SlideShare a Scribd company logo
Using the Splunk Java SDK

       Presented by Damien Dallimore
       Developer Evangelist at Splunk

Copyright © 2012 Splunk Inc.
About me
•       Developer Evangelist at Splunk since July 2012
    •     http://dev.splunk.com
    •     http://splunk-base.splunk.com
    •     Slides available for my “Splunking the JVM” session

•       Splunk Community Member
    •     Splunk4JMX
    •     SplunkJavaLogging
    •     SplunkBase Answers
•       Splunk Architect and Administrator
•       Coder, hacker, architect of Enterprise Java solutions around the globe in
        many different industries(aviation, core banking, card payments etc…)
•       Yes, I do have an accent , so please restrain all your sheep, Lord of the
        Rings and Kim Dotcom heckles until beer o’clock 


                                            2
Agenda
•       Overview of the Splunk Platform
•       REST API & SDKs
•       Java SDK overview
•       Code, Code, Code !
•       Thinking outside the Square
    •     Alternate JVM Languages
    •     Making it easier for developers to log to Splunk
    •     Splunk is not just for Production
•       Questions (feel free to yell out at any time also)
Splunk & Developers
                                                           Accelerate development &
Machine Data        SplunkUI             Custom/Existing
                                                           testing with proactive
                  (Splunk Apps)            Applications
                                                           monitoring
                                               SDKs
                          Search, chart and graph
                    Save and schedule searches as alerts
                                                           Integrate data from Splunk into
                           Export search results           your existing IT environment for
                        Manage inputs and indexes
                       Add & remove users and roles
                                                           operational visibility

                             REST APIs
                                                           Quickly deliver real-time
                                Splunkd                    business insights from Big Data
                                                           outside of IT




                                     4
REST API & SDKs
What you can do with the SDKs & API
  •   Integrate with third-party reporting tools and portals
  •   Log directly to Splunk
  •   Integrate Splunk search results into your application
  •   Extract data for archiving, compliance
  •   Build a custom UI of your choice




                                   6
Splunk REST API
•       Exposes an API method for every feature in the product
    •     Whatever you can do in the UI – you can do through the API.
    •     Run searches
    •     Manage Splunk configurations
•       API is RESTful
    •     Endpoints are served by splunkd
    •     Requests are GET, POST, and DELETE HTTP methods
    •     Responses are Atom XML Feeds
    •     JSON coming in 5.0
    •     Versioning coming in 5.0
    •     Search results can be output in CSV/JSON/XML

                                      7
Language SDKs
•       The SDKs make it easier for you to use the raw REST API ,
        abstracting away much of the lower level plumbing, so you can
        instead just focus on developer productivity
    •     Handling HTTP access
    •     Authenticating
    •     Managing namespaces
    •     Simplifying access to REST endpoints
    •     Building the correct URL for an endpoint
    •     Displaying simplified output for searches
    •     Input of data to a Splunk index
•       Python, Java, Javascript in beta - Supported
•       PHP available now!
•       Still study the core REST API though , if you’re anything like me
        you like to know what is going on under the hood
                                         8
Java SDK overview
Java SDK Design Principles
•   Provide comprehensive coverage of the REST API

•   Have a 1:1 mapping of endpoint to class in the SDK

•   Provide implementation that felt intuitive to a Java developer

•   Lowest common denominator for build – ANT (Any maven people out there?)

•   Project support for Eclipse and IntelliJ – to ease getting started




                                             10
Get the Java SDK setup
•       Open sourced under the Apache v2.0 license
•       Clone from Github : git clone https://github.com/splunk/splunk-sdk-java.git
•       Current release status is “beta”
•       Project level support for Eclipse and Intellij IDE’s
    •      I use Eclipse with the eGit plugin
•       Pre-requisites
    •      JRE 6+
    •      Ant (builds, javadoc generation)
    •      Splunk installed
•       Run the unit tests and examples
    •      Setup a “.splunkrc” file in your user’s home directory
    •      Run an Ant build
    •      Run examples with the command line wrappers
    •      Run the Junit tests from Ant or within your IDE

                                                   11
Key Java SDK Concepts
•       Namespaces
    •     owner : splunk username
    •     app : app context
    •     sharing : user | app | global | system
    •     Defaults to current user and default app
•       Service class
    •     Instantiate an object to connect and login
    •     Entry point for REST API calls
•       Client/Server state
    •     Need to maintain state explicitly
          •   update() : to push changes to splunkd
          •   refresh() : to get changes from splunkd

                                         12
Java SDK Class Model
        HTTPService                                              Resource



          Service                       ResourceCollection                            Entity


                                         EntityCollection               Application   Index      Input


                      InputCollection                      SavedSearchCollection

•   Collections use a common mechanism to create and remove entities
•   Entities use a common mechanism to retrieve and update property values, and access entity metadata
•   Service is a wrapper that facilitates access to all Splunk REST endpoints
                                                      13
public String codeTime(){
  return “Lets Rock n Roll”;
}
Connecting / Authenticating




             15
Simple Entity Retrieval




           16
Logging Events via HTTP REST
Uses receivers/simple endpoint        Uses receivers/stream endpoint




                                 17
Logging Events via Raw TCP
If you don’t already have a TCP port listening, simply create one via the REST API


Setup                                Log to Splunk                            Teardown




                                           18
Searching Overview
•       Search query
    •      a set of commands and functions you use to retrieve events from an index or a real-time stream , "search *
           | head 10".

•       Saved search
    •      a search query that has been saved to be used again and can be set up to run on a regular schedule
•       Search job
    •      an instance of a completed or still-running search operation.Using a search ID you can access the results of
           the search when they become available. Job results are saved for a period of time on the server and can be
           retrieved
•       Search Modes
    •      Normal : asynchronous , poll job for status and results
    •      Blocking : synchronous , a job handle is returned when search is completed
    •      Oneshot : synchronous , no job handle is returned, results are streamed
    •      Export : synchronous, not a search per say, doesn’t create a job, results are streamed oldest to newest


Heaps more juicy examples here : http://dev.splunk.com/view/SP-CAAAEHQ


                                                          19
Blocking Searches
A Job is created                No Job is created




                           20
Non-Blocking Search




         21
Non-Blocking Search (with Paging)




                •    “maxresultrows” in Splunk config default 50K
                •    Not recommended to change this
                •    If result set > 50K , then page through results



                22
Realtime Search




       23
Saved Search




     24
Processing CSV/JSON/XML results




               25
Client/Server State




         26
Namespaces




    27
Thinking outside the square
Alternate JVM Languages

Scala             Groovy            Clojure

Javascript(Rhino) JRuby             PHP(Quercus)

Ceylon            Kotlin            Jython




 We don’t need SDK’s for these languages , we can
 just use the Java SDK !




                           29
Scala “SDK”




     30
Groovy “SDK”




     31
SplunkJavaLogging
•       A logging framework to allow developers to as seamlessly as
        possible integrate Splunk best practice logging semantics into
        their code.
•       Custom handler/appender implementations(REST and Raw
        TCP) for the 3 most prevalent Java logging frameworks in
        play. Splunk events directly from your code.
    •     LogBack
    •     Log4j
    •     java.util.logging
•       Implementation of the SPLUNK CIM(Common Information
        Model)

                                    32
Developers just log as they are used to


                                                   Better




                                                     A-HA


2012-08-07 15:54:06:644+1200 name="Failed Login" event_id="someID" app="myapp" user="jane" somefieldname="foobar"

                                                       33
Logging Framework takes care of the Splunk
        transport , REST or Raw TCP




                    34
<barf>Typical Java Stacktraces in logs</barf>




                      35
SplunkJavaLogging is your friend




               36
Java Stacktraces in Splunk




            37
Use Splunk in dev/test => better quality
                  delivered to prod
                       Testing Tools                                             •   It’s not good enough to assert that your
                                        Splunk
                                                                                     software is production ready because the
                                       Java SDK                                      load test “doesn’t make it fall over”
 Execute Tests                                                                   •   Splunk the app’s machine data throughout
                                          REST
                                                  Perform test assertions            the lifecycle of the test
                                                                                 •   Via a Splunk SDK, enrich your test harness
             Splunk      REST% TCP
                             /%                                                      pass/fail assertions with outputs of Splunk
Your        Java SDK
                                                                    SplunkD
                                                                                     searches
App          Other       Universal%                                              •   Catch malignant code tumors that may have
             Metrics     Forwarder                                                   flown under the radar that your harness
                                                                                     alone couldn’t possibly know about.
                                                                                 •   Grinder + Java SDK + Assertions


                                                                            38
Contact Details
Always more than happy to be contacted for questions,
feedback, collaborations, ideas that will change the world etc…


Email : ddallimore@splunk.com
SplunkBase: damiend
Github: damiendallimore
Twitter : @damiendallimore
Blog : http://blogs.splunk.com/dev
Splunk Dev Platform Team : devinfo@splunk.com
                               39
Links
Gists for all code examples : https://gist.github.com/damiendallimore
Java SDK Homepage : http://dev.splunk.com/view/java-sdk/SP-CAAAECN
Java SDK Github repository : https://github.com/splunk/splunk-sdk-java
SplunkJavaLogging : https://github.com/damiendallimore/SplunkJavaLogging
Splunk Best Practice Logging : http://dev.splunk.com/view/logging-best-
practices/SP-CAAADP6
Splunk REST API :
http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents



                                 40
//Thanks for coming !
System.exit(5150);

More Related Content

What's hot

GitOps is IaC done right
GitOps is IaC done rightGitOps is IaC done right
GitOps is IaC done right
Chen Cheng-Wei
 
Splunking the JVM (Java Virtual Machine)
Splunking the JVM (Java Virtual Machine)Splunking the JVM (Java Virtual Machine)
Splunking the JVM (Java Virtual Machine)
Damien Dallimore
 
Apache Kafka 0.8 basic training - Verisign
Apache Kafka 0.8 basic training - VerisignApache Kafka 0.8 basic training - Verisign
Apache Kafka 0.8 basic training - Verisign
Michael Noll
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
Dvir Volk
 
Power of Azure Devops
Power of Azure DevopsPower of Azure Devops
Power of Azure Devops
Azure Riyadh User Group
 
ansible why ?
ansible why ?ansible why ?
ansible why ?
Yashar Esmaildokht
 
Open shift 4 infra deep dive
Open shift 4    infra deep diveOpen shift 4    infra deep dive
Open shift 4 infra deep dive
Winton Winton
 
Workflow Automation with Logic Apps
Workflow Automation with Logic AppsWorkflow Automation with Logic Apps
Workflow Automation with Logic Apps
BizTalk360
 
DevOps - Agile on Steroids by Tom Clement Oketch and Augustine Kisitu
DevOps - Agile on Steroids by Tom Clement Oketch and Augustine KisituDevOps - Agile on Steroids by Tom Clement Oketch and Augustine Kisitu
DevOps - Agile on Steroids by Tom Clement Oketch and Augustine Kisitu
Thoughtworks
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In Deep
Mydbops
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for Beginner
Shahzad Masud
 
Github in Action
Github in ActionGithub in Action
Github in Action
Morten Christensen
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
 
MSA 전략 1: 마이크로서비스, 어떻게 디자인 할 것인가?
MSA 전략 1: 마이크로서비스, 어떻게 디자인 할 것인가?MSA 전략 1: 마이크로서비스, 어떻게 디자인 할 것인가?
MSA 전략 1: 마이크로서비스, 어떻게 디자인 할 것인가?
VMware Tanzu Korea
 
Quick introduction to Kubernetes
Quick introduction to KubernetesQuick introduction to Kubernetes
Quick introduction to Kubernetes
Eduardo Garcia Moyano
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
Knoldus Inc.
 
Kakao Cloud Native Platform, 9rum
Kakao Cloud Native Platform, 9rumKakao Cloud Native Platform, 9rum
Kakao Cloud Native Platform, 9rum
if kakao
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
Amazon Web Services
 
Docker Registry V2
Docker Registry V2Docker Registry V2
Docker Registry V2
Docker, Inc.
 
Ansible
AnsibleAnsible
Ansible
Raul Leite
 

What's hot (20)

GitOps is IaC done right
GitOps is IaC done rightGitOps is IaC done right
GitOps is IaC done right
 
Splunking the JVM (Java Virtual Machine)
Splunking the JVM (Java Virtual Machine)Splunking the JVM (Java Virtual Machine)
Splunking the JVM (Java Virtual Machine)
 
Apache Kafka 0.8 basic training - Verisign
Apache Kafka 0.8 basic training - VerisignApache Kafka 0.8 basic training - Verisign
Apache Kafka 0.8 basic training - Verisign
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
 
Power of Azure Devops
Power of Azure DevopsPower of Azure Devops
Power of Azure Devops
 
ansible why ?
ansible why ?ansible why ?
ansible why ?
 
Open shift 4 infra deep dive
Open shift 4    infra deep diveOpen shift 4    infra deep dive
Open shift 4 infra deep dive
 
Workflow Automation with Logic Apps
Workflow Automation with Logic AppsWorkflow Automation with Logic Apps
Workflow Automation with Logic Apps
 
DevOps - Agile on Steroids by Tom Clement Oketch and Augustine Kisitu
DevOps - Agile on Steroids by Tom Clement Oketch and Augustine KisituDevOps - Agile on Steroids by Tom Clement Oketch and Augustine Kisitu
DevOps - Agile on Steroids by Tom Clement Oketch and Augustine Kisitu
 
eBPF - Observability In Deep
eBPF - Observability In DeepeBPF - Observability In Deep
eBPF - Observability In Deep
 
Docker Swarm for Beginner
Docker Swarm for BeginnerDocker Swarm for Beginner
Docker Swarm for Beginner
 
Github in Action
Github in ActionGithub in Action
Github in Action
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
MSA 전략 1: 마이크로서비스, 어떻게 디자인 할 것인가?
MSA 전략 1: 마이크로서비스, 어떻게 디자인 할 것인가?MSA 전략 1: 마이크로서비스, 어떻게 디자인 할 것인가?
MSA 전략 1: 마이크로서비스, 어떻게 디자인 할 것인가?
 
Quick introduction to Kubernetes
Quick introduction to KubernetesQuick introduction to Kubernetes
Quick introduction to Kubernetes
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to Ansible
 
Kakao Cloud Native Platform, 9rum
Kakao Cloud Native Platform, 9rumKakao Cloud Native Platform, 9rum
Kakao Cloud Native Platform, 9rum
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
 
Docker Registry V2
Docker Registry V2Docker Registry V2
Docker Registry V2
 
Ansible
AnsibleAnsible
Ansible
 

Viewers also liked

Splunk Application logging Best Practices
Splunk Application logging Best PracticesSplunk Application logging Best Practices
Splunk Application logging Best Practices
Greg Hanchin
 
Java sdk quickstart
Java sdk quickstartJava sdk quickstart
Java sdk quickstart
Splunk
 
Splunk Developer Platform
Splunk Developer PlatformSplunk Developer Platform
Splunk Developer Platform
Damien Dallimore
 
Splunk | Reporting Use Cases
Splunk | Reporting Use CasesSplunk | Reporting Use Cases
Splunk | Reporting Use Cases
Beth Goldman
 
SRE in Startup
SRE in StartupSRE in Startup
SRE in Startup
Ladislav Prskavec
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
Splunk
 
Making Pretty Charts in Splunk
Making Pretty Charts in SplunkMaking Pretty Charts in Splunk
Making Pretty Charts in Splunk
Splunk
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitSplunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Erin Sweeney
 
QCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoQCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT Rodeo
Damien Dallimore
 
Splunk Conf 2014 - Splunking the Java Virtual Machine
Splunk Conf 2014 - Splunking the Java Virtual MachineSplunk Conf 2014 - Splunking the Java Virtual Machine
Splunk Conf 2014 - Splunking the Java Virtual Machine
Damien Dallimore
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by Steps
Sunil Paudel
 
TXLF: Automated Deployment of OpenStack with Chef
TXLF: Automated Deployment of OpenStack with ChefTXLF: Automated Deployment of OpenStack with Chef
TXLF: Automated Deployment of OpenStack with Chef
Matt Ray
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Tripwire
 
Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)
Angelin R
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017
Splunk
 
Building a Security Information and Event Management platform at Travis Per...
 	Building a Security Information and Event Management platform at Travis Per... 	Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
Splunk
 
DevOps and Chef
DevOps and ChefDevOps and Chef
DevOps and Chef
Jonathan Hitchcock
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Patrick Chanezon
 
Why Docker
Why DockerWhy Docker
Why Docker
dotCloud
 

Viewers also liked (20)

Splunk Application logging Best Practices
Splunk Application logging Best PracticesSplunk Application logging Best Practices
Splunk Application logging Best Practices
 
Java sdk quickstart
Java sdk quickstartJava sdk quickstart
Java sdk quickstart
 
Splunk Developer Platform
Splunk Developer PlatformSplunk Developer Platform
Splunk Developer Platform
 
Splunk | Reporting Use Cases
Splunk | Reporting Use CasesSplunk | Reporting Use Cases
Splunk | Reporting Use Cases
 
SRE in Startup
SRE in StartupSRE in Startup
SRE in Startup
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
 
Making Pretty Charts in Splunk
Making Pretty Charts in SplunkMaking Pretty Charts in Splunk
Making Pretty Charts in Splunk
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitSplunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
 
QCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT RodeoQCon London 2015 - Wrangling Data at the IOT Rodeo
QCon London 2015 - Wrangling Data at the IOT Rodeo
 
Splunk Conf 2014 - Splunking the Java Virtual Machine
Splunk Conf 2014 - Splunking the Java Virtual MachineSplunk Conf 2014 - Splunking the Java Virtual Machine
Splunk Conf 2014 - Splunking the Java Virtual Machine
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by Steps
 
TXLF: Automated Deployment of OpenStack with Chef
TXLF: Automated Deployment of OpenStack with ChefTXLF: Automated Deployment of OpenStack with Chef
TXLF: Automated Deployment of OpenStack with Chef
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)Exception handling & logging in Java - Best Practices (Updated)
Exception handling & logging in Java - Best Practices (Updated)
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017
 
Building a Security Information and Event Management platform at Travis Per...
 	Building a Security Information and Event Management platform at Travis Per... 	Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
 
DevOps and Chef
DevOps and ChefDevOps and Chef
DevOps and Chef
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
 
Why Docker
Why DockerWhy Docker
Why Docker
 

Similar to Using the Splunk Java SDK

SplunkLive! Developer Breakout
SplunkLive! Developer BreakoutSplunkLive! Developer Breakout
SplunkLive! Developer Breakout
Splunk
 
SplunkLive! Developer Session
SplunkLive! Developer SessionSplunkLive! Developer Session
SplunkLive! Developer Session
Splunk
 
SplunkLive London 2014 Developer Presentation
SplunkLive London 2014  Developer PresentationSplunkLive London 2014  Developer Presentation
SplunkLive London 2014 Developer Presentation
Damien Dallimore
 
Rapid application development with spring roo j-fall 2010 - baris dere
Rapid application development with spring roo   j-fall 2010 - baris dereRapid application development with spring roo   j-fall 2010 - baris dere
Rapid application development with spring roo j-fall 2010 - baris dere
Baris Dere
 
A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3
Glenn Block
 
SplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer PlatformSplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer Platform
Splunk
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJS
Luigi Saetta
 
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...
Databricks
 
December 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over HadoopDecember 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over Hadoop
Yahoo Developer Network
 
Modern web application development with java ee 7
Modern web application development with java ee 7Modern web application development with java ee 7
Modern web application development with java ee 7
Shekhar Gulati
 
Building an intelligent big data application in 30 minutes
Building an intelligent big data application in 30 minutesBuilding an intelligent big data application in 30 minutes
Building an intelligent big data application in 30 minutes
Claudiu Barbura
 
Splunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT OperationsSplunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT Operations
Timur Bagirov
 
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston
 
Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17
Vinay Kumar
 
Expanding beyond SPL -- More language support in IBM Streams V4.1
Expanding beyond SPL -- More language support in IBM Streams V4.1Expanding beyond SPL -- More language support in IBM Streams V4.1
Expanding beyond SPL -- More language support in IBM Streams V4.1
lisanl
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
Splunk
 
Big analytics meetup - Extended Jupyter Kernel Gateway
Big analytics meetup - Extended Jupyter Kernel GatewayBig analytics meetup - Extended Jupyter Kernel Gateway
Big analytics meetup - Extended Jupyter Kernel Gateway
Luciano Resende
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gx
Damien Dallimore
 
Plantilla oracle
Plantilla oraclePlantilla oracle
Plantilla oracle
Uriel Barrales Garrido
 
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015
Christian Schneider
 

Similar to Using the Splunk Java SDK (20)

SplunkLive! Developer Breakout
SplunkLive! Developer BreakoutSplunkLive! Developer Breakout
SplunkLive! Developer Breakout
 
SplunkLive! Developer Session
SplunkLive! Developer SessionSplunkLive! Developer Session
SplunkLive! Developer Session
 
SplunkLive London 2014 Developer Presentation
SplunkLive London 2014  Developer PresentationSplunkLive London 2014  Developer Presentation
SplunkLive London 2014 Developer Presentation
 
Rapid application development with spring roo j-fall 2010 - baris dere
Rapid application development with spring roo   j-fall 2010 - baris dereRapid application development with spring roo   j-fall 2010 - baris dere
Rapid application development with spring roo j-fall 2010 - baris dere
 
A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3
 
SplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer PlatformSplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer Platform
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJS
 
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...
 
December 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over HadoopDecember 2013 HUG: Hunk - Splunk over Hadoop
December 2013 HUG: Hunk - Splunk over Hadoop
 
Modern web application development with java ee 7
Modern web application development with java ee 7Modern web application development with java ee 7
Modern web application development with java ee 7
 
Building an intelligent big data application in 30 minutes
Building an intelligent big data application in 30 minutesBuilding an intelligent big data application in 30 minutes
Building an intelligent big data application in 30 minutes
 
Splunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT OperationsSplunk in Nordstrom: IT Operations
Splunk in Nordstrom: IT Operations
 
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
 
Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17Modern application development with oracle cloud sangam17
Modern application development with oracle cloud sangam17
 
Expanding beyond SPL -- More language support in IBM Streams V4.1
Expanding beyond SPL -- More language support in IBM Streams V4.1Expanding beyond SPL -- More language support in IBM Streams V4.1
Expanding beyond SPL -- More language support in IBM Streams V4.1
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
 
Big analytics meetup - Extended Jupyter Kernel Gateway
Big analytics meetup - Extended Jupyter Kernel GatewayBig analytics meetup - Extended Jupyter Kernel Gateway
Big analytics meetup - Extended Jupyter Kernel Gateway
 
Splunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gxSplunk as a_big_data_platform_for_developers_spring_one2gx
Splunk as a_big_data_platform_for_developers_spring_one2gx
 
Plantilla oracle
Plantilla oraclePlantilla oracle
Plantilla oracle
 
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015
Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015
 

More from Damien Dallimore

Splunk Conf 2014 - Getting the message
Splunk Conf 2014 - Getting the messageSplunk Conf 2014 - Getting the message
Splunk Conf 2014 - Getting the message
Damien Dallimore
 
SpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk PresentationSpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk Presentation
Damien Dallimore
 
A Brief History Of Data
A Brief History Of DataA Brief History Of Data
A Brief History Of Data
Damien Dallimore
 
Spring Integration Splunk
Spring Integration SplunkSpring Integration Splunk
Spring Integration Splunk
Damien Dallimore
 
Splunking the JVM
Splunking the JVMSplunking the JVM
Splunking the JVM
Damien Dallimore
 
Splunk Modular Inputs / JMS Messaging Module Input
Splunk Modular Inputs / JMS Messaging Module InputSplunk Modular Inputs / JMS Messaging Module Input
Splunk Modular Inputs / JMS Messaging Module Input
Damien Dallimore
 
Splunk for JMX
Splunk for JMXSplunk for JMX
Splunk for JMX
Damien Dallimore
 
Splunk Java Agent
Splunk Java AgentSplunk Java Agent
Splunk Java Agent
Damien Dallimore
 

More from Damien Dallimore (8)

Splunk Conf 2014 - Getting the message
Splunk Conf 2014 - Getting the messageSplunk Conf 2014 - Getting the message
Splunk Conf 2014 - Getting the message
 
SpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk PresentationSpringOne2GX 2014 Splunk Presentation
SpringOne2GX 2014 Splunk Presentation
 
A Brief History Of Data
A Brief History Of DataA Brief History Of Data
A Brief History Of Data
 
Spring Integration Splunk
Spring Integration SplunkSpring Integration Splunk
Spring Integration Splunk
 
Splunking the JVM
Splunking the JVMSplunking the JVM
Splunking the JVM
 
Splunk Modular Inputs / JMS Messaging Module Input
Splunk Modular Inputs / JMS Messaging Module InputSplunk Modular Inputs / JMS Messaging Module Input
Splunk Modular Inputs / JMS Messaging Module Input
 
Splunk for JMX
Splunk for JMXSplunk for JMX
Splunk for JMX
 
Splunk Java Agent
Splunk Java AgentSplunk Java Agent
Splunk Java Agent
 

Recently uploaded

zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 

Recently uploaded (20)

zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms  calicut university B. sc Cs 4th sem.pdfdbms  calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 

Using the Splunk Java SDK

  • 1. Using the Splunk Java SDK Presented by Damien Dallimore Developer Evangelist at Splunk Copyright © 2012 Splunk Inc.
  • 2. About me • Developer Evangelist at Splunk since July 2012 • http://dev.splunk.com • http://splunk-base.splunk.com • Slides available for my “Splunking the JVM” session • Splunk Community Member • Splunk4JMX • SplunkJavaLogging • SplunkBase Answers • Splunk Architect and Administrator • Coder, hacker, architect of Enterprise Java solutions around the globe in many different industries(aviation, core banking, card payments etc…) • Yes, I do have an accent , so please restrain all your sheep, Lord of the Rings and Kim Dotcom heckles until beer o’clock  2
  • 3. Agenda • Overview of the Splunk Platform • REST API & SDKs • Java SDK overview • Code, Code, Code ! • Thinking outside the Square • Alternate JVM Languages • Making it easier for developers to log to Splunk • Splunk is not just for Production • Questions (feel free to yell out at any time also)
  • 4. Splunk & Developers Accelerate development & Machine Data SplunkUI Custom/Existing testing with proactive (Splunk Apps) Applications monitoring SDKs Search, chart and graph Save and schedule searches as alerts Integrate data from Splunk into Export search results your existing IT environment for Manage inputs and indexes Add & remove users and roles operational visibility REST APIs Quickly deliver real-time Splunkd business insights from Big Data outside of IT 4
  • 5. REST API & SDKs
  • 6. What you can do with the SDKs & API • Integrate with third-party reporting tools and portals • Log directly to Splunk • Integrate Splunk search results into your application • Extract data for archiving, compliance • Build a custom UI of your choice 6
  • 7. Splunk REST API • Exposes an API method for every feature in the product • Whatever you can do in the UI – you can do through the API. • Run searches • Manage Splunk configurations • API is RESTful • Endpoints are served by splunkd • Requests are GET, POST, and DELETE HTTP methods • Responses are Atom XML Feeds • JSON coming in 5.0 • Versioning coming in 5.0 • Search results can be output in CSV/JSON/XML 7
  • 8. Language SDKs • The SDKs make it easier for you to use the raw REST API , abstracting away much of the lower level plumbing, so you can instead just focus on developer productivity • Handling HTTP access • Authenticating • Managing namespaces • Simplifying access to REST endpoints • Building the correct URL for an endpoint • Displaying simplified output for searches • Input of data to a Splunk index • Python, Java, Javascript in beta - Supported • PHP available now! • Still study the core REST API though , if you’re anything like me you like to know what is going on under the hood 8
  • 10. Java SDK Design Principles • Provide comprehensive coverage of the REST API • Have a 1:1 mapping of endpoint to class in the SDK • Provide implementation that felt intuitive to a Java developer • Lowest common denominator for build – ANT (Any maven people out there?) • Project support for Eclipse and IntelliJ – to ease getting started 10
  • 11. Get the Java SDK setup • Open sourced under the Apache v2.0 license • Clone from Github : git clone https://github.com/splunk/splunk-sdk-java.git • Current release status is “beta” • Project level support for Eclipse and Intellij IDE’s • I use Eclipse with the eGit plugin • Pre-requisites • JRE 6+ • Ant (builds, javadoc generation) • Splunk installed • Run the unit tests and examples • Setup a “.splunkrc” file in your user’s home directory • Run an Ant build • Run examples with the command line wrappers • Run the Junit tests from Ant or within your IDE 11
  • 12. Key Java SDK Concepts • Namespaces • owner : splunk username • app : app context • sharing : user | app | global | system • Defaults to current user and default app • Service class • Instantiate an object to connect and login • Entry point for REST API calls • Client/Server state • Need to maintain state explicitly • update() : to push changes to splunkd • refresh() : to get changes from splunkd 12
  • 13. Java SDK Class Model HTTPService Resource Service ResourceCollection Entity EntityCollection Application Index Input InputCollection SavedSearchCollection • Collections use a common mechanism to create and remove entities • Entities use a common mechanism to retrieve and update property values, and access entity metadata • Service is a wrapper that facilitates access to all Splunk REST endpoints 13
  • 14. public String codeTime(){ return “Lets Rock n Roll”; }
  • 17. Logging Events via HTTP REST Uses receivers/simple endpoint Uses receivers/stream endpoint 17
  • 18. Logging Events via Raw TCP If you don’t already have a TCP port listening, simply create one via the REST API Setup Log to Splunk Teardown 18
  • 19. Searching Overview • Search query • a set of commands and functions you use to retrieve events from an index or a real-time stream , "search * | head 10". • Saved search • a search query that has been saved to be used again and can be set up to run on a regular schedule • Search job • an instance of a completed or still-running search operation.Using a search ID you can access the results of the search when they become available. Job results are saved for a period of time on the server and can be retrieved • Search Modes • Normal : asynchronous , poll job for status and results • Blocking : synchronous , a job handle is returned when search is completed • Oneshot : synchronous , no job handle is returned, results are streamed • Export : synchronous, not a search per say, doesn’t create a job, results are streamed oldest to newest Heaps more juicy examples here : http://dev.splunk.com/view/SP-CAAAEHQ 19
  • 20. Blocking Searches A Job is created No Job is created 20
  • 22. Non-Blocking Search (with Paging) • “maxresultrows” in Splunk config default 50K • Not recommended to change this • If result set > 50K , then page through results 22
  • 29. Alternate JVM Languages Scala Groovy Clojure Javascript(Rhino) JRuby PHP(Quercus) Ceylon Kotlin Jython We don’t need SDK’s for these languages , we can just use the Java SDK ! 29
  • 32. SplunkJavaLogging • A logging framework to allow developers to as seamlessly as possible integrate Splunk best practice logging semantics into their code. • Custom handler/appender implementations(REST and Raw TCP) for the 3 most prevalent Java logging frameworks in play. Splunk events directly from your code. • LogBack • Log4j • java.util.logging • Implementation of the SPLUNK CIM(Common Information Model) 32
  • 33. Developers just log as they are used to Better A-HA 2012-08-07 15:54:06:644+1200 name="Failed Login" event_id="someID" app="myapp" user="jane" somefieldname="foobar" 33
  • 34. Logging Framework takes care of the Splunk transport , REST or Raw TCP 34
  • 35. <barf>Typical Java Stacktraces in logs</barf> 35
  • 37. Java Stacktraces in Splunk 37
  • 38. Use Splunk in dev/test => better quality delivered to prod Testing Tools • It’s not good enough to assert that your Splunk software is production ready because the Java SDK load test “doesn’t make it fall over” Execute Tests • Splunk the app’s machine data throughout REST Perform test assertions the lifecycle of the test • Via a Splunk SDK, enrich your test harness Splunk REST% TCP /% pass/fail assertions with outputs of Splunk Your Java SDK SplunkD searches App Other Universal% • Catch malignant code tumors that may have Metrics Forwarder flown under the radar that your harness alone couldn’t possibly know about. • Grinder + Java SDK + Assertions 38
  • 39. Contact Details Always more than happy to be contacted for questions, feedback, collaborations, ideas that will change the world etc… Email : ddallimore@splunk.com SplunkBase: damiend Github: damiendallimore Twitter : @damiendallimore Blog : http://blogs.splunk.com/dev Splunk Dev Platform Team : devinfo@splunk.com 39
  • 40. Links Gists for all code examples : https://gist.github.com/damiendallimore Java SDK Homepage : http://dev.splunk.com/view/java-sdk/SP-CAAAECN Java SDK Github repository : https://github.com/splunk/splunk-sdk-java SplunkJavaLogging : https://github.com/damiendallimore/SplunkJavaLogging Splunk Best Practice Logging : http://dev.splunk.com/view/logging-best- practices/SP-CAAADP6 Splunk REST API : http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTcontents 40
  • 41. //Thanks for coming ! System.exit(5150);

Editor's Notes

  1. For those searches that stream the results (oneshot and export), the search results are not saved. If the stream is interrupted for any reason, the results are not recoverable without running the search again.
  2. There is code in the develop branch (which we should probably push into main before .conf) that obviates the need for job.refresh()isDone() and isReady() refresh behind your back.
  3. In order to get all events, you have to use the export endpoint. But the export endpoint has different behavior than a normal job. An export cannot be &quot;restarted&quot; when getting events if the network hiccups. A search job can just do another getResults() with the appropriate offset — this is because the export endpoint doesn&apos;t save the results like a search job does. But a search job has a limited number of events it will store on the server — which can be affected by status_buckets — but there is no way to guarantee the upper limit. With the default status_buckets we can get to 500K events. Itay and I experimented with hundreds of stratus_buckets but were only to get up to about 1M events, out of 13M available events.