Re: Running realtime search using the java sdk

preben12 · ‎11-24-2013

Hi

When using the realtime api to search is have noticed that unless you do a extra Thread.Sleep(xxx);
after the job.isReady loop you get an empty stream.

I use the com.splunk.examples.search_realtime.Program as an example.
.....

while (!job.isReady()) {
    try {
        Thread.sleep(100);
    } catch (InterruptedException e) {
        // You shouldn't ever get here.
    }
}
// extra sleep to make sure Splunk returns a event stream.
try {
    Thread.sleep(2000);
} catch (InterruptedException e1) {
}

In another process I continuously ingest tweet events into an index, but they are not showing up when running the Program unless the extra Thread.sleep for some secs.

I'm using the latest 1.2.1.0 sdk to test. and Splunk 6 + max osx

Damien_Dallimor · ‎11-24-2013

Try this : https://gist.github.com/damiendallimore/6363236

preben12 · ‎11-25-2013

Hi Damien
That looks doable, but with a couple of pitfalls since loops that contain Thread.sleeps have to be guarded by the possibility to break the loop when you want to stop the search thread from outside.

Somehow I feel that the SDK should take care of this eg. by fixing the isReady method so it returns when the stream is ready (there is at least 1 preview event, or there is no events in the current time window).

Running realtime search using the java sdk

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk