|
Hi I am new to splunk. I have acquired the SDK and I am trying to run tests to see if I can query our production installation easily. I built the splunk java sdk. I am trying to test the examples namely search.jar. I am looking at the code in program.java and trying to send a search string to it. I am having no luck. I have have put the authentication username and password in the splunkrc file and this works. The search string among various I have tried is earliest=-30m sourcetype="xreGuide" 76.26.116.49 I get error SEarch expression required. Can someone please tell me how to simulate the search syntax on the command line to do a simple search. |
|
You'll need the command 'search' at the beginning, and include the search in double quotes as your program argument. The sample application assumes the first and only non-dashed argument qualifiers ("--") is passed in as the entire search string argument. So this is what you should use: Command line details below and a couple of examples. Get it working from command line and you should be fine. Something like this: ./splunk search "sourcetype=xreGuide earliest=-30m 76.26.116.49" http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CLIsearchsyntax The bottom of this page on GitHub has some examples and documentation. |
|
There is now an extensive search how-to topic posted on the dev portal. See How to search your data using the Java SDK. |
