunk
 
POTX
Splunking the JVM (Java Virtual Machine)
byDamien Dallimore
 
PPTX
Integrating Splunk into your Spring Applications
byDamien Dallimore
 
PPTX
Splunk Modular Inputs / JMS Messaging Module Input
byDamien Dallimore
 
PPTX
SplunkLive! Developer Breakout
bySplunk
 
PPTX
Splunk Conf 2014 - Getting the message
byDamien Dallimore
 
PPTX
Splunk Java Agent
byDamien Dallimore
 
PPTX
SpringOne2GX 2014 Splunk Presentation
byDamien Dallimore
 
Java sdk quickstart
bySplunk
 
Splunking the JVM (Java Virtual Machine)
byDamien Dallimore
 
Integrating Splunk into your Spring Applications
byDamien Dallimore
 
Splunk Modular Inputs / JMS Messaging Module Input
byDamien Dallimore
 
SplunkLive! Developer Breakout
bySplunk
 
Splunk Conf 2014 - Getting the message
byDamien Dallimore
 
Splunk Java Agent
byDamien Dallimore
 
SpringOne2GX 2014 Splunk Presentation
byDamien Dallimore
 

What's hot

PPTX
Splunk for JMX
byDamien Dallimore
 
PDF
Apache DeltaSpike the CDI toolbox
byAntoine Sabot-Durand
 
PPTX
Play framework : A Walkthrough
bymitesh_sharma
 
KEY
Enterprise Java Web Application Frameworks Sample Stack Implementation
byMert Çalışkan
 
PPTX
Faster Java EE Builds with Gradle
byRyan Cuprak
 
PPT
Ow
byjuanjoaloloco
 
PPTX
High density deployments using weblogic multitenancy
byGetting value from IoT, Integration and Data Analytics
 
PDF
Java Desktop 2019
byHendrik Ebbers
 
PPTX
Java EE 8 Update
byRyan Cuprak
 
PDF
Javantura v4 - Spring Boot and JavaFX - can they play together - Josip Kovaček
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
ODP
Open source identity management 20121106 - apache con eu
byFrancesco Chicchiriccò
 
PPTX
Open Source In The World Of Java
byJamie Coleman
 
PDF
Lessons Learned from Real-World Deployments of Java EE 7 at JavaOne 2014
byArun Gupta
 
PDF
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015
byChristian Schneider
 
PPTX
Why Play Framework is fast
byLegacy Typesafe (now Lightbend)
 
PDF
Scala play-framework
byAbdhesh Kumar
 
PPTX
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
byScott Sutherland
 
PDF
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
byChristian Schneider
 
PPTX
Microservices made easy JavaCro 2021
byJamie Coleman
 
PDF
Java APIs- The missing manual (concurrency)
byHendrik Ebbers
 
Splunk for JMX
byDamien Dallimore
 
Apache DeltaSpike the CDI toolbox
byAntoine Sabot-Durand
 
Play framework : A Walkthrough
bymitesh_sharma
 
Enterprise Java Web Application Frameworks Sample Stack Implementation
byMert Çalışkan
 
Faster Java EE Builds with Gradle
byRyan Cuprak
 
Ow
byjuanjoaloloco
 
High density deployments using weblogic multitenancy
byGetting value from IoT, Integration and Data Analytics
 
Java Desktop 2019
byHendrik Ebbers
 
Java EE 8 Update
byRyan Cuprak
 
Javantura v4 - Spring Boot and JavaFX - can they play together - Josip Kovaček
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Open source identity management 20121106 - apache con eu
byFrancesco Chicchiriccò
 
Open Source In The World Of Java
byJamie Coleman
 
Lessons Learned from Real-World Deployments of Java EE 7 at JavaOne 2014
byArun Gupta
 
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015
byChristian Schneider
 
Why Play Framework is fast
byLegacy Typesafe (now Lightbend)
 
Scala play-framework
byAbdhesh Kumar
 
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
byScott Sutherland
 
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
byChristian Schneider
 
Microservices made easy JavaCro 2021
byJamie Coleman
 
Java APIs- The missing manual (concurrency)
byHendrik Ebbers
 

Viewers also liked

PDF
Splunk Application logging Best Practices
byGreg Hanchin
 
PPTX
Splunk Developer Platform
byDamien Dallimore
 
PDF
Splunk | Reporting Use Cases
byBeth Goldman
 
PDF
SRE in Startup
byLadislav Prskavec
 
PDF
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
bySplunk
 
PPTX
SplunkLive! Splunk for Insider Threats and Fraud Detection
bySplunk
 
PPT
Making Pretty Charts in Splunk
bySplunk
 
PDF
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
byErin Sweeney
 
PPTX
QCon London 2015 - Wrangling Data at the IOT Rodeo
byDamien Dallimore
 
PPTX
Splunk Conf 2014 - Splunking the Java Virtual Machine
byDamien Dallimore
 
DOCX
Linux Server Hardening - Steps by Steps
bySunil Paudel
 
PDF
TXLF: Automated Deployment of OpenStack with Chef
byMatt Ray
 
PDF
Threat Hunting
byTripwire
 
PDF
Exception handling & logging in Java - Best Practices (Updated)
byAngelin R
 
PPTX
Softcat Splunk Discovery Day Manchester, March 2017
bySplunk
 
PPTX
Building a Security Information and Event Management platform at Travis Per...
bySplunk
 
PDF
DevOps and Chef
byJonathan Hitchcock
 
PPTX
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
byPatrick Chanezon
 
PPTX
Why Docker
bydotCloud
 
PPTX
Threat Hunting with Splunk Hands-on
bySplunk
 
Splunk Application logging Best Practices
byGreg Hanchin
 
Splunk Developer Platform
byDamien Dallimore
 
Splunk | Reporting Use Cases
byBeth Goldman
 
SRE in Startup
byLadislav Prskavec
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
bySplunk
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
bySplunk
 
Making Pretty Charts in Splunk
bySplunk
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
byErin Sweeney
 
QCon London 2015 - Wrangling Data at the IOT Rodeo
byDamien Dallimore
 
Splunk Conf 2014 - Splunking the Java Virtual Machine
byDamien Dallimore
 
Linux Server Hardening - Steps by Steps
bySunil Paudel
 
TXLF: Automated Deployment of OpenStack with Chef
byMatt Ray
 
Threat Hunting
byTripwire
 
Exception handling & logging in Java - Best Practices (Updated)
byAngelin R
 
Softcat Splunk Discovery Day Manchester, March 2017
bySplunk
 
Building a Security Information and Event Management platform at Travis Per...
bySplunk
 
DevOps and Chef
byJonathan Hitchcock
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
byPatrick Chanezon
 
Why Docker
bydotCloud
 
Threat Hunting with Splunk Hands-on
bySplunk
 

Similar to Using the Splunk Java SDK

PPTX
SplunkLive! Developer Session
bySplunk
 
PPTX
SplunkLive London 2014 Developer Presentation
byDamien Dallimore
 
PPTX
Liberate your Application Logging
byGlenn Block
 
PPTX
A Lap Around Developer Awesomeness in Splunk 6.3
byGlenn Block
 
PDF
Splunk's api how we built it
byGlenn Block
 
PPTX
Workshop splunk 6.5-saint-louis-mo
byMohamad Hassan
 
PPTX
Splunk for Developers
bySplunk
 
PPTX
Splunk for Developers Breakout Session
bySplunk
 
PPTX
SplunkLive 2011 Advanced Session
bySplunk
 
PDF
Splunk in Rakuten: Splunk as a Service for all
byTimur Bagirov
 
PPTX
Splunk for Developers
bySplunk
 
PDF
Lesser known-search-commands
bypendoo
 
PPTX
Splunk for Developers
bySplunk
 
PPTX
Splunk at Sabre
bySplunk
 
PDF
Machine Data 101
bySplunk
 
PPTX
Splunk for Developers Breakout Session
bySplunk
 
PPTX
SplunkLive! Seattle - Splunk for Developers
byGrigori Melnik
 
PDF
NoSQL, Apache SOLR and Apache Hadoop
byDmitry Kan
 
PPTX
dlux - Splunk Technical Overview
byDavid Lutz
 
PPTX
Splunk All the Things: Our First 3 Months Monitoring Web Service APIs - Splun...
byDan Cundiff
 
SplunkLive! Developer Session
bySplunk
 
SplunkLive London 2014 Developer Presentation
byDamien Dallimore
 
Liberate your Application Logging
byGlenn Block
 
A Lap Around Developer Awesomeness in Splunk 6.3
byGlenn Block
 
Splunk's api how we built it
byGlenn Block
 
Workshop splunk 6.5-saint-louis-mo
byMohamad Hassan
 
Splunk for Developers
bySplunk
 
Splunk for Developers Breakout Session
bySplunk
 
SplunkLive 2011 Advanced Session
bySplunk
 
Splunk in Rakuten: Splunk as a Service for all
byTimur Bagirov
 
Splunk for Developers
bySplunk
 
Lesser known-search-commands
bypendoo
 
Splunk for Developers
bySplunk
 
Splunk at Sabre
bySplunk
 
Machine Data 101
bySplunk
 
Splunk for Developers Breakout Session
bySplunk
 
SplunkLive! Seattle - Splunk for Developers
byGrigori Melnik
 
NoSQL, Apache SOLR and Apache Hadoop
byDmitry Kan
 
dlux - Splunk Technical Overview
byDavid Lutz
 
Splunk All the Things: Our First 3 Months Monitoring Web Service APIs - Splun...
byDan Cundiff
 

Recently uploaded

PDF
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
PDF
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
PDF
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PPTX
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
Designing a Blog Using Wordpress
bymarkzubi50
 
PDF
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PPTX
WEEK 1-introduction of industrial arts grade 7.pptx
byrosierufinomaliongan
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
PDF
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
Getting Started with Apache Spark: Big Data Made Simple [Free Meetup]
byHaim Michael
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Designing a Blog Using Wordpress
bymarkzubi50
 
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
NTG - Data Center Management System Software
byMustafa Kuğu
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
WEEK 1-introduction of industrial arts grade 7.pptx
byrosierufinomaliongan
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 

Using the Splunk Java SDK

  • 1.
    Using the SplunkJava SDK Presented by Damien Dallimore Developer Evangelist at Splunk Copyright © 2012 Splunk Inc.
  • 2.
    About me • Developer Evangelist at Splunk since July 2012 • http://dev.splunk.com • http://splunk-base.splunk.com • Slides available for my “Splunking the JVM” session • Splunk Community Member • Splunk4JMX • SplunkJavaLogging • SplunkBase Answers • Splunk Architect and Administrator • Coder, hacker, architect of Enterprise Java solutions around the globe in many different industries(aviation, core banking, card payments etc…) • Yes, I do have an accent , so please restrain all your sheep, Lord of the Rings and Kim Dotcom heckles until beer o’clock  2
  • 3.
    Agenda • Overview of the Splunk Platform • REST API & SDKs • Java SDK overview • Code, Code, Code ! • Thinking outside the Square • Alternate JVM Languages • Making it easier for developers to log to Splunk • Splunk is not just for Production • Questions (feel free to yell out at any time also)
  • 4.
    Splunk & Developers Accelerate development & Machine Data SplunkUI Custom/Existing testing with proactive (Splunk Apps) Applications monitoring SDKs Search, chart and graph Save and schedule searches as alerts Integrate data from Splunk into Export search results your existing IT environment for Manage inputs and indexes Add & remove users and roles operational visibility REST APIs Quickly deliver real-time Splunkd business insights from Big Data outside of IT 4
  • 5.
  • 6.
    What you cando with the SDKs & API • Integrate with third-party reporting tools and portals • Log directly to Splunk • Integrate Splunk search results into your application • Extract data for archiving, compliance • Build a custom UI of your choice 6
  • 7.
    Splunk REST API • Exposes an API method for every feature in the product • Whatever you can do in the UI – you can do through the API. • Run searches • Manage Splunk configurations • API is RESTful • Endpoints are served by splunkd • Requests are GET, POST, and DELETE HTTP methods • Responses are Atom XML Feeds • JSON coming in 5.0 • Versioning coming in 5.0 • Search results can be output in CSV/JSON/XML 7
  • 8.
    Language SDKs • The SDKs make it easier for you to use the raw REST API , abstracting away much of the lower level plumbing, so you can instead just focus on developer productivity • Handling HTTP access • Authenticating • Managing namespaces • Simplifying access to REST endpoints • Building the correct URL for an endpoint • Displaying simplified output for searches • Input of data to a Splunk index • Python, Java, Javascript in beta - Supported • PHP available now! • Still study the core REST API though , if you’re anything like me you like to know what is going on under the hood 8
  • 9.
  • 10.
    Java SDK DesignPrinciples • Provide comprehensive coverage of the REST API • Have a 1:1 mapping of endpoint to class in the SDK • Provide implementation that felt intuitive to a Java developer • Lowest common denominator for build – ANT (Any maven people out there?) • Project support for Eclipse and IntelliJ – to ease getting started 10
  • 11.
    Get the JavaSDK setup • Open sourced under the Apache v2.0 license • Clone from Github : git clone https://github.com/splunk/splunk-sdk-java.git • Current release status is “beta” • Project level support for Eclipse and Intellij IDE’s • I use Eclipse with the eGit plugin • Pre-requisites • JRE 6+ • Ant (builds, javadoc generation) • Splunk installed • Run the unit tests and examples • Setup a “.splunkrc” file in your user’s home directory • Run an Ant build • Run examples with the command line wrappers • Run the Junit tests from Ant or within your IDE 11
  • 12.
    Key Java SDKConcepts • Namespaces • owner : splunk username • app : app context • sharing : user | app | global | system • Defaults to current user and default app • Service class • Instantiate an object to connect and login • Entry point for REST API calls • Client/Server state • Need to maintain state explicitly • update() : to push changes to splunkd • refresh() : to get changes from splunkd 12
  • 13.
    Java SDK ClassModel HTTPService Resource Service ResourceCollection Entity EntityCollection Application Index Input InputCollection SavedSearchCollection • Collections use a common mechanism to create and remove entities • Entities use a common mechanism to retrieve and update property values, and access entity metadata • Service is a wrapper that facilitates access to all Splunk REST endpoints 13
  • 14.
    public String codeTime(){ return “Lets Rock n Roll”; }
  • 15.
  • 16.
  • 17.
    Logging Events viaHTTP REST Uses receivers/simple endpoint Uses receivers/stream endpoint 17
  • 18.
    Logging Events viaRaw TCP If you don’t already have a TCP port listening, simply create one via the REST API Setup Log to Splunk Teardown 18
  • 19.
    Searching Overview • Search query • a set of commands and functions you use to retrieve events from an index or a real-time stream , "search * | head 10". • Saved search • a search query that has been saved to be used again and can be set up to run on a regular schedule • Search job • an instance of a completed or still-running search operation.Using a search ID you can access the results of the search when they become available. Job results are saved for a period of time on the server and can be retrieved • Search Modes • Normal : asynchronous , poll job for status and results • Blocking : synchronous , a job handle is returned when search is completed • Oneshot : synchronous , no job handle is returned, results are streamed • Export : synchronous, not a search per say, doesn’t create a job, results are streamed oldest to newest Heaps more juicy examples here : http://dev.splunk.com/view/SP-CAAAEHQ 19
  • 20.
    Blocking Searches A Jobis created No Job is created 20
  • 21.
  • 22.
    Non-Blocking Search (withPaging) • “maxresultrows” in Splunk config default 50K • Not recommended to change this • If result set > 50K , then page through results 22
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
    Alternate JVM Languages Scala Groovy Clojure Javascript(Rhino) JRuby PHP(Quercus) Ceylon Kotlin Jython We don’t need SDK’s for these languages , we can just use the Java SDK ! 29
  • 30.
  • 31.
  • 32.
    SplunkJavaLogging • A logging framework to allow developers to as seamlessly as possible integrate Splunk best practice logging semantics into their code. • Custom handler/appender implementations(REST and Raw TCP) for the 3 most prevalent Java logging frameworks in play. Splunk events directly from your code. • LogBack • Log4j • java.util.logging • Implementation of the SPLUNK CIM(Common Information Model) 32
  • 33.
    Developers just logas they are used to Better A-HA 2012-08-07 15:54:06:644+1200 name="Failed Login" event_id="someID" app="myapp" user="jane" somefieldname="foobar" 33
  • 34.
    Logging Framework takescare of the Splunk transport , REST or Raw TCP 34
  • 35.
  • 36.
  • 37.
  • 38.
    Use Splunk indev/test => better quality delivered to prod Testing Tools • It’s not good enough to assert that your Splunk software is production ready because the Java SDK load test “doesn’t make it fall over” Execute Tests • Splunk the app’s machine data throughout REST Perform test assertions the lifecycle of the test • Via a Splunk SDK, enrich your test harness Splunk REST% TCP /% pass/fail assertions with outputs of Splunk Your Java SDK SplunkD searches App Other Universal% • Catch malignant code tumors that may have Metrics Forwarder flown under the radar that your harness alone couldn’t possibly know about. • Grinder + Java SDK + Assertions 38
  • 39.
    Contact Details Always morethan happy to be contacted for questions, feedback, collaborations, ideas that will change the world etc… Email : ddallimore@splunk.com SplunkBase: damiend Github: damiendallimore Twitter : @damiendallimore Blog : http://blogs.splunk.com/dev Splunk Dev Platform Team : devinfo@splunk.com 39
  • 40.
    Links Gists for allcode examples : https://gist.github.com/damiendallimore Java SDK Homepage : http://dev.splunk.com/view/java-sdk/SP-CAAAECN Java SDK Github repository : https://github.com/splunk/splunk-sdk-java SplunkJavaLogging : https://github.com/damiendallimore/SplunkJavaLogging Splunk Best Practice Logging : http://dev.splunk.com/view/logging-best- practices/SP-CAAADP6 Splunk REST API : http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents 40
  • 41.
    //Thanks for coming! System.exit(5150);

Editor's Notes

  • #20 For those searches that stream the results (oneshot and export), the search results are not saved. If the stream is interrupted for any reason, the results are not recoverable without running the search again.
  • #22 There is code in the develop branch (which we should probably push into main before .conf) that obviates the need for job.refresh()isDone() and isReady() refresh behind your back.
  • #23 In order to get all events, you have to use the export endpoint. But the export endpoint has different behavior than a normal job. An export cannot be &quot;restarted&quot; when getting events if the network hiccups. A search job can just do another getResults() with the appropriate offset — this is because the export endpoint doesn&apos;t save the results like a search job does. But a search job has a limited number of events it will store on the server — which can be affected by status_buckets — but there is no way to guarantee the upper limit. With the default status_buckets we can get to 500K events. Itay and I experimented with hundreds of stratus_buckets but were only to get up to about 1M events, out of 13M available events.