SlideShare uma empresa Scribd logo

Splunk for Developers: Using the Java SDK

Splunk
Splunk

This document provides an overview of using Splunk for application development. It discusses using the Splunk developer platform, APIs, and SDKs to index, search, manage and visualize data in Splunk from other applications. The agenda covers assumptions, using Splunk for development, an overview of the Splunk developer platform including the REST API and SDKs for Java, JavaScript, Python, and PHP. Code samples are provided for logging events and performing searches using the Java SDK. Support resources for developers are also listed.

1 de 36
Copyright © 2012 Splunk, Inc. Splunk for Developers Paul Sanford Director, Developer Platform Jon Rooney Director, Developer Marketing
Agenda Assumptions Using Splunk for Application Development The Splunk Developer Platform Splunk By Example – the Java SDK Support and Community 2
Assumptions
You Are in This Session Because…. • You are an experienced Splunk user (search, dashboards, sourcetyping, extracting fields) • You are a developer and want to use your development skills to customize and extend your Splunk experience • You love REST and love developing with APIs • You are interested in using SDKs to index, search, manage and visualize data in Splunk • You have http://dev.splunk.com bookmarked 4
Using Splunk for Application Development
Using Splunk for Application Development Accelerate Dev & Test – Every developer should use Splunk to find and fix bugs, trace transactions in real time & build intelligence into your apps without defining a schema with semantic logging Integrate date from Splunk into other applications – Search, manage and visualize data in other applications with the REST API and SDKs for Java, Python, JavaScript and PHP Build Real-time Big Data Applications – Collection, storage, query language, visualization “out-of-the-box” – Real-time insights: clickstream analysis, IT early-warning systems, security and fraud protection 6
Splunk is Hackable! 1st Splunk Hackathon: .conf2012 • 50 hackers • 10 teams • 5 hours • 3 winners 7
What You Need • Splunk • Data • Text Editor or IDE • Documentation (dev.splunk.com) • SDKs on GitHub 8
The Splunk Developer Platform
The Splunk Platform Inputs, Apps, Other Operational Intelligence Platform Content UI SDK Content REST API User and Developer Interfaces Core Functions Core Engine Search Processing Language Indexing Collection 10
What can you do with the APIs and SDKs? Index – Log directly to Splunk (TCP, UDP, HTTP) Search – Including saved searches – Extract data from Splunk Visualize – Integrate search results with third-party reporting tools, portals and other custom applications Manage – Add/remove users and roles – Create inputs 11
The Splunk REST API Exposes an API method for every feature in the product – Whatever you can do in the UI – you can do through the API – Run searches – Manage Splunk configurations API is RESTful – Endpoints are served by splunkd – Requests are GET, POST, and DELETE HTTP methods – Responses are Atom XML Feeds – JSON coming in 5.0 – Versioning coming in 5.0 – Search results can be output in CSV/JSON/XML 12
Spring Integration Splunk Inbound Adaptor • Blocking, Non Blocking, Saved & Realtime Searches • Exporting 13
Spring Integration Splunk Outbound Adaptor • HTTP REST Input • TCP Input 14
Demos
Lap around Splunk SDKs
SDK Design Concepts • Stay true to the semantics of the particular language • E.g. Keep Python “pythonic” • Provide implementation that feels to the developer • E.g. Project, build, IDE (where applicable) support • Cover REST API endpoints based on use cases of language • E.g. Java SDK has most comprehensive coverage. JavaScript has fewer management facilities • Initially stay true to REST API semantics and abstract based on feedback • Namespaces • owner: splunk username (defaults to current user) • app: app context (defaults to default app) • sharing: user | app | global | system • Service Class • Instantiate an object to connect and login • Entry point for REST API calls 17
Java SDK • Client/Server state • Need to maintain state explicitly • update() : to push changes to splunkd • refresh() : to get changes from splunkd • Getting Started - http://dev.splunk.com/view/java-sdk/SP-CAAAECN • Open sourced under the Apache v2.0 License • Current release status is “beta” • Clone from Github : git clone https://github.com/splunk/splunk-sdk-java.git • Project level support for Eclipse and IntelliJ (git plugins available) • Pre-requisites • Splunk installed • JRE 6+ • Ant (test, build, generate javadocs) • Run the unit tests and examples • Set up a “.splunkrc” file in your user’s home directory • Ant (build, test, generate javadocs) 18
JavaScript SDK • 2 main components • Data SDK – Manage Splunk objects, input and search data etc. • UI SDK – Includes Splunk UI components like Charting and Timeline controls • Use of native JavaScript objects • Resource, Entity and Collection objects provide the necessary abstraction • Client/Server state • Need to maintain state explicitly • update() : to push changes to splunkd • fetch() : to get changes from splunkd • Getting Started - http://dev.splunk.com/view/javascript-sdk/SP-CAAAECM • Open sourced under the Apache v2.0 License • Current release status is “beta” • Clone from Github : git clone https://github.com/splunk/splunk-sdk-javascript.git • Pre-requisites • Splunk installed • Node.js for server side scripting, building and running tests and examples • Run the unit tests and examples using node. 19
Python SDK • 4 main modules • binding: Provides thin abstraction over raw HTTP. • client: Provides an abstraction layer over REST APIs. • results: Provides a Splunk specific streaming XML reader. • data: Converts Splunk’s Atom feed response into Pythonic structure – directory or list • Client/Server state • Need to maintain state explicitly • update() : to push changes to splunkd • refresh() : to get changes from splunkd • Getting Started - http://dev.splunk.com/view/python-sdk/SP-CAAAEBB • Open sourced under the Apache v2.0 License • Current release status is “beta” • Clone from Github : git clone https://github.com/splunk/splunk-sdk-python.git • Pre-requisites • Splunk installed • Python 2.6+ • easy_install or pip • Run the unit tests and examples • Set up a “.splunkrc” file in your user’s home directory 20
PHP SDK • Client/Server state • Need to maintain state explicitly • update() : to push changes to splunkd • fetch() : to get changes from splunkd • Getting Started - http://dev.splunk.com/view/php-sdk/SP-CAAAEJM • Open sourced under the Apache v2.0 License • Current release status is “preview” • Clone from Github : git clone https://github.com/splunk/splunk-sdk-php.git • Pre-requisites • Splunk installed • PHP 5.2.11+ • Web Server that supports PHP (e.g. MAMP) – for running examples • PHPUnit 3.6+ - for running the unit tests • Run the unit tests and examples • Set up a “settings.default.php” file in the examples and tests directory 21
Code Samples: Java SDK
Connecting / Authenticating 23
Namespaces 24
Logging Events via HTTP REST Uses receivers/simple endpoint Uses receivers/stream endpoint 25
Logging Events via Raw TCP If you don’t already have a TCP port listening, simply create one via the REST API Setup Log to Splunk Teardown 26
Synchronous Search 27
Asynchronous Search 28
Paginating Results • “maxresultrows” in Splunk config default 50K • Not recommended to change this • If result set > 50K , then page through results 29
Real-time Search 30
Saved Search 31
Processing CSV/JSON/XML results Results put into Hashmap 32
Support and Community
The Splunk Developer Community Splunkbase • Over 1,000 unique visitors/week to dev.spunk.com • Over 650 followers of @splunkdev 34
Where to Go for More Info Portal – http://dev.splunk.com/ GitHub – https://github.com/splunk/ Twitter – https://twitter.com/splunkdev Blog – http://blogs.splunk.com/dev/ Support 35
Thank you

Recomendados

Java sdk quickstart
Java sdk quickstartJava sdk quickstart
Java sdk quickstartSplunk
 
Using the Splunk Java SDK
Using the Splunk Java SDKUsing the Splunk Java SDK
Using the Splunk Java SDKDamien Dallimore
 
Splunking the JVM (Java Virtual Machine)
Splunking the JVM (Java Virtual Machine)Splunking the JVM (Java Virtual Machine)
Splunking the JVM (Java Virtual Machine)Damien Dallimore
 
Integrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsIntegrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsDamien Dallimore
 
Splunk Developer Platform
Splunk Developer PlatformSplunk Developer Platform
Splunk Developer PlatformDamien Dallimore
 
Spring Roo Add-On Development & Distribution
Spring Roo Add-On Development & DistributionSpring Roo Add-On Development & Distribution
Spring Roo Add-On Development & DistributionStefan Schmidt
 
Lucene/Solr 8: The Next Major Release Steve Rowe, Lucidworks
Lucene/Solr 8: The Next Major Release Steve Rowe, LucidworksLucene/Solr 8: The Next Major Release Steve Rowe, Lucidworks
Lucene/Solr 8: The Next Major Release Steve Rowe, LucidworksLucidworks
 
Boost your productivity with Scala tooling!
Boost your productivity with Scala tooling!Boost your productivity with Scala tooling!
Boost your productivity with Scala tooling!MeriamLachkar1
 

Recomendados

Java sdk quickstart
Java sdk quickstartJava sdk quickstart
Java sdk quickstartSplunk
 
Using the Splunk Java SDK
Using the Splunk Java SDKUsing the Splunk Java SDK
Using the Splunk Java SDKDamien Dallimore
 
Splunking the JVM (Java Virtual Machine)
Splunking the JVM (Java Virtual Machine)Splunking the JVM (Java Virtual Machine)
Splunking the JVM (Java Virtual Machine)Damien Dallimore
 
Integrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsIntegrating Splunk into your Spring Applications
Integrating Splunk into your Spring ApplicationsDamien Dallimore
 
Splunk Developer Platform
Splunk Developer PlatformSplunk Developer Platform
Splunk Developer PlatformDamien Dallimore
 
Spring Roo Add-On Development & Distribution
Spring Roo Add-On Development & DistributionSpring Roo Add-On Development & Distribution
Spring Roo Add-On Development & DistributionStefan Schmidt
 
Lucene/Solr 8: The Next Major Release Steve Rowe, Lucidworks
Lucene/Solr 8: The Next Major Release Steve Rowe, LucidworksLucene/Solr 8: The Next Major Release Steve Rowe, Lucidworks
Lucene/Solr 8: The Next Major Release Steve Rowe, LucidworksLucidworks
 
Boost your productivity with Scala tooling!
Boost your productivity with Scala tooling!Boost your productivity with Scala tooling!
Boost your productivity with Scala tooling!MeriamLachkar1
 
Splunk Java Agent
Splunk Java AgentSplunk Java Agent
Splunk Java AgentDamien Dallimore
 
Apache Karaf in DX 7.2 - Developers Meetup - March 2017
Apache Karaf in DX 7.2 - Developers Meetup - March 2017Apache Karaf in DX 7.2 - Developers Meetup - March 2017
Apache Karaf in DX 7.2 - Developers Meetup - March 2017Jahia Solutions Group
 
Suche mit Apache Lucene & Co.
Suche mit Apache Lucene & Co.Suche mit Apache Lucene & Co.
Suche mit Apache Lucene & Co.inovex GmbH
 
Spring Framework 3.2 - What's New
Spring Framework 3.2 - What's NewSpring Framework 3.2 - What's New
Spring Framework 3.2 - What's NewSam Brannen
 
The Usual Suspects - Red Hat Developer Day 2012-11-01
The Usual Suspects - Red Hat Developer Day 2012-11-01The Usual Suspects - Red Hat Developer Day 2012-11-01
The Usual Suspects - Red Hat Developer Day 2012-11-01Jorge Hidalgo
 
Mcroservices with docker kubernetes, goang and grpc, overview
Mcroservices with docker kubernetes, goang and grpc, overviewMcroservices with docker kubernetes, goang and grpc, overview
Mcroservices with docker kubernetes, goang and grpc, overviewFaculty of Technical Sciences, University of Novi Sad
 
AQAvit: Vitality through Testing
AQAvit: Vitality through TestingAQAvit: Vitality through Testing
AQAvit: Vitality through TestingShelley Lambert
 
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)Red Hat Developers
 
The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0
The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0
The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0Miles Sabin
 
Bee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocrBee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocrAngel Borroy López
 
Why jakarta ee matters (ConFoo 2021)
Why jakarta ee matters (ConFoo 2021)Why jakarta ee matters (ConFoo 2021)
Why jakarta ee matters (ConFoo 2021)Ryan Cuprak
 
Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)Ryan Cuprak
 
Java 9 Module System Introduction
Java 9 Module System IntroductionJava 9 Module System Introduction
Java 9 Module System IntroductionDan Stine
 
DockerCon SF 2015: A New Model for Image Distribution
DockerCon SF 2015: A New Model for Image DistributionDockerCon SF 2015: A New Model for Image Distribution
DockerCon SF 2015: A New Model for Image DistributionDocker, Inc.
 
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with SplunkSplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with SplunkGeorg Knon
 
JDK 8 and JDK 8 Updates in OpenJDK
JDK 8 and JDK 8 Updates in OpenJDKJDK 8 and JDK 8 Updates in OpenJDK
JDK 8 and JDK 8 Updates in OpenJDKWolfgang Weigend
 
Solum - OpenStack PaaS / ALM - Austin OpenStack summit
Solum - OpenStack PaaS / ALM - Austin OpenStack summitSolum - OpenStack PaaS / ALM - Austin OpenStack summit
Solum - OpenStack PaaS / ALM - Austin OpenStack summitdevkulkarni
 
Maven advanced
Maven advancedMaven advanced
Maven advancedSmita Prasad
 
Plantilla oracle
Plantilla oraclePlantilla oracle
Plantilla oracleUriel Barrales Garrido
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with GradleRyan Cuprak
 
Traducion genetica
Traducion geneticaTraducion genetica
Traducion geneticaFranco Ivan Macedo Tafur
 
Regulación de la expresión génica COMPLETA
Regulación de la expresión génica COMPLETARegulación de la expresión génica COMPLETA
Regulación de la expresión génica COMPLETAAndrea Soto
 

Mais conteúdo relacionado

Mais procurados

Apache Karaf in DX 7.2 - Developers Meetup - March 2017
Apache Karaf in DX 7.2 - Developers Meetup - March 2017Apache Karaf in DX 7.2 - Developers Meetup - March 2017
Apache Karaf in DX 7.2 - Developers Meetup - March 2017Jahia Solutions Group
 
Suche mit Apache Lucene & Co.
Suche mit Apache Lucene & Co.Suche mit Apache Lucene & Co.
Suche mit Apache Lucene & Co.inovex GmbH
 
Spring Framework 3.2 - What's New
Spring Framework 3.2 - What's NewSpring Framework 3.2 - What's New
Spring Framework 3.2 - What's NewSam Brannen
 
The Usual Suspects - Red Hat Developer Day 2012-11-01
The Usual Suspects - Red Hat Developer Day 2012-11-01The Usual Suspects - Red Hat Developer Day 2012-11-01
The Usual Suspects - Red Hat Developer Day 2012-11-01Jorge Hidalgo
 
AQAvit: Vitality through Testing
AQAvit: Vitality through TestingAQAvit: Vitality through Testing
AQAvit: Vitality through TestingShelley Lambert
 
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)Red Hat Developers
 
The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0
The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0
The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0Miles Sabin
 
Bee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocrBee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocrAngel Borroy López
 
Why jakarta ee matters (ConFoo 2021)
Why jakarta ee matters (ConFoo 2021)Why jakarta ee matters (ConFoo 2021)
Why jakarta ee matters (ConFoo 2021)Ryan Cuprak
 
Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)Ryan Cuprak
 
Java 9 Module System Introduction
Java 9 Module System IntroductionJava 9 Module System Introduction
Java 9 Module System IntroductionDan Stine
 
DockerCon SF 2015: A New Model for Image Distribution
DockerCon SF 2015: A New Model for Image DistributionDockerCon SF 2015: A New Model for Image Distribution
DockerCon SF 2015: A New Model for Image DistributionDocker, Inc.
 
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with SplunkSplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with SplunkGeorg Knon
 
JDK 8 and JDK 8 Updates in OpenJDK
JDK 8 and JDK 8 Updates in OpenJDKJDK 8 and JDK 8 Updates in OpenJDK
JDK 8 and JDK 8 Updates in OpenJDKWolfgang Weigend
 
Solum - OpenStack PaaS / ALM - Austin OpenStack summit
Solum - OpenStack PaaS / ALM - Austin OpenStack summitSolum - OpenStack PaaS / ALM - Austin OpenStack summit
Solum - OpenStack PaaS / ALM - Austin OpenStack summitdevkulkarni
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with GradleRyan Cuprak
 

Mais procurados (20)

Splunk Java Agent
Splunk Java AgentSplunk Java Agent
Splunk Java Agent
 
Apache Karaf in DX 7.2 - Developers Meetup - March 2017
Apache Karaf in DX 7.2 - Developers Meetup - March 2017Apache Karaf in DX 7.2 - Developers Meetup - March 2017
Apache Karaf in DX 7.2 - Developers Meetup - March 2017
 
Suche mit Apache Lucene & Co.
Suche mit Apache Lucene & Co.Suche mit Apache Lucene & Co.
Suche mit Apache Lucene & Co.
 
Spring Framework 3.2 - What's New
Spring Framework 3.2 - What's NewSpring Framework 3.2 - What's New
Spring Framework 3.2 - What's New
 
The Usual Suspects - Red Hat Developer Day 2012-11-01
The Usual Suspects - Red Hat Developer Day 2012-11-01The Usual Suspects - Red Hat Developer Day 2012-11-01
The Usual Suspects - Red Hat Developer Day 2012-11-01
 
Mcroservices with docker kubernetes, goang and grpc, overview
Mcroservices with docker kubernetes, goang and grpc, overviewMcroservices with docker kubernetes, goang and grpc, overview
Mcroservices with docker kubernetes, goang and grpc, overview
 
AQAvit: Vitality through Testing
AQAvit: Vitality through TestingAQAvit: Vitality through Testing
AQAvit: Vitality through Testing
 
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
Developing In Python On Red Hat Platforms (Nick Coghlan & Graham Dumpleton)
 
The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0
The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0
The Scala IDE for Eclipse - Retrospect and Prospect for 2.8.0
 
Bee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocrBee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocr
 
Why jakarta ee matters (ConFoo 2021)
Why jakarta ee matters (ConFoo 2021)Why jakarta ee matters (ConFoo 2021)
Why jakarta ee matters (ConFoo 2021)
 
Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)Exploring Java Heap Dumps (Oracle Code One 2018)
Exploring Java Heap Dumps (Oracle Code One 2018)
 
Java 9 Module System Introduction
Java 9 Module System IntroductionJava 9 Module System Introduction
Java 9 Module System Introduction
 
DockerCon SF 2015: A New Model for Image Distribution
DockerCon SF 2015: A New Model for Image DistributionDockerCon SF 2015: A New Model for Image Distribution
DockerCon SF 2015: A New Model for Image Distribution
 
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with SplunkSplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
SplunkLive! Zürich 2014 Beginner Workshop: Getting started with Splunk
 
JDK 8 and JDK 8 Updates in OpenJDK
JDK 8 and JDK 8 Updates in OpenJDKJDK 8 and JDK 8 Updates in OpenJDK
JDK 8 and JDK 8 Updates in OpenJDK
 
Solum - OpenStack PaaS / ALM - Austin OpenStack summit
Solum - OpenStack PaaS / ALM - Austin OpenStack summitSolum - OpenStack PaaS / ALM - Austin OpenStack summit
Solum - OpenStack PaaS / ALM - Austin OpenStack summit
 
Maven advanced
Maven advancedMaven advanced
Maven advanced
 
Plantilla oracle
Plantilla oraclePlantilla oracle
Plantilla oracle
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with Gradle
 

Destaque

Regulación de la expresión génica COMPLETA
Regulación de la expresión génica COMPLETARegulación de la expresión génica COMPLETA
Regulación de la expresión génica COMPLETAAndrea Soto
 
Sindrome de kabuki
Sindrome de kabukiSindrome de kabuki
Sindrome de kabukiOscar Lara
 
EpigenéTica Crescencio Perez
EpigenéTica Crescencio PerezEpigenéTica Crescencio Perez
EpigenéTica Crescencio PerezCrescencio Perez
 

Destaque (7)

Traducion genetica
Traducion geneticaTraducion genetica
Traducion genetica
 
Regulación de la expresión génica COMPLETA
Regulación de la expresión génica COMPLETARegulación de la expresión génica COMPLETA
Regulación de la expresión génica COMPLETA
 
Sindrome de kabuki
Sindrome de kabukiSindrome de kabuki
Sindrome de kabuki
 
Epigenética 1.2
Epigenética 1.2Epigenética 1.2
Epigenética 1.2
 
IMPRONTA GENOMICA
IMPRONTA GENOMICAIMPRONTA GENOMICA
IMPRONTA GENOMICA
 
Epigenetica
EpigeneticaEpigenetica
Epigenetica
 
EpigenéTica Crescencio Perez
EpigenéTica Crescencio PerezEpigenéTica Crescencio Perez
EpigenéTica Crescencio Perez
 

Semelhante a Splunk for Developers: Using the Java SDK

SplunkLive! Developer Session
SplunkLive! Developer SessionSplunkLive! Developer Session
SplunkLive! Developer SessionSplunk
 
SplunkLive London 2014 Developer Presentation
SplunkLive London 2014 Developer PresentationSplunkLive London 2014 Developer Presentation
SplunkLive London 2014 Developer PresentationDamien Dallimore
 
A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3Glenn Block
 
SplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer PlatformSplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer PlatformSplunk
 
Rapid application development with spring roo j-fall 2010 - baris dere
Rapid application development with spring roo j-fall 2010 - baris dereRapid application development with spring roo j-fall 2010 - baris dere
Rapid application development with spring roo j-fall 2010 - baris dereBaris Dere
 
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...Databricks
 
Monitor Apache Spark 3 on Kubernetes using Metrics and Plugins
Monitor Apache Spark 3 on Kubernetes using Metrics and PluginsMonitor Apache Spark 3 on Kubernetes using Metrics and Plugins
Monitor Apache Spark 3 on Kubernetes using Metrics and PluginsDatabricks
 
[Spark Summit 2017 NA] Apache Spark on Kubernetes
[Spark Summit 2017 NA] Apache Spark on Kubernetes[Spark Summit 2017 NA] Apache Spark on Kubernetes
[Spark Summit 2017 NA] Apache Spark on KubernetesTimothy Chen
 
Big analytics meetup - Extended Jupyter Kernel Gateway
Big analytics meetup - Extended Jupyter Kernel GatewayBig analytics meetup - Extended Jupyter Kernel Gateway
Big analytics meetup - Extended Jupyter Kernel GatewayLuciano Resende
 
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...DevOpsDays Houston
 
DevOps of Python applications using OpenShift (Italian version)
DevOps of Python applications using OpenShift (Italian version)DevOps of Python applications using OpenShift (Italian version)
DevOps of Python applications using OpenShift (Italian version)Francesco Fiore
 
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim ChenApache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim ChenDatabricks
 
Liberate your Application Logging
Liberate your Application LoggingLiberate your Application Logging
Liberate your Application LoggingGlenn Block
 
Apache Spark™ + IBM Watson + Twitter DataPalooza SF 2015
Apache Spark™ + IBM Watson + Twitter DataPalooza SF 2015Apache Spark™ + IBM Watson + Twitter DataPalooza SF 2015
Apache Spark™ + IBM Watson + Twitter DataPalooza SF 2015Mike Broberg
 
Deploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM Bluemix
Deploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM BluemixDeploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM Bluemix
Deploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM BluemixArthur De Magalhaes
 
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a... The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...Big Data Spain
 
What’s new in Apache Spark 2.3
What’s new in Apache Spark 2.3What’s new in Apache Spark 2.3
What’s new in Apache Spark 2.3DataWorks Summit
 
Building machine learning applications locally with Spark — Joel Pinho Lucas ...
Building machine learning applications locally with Spark — Joel Pinho Lucas ...Building machine learning applications locally with Spark — Joel Pinho Lucas ...
Building machine learning applications locally with Spark — Joel Pinho Lucas ...PAPIs.io
 
Building machine learning applications locally with spark
Building machine learning applications locally with sparkBuilding machine learning applications locally with spark
Building machine learning applications locally with sparkJoel Pinho Lucas
 
7-Step Recipe For Continuous Integration Using OpenStack - Part 2
7-Step Recipe For Continuous Integration Using OpenStack - Part 27-Step Recipe For Continuous Integration Using OpenStack - Part 2
7-Step Recipe For Continuous Integration Using OpenStack - Part 2Platform9
 

Semelhante a Splunk for Developers: Using the Java SDK (20)

SplunkLive! Developer Session
SplunkLive! Developer SessionSplunkLive! Developer Session
SplunkLive! Developer Session
 
SplunkLive London 2014 Developer Presentation
SplunkLive London 2014 Developer PresentationSplunkLive London 2014 Developer Presentation
SplunkLive London 2014 Developer Presentation
 
A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3A Lap Around Developer Awesomeness in Splunk 6.3
A Lap Around Developer Awesomeness in Splunk 6.3
 
SplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer PlatformSplunkLive! Introduction to the Splunk Developer Platform
SplunkLive! Introduction to the Splunk Developer Platform
 
Rapid application development with spring roo j-fall 2010 - baris dere
Rapid application development with spring roo j-fall 2010 - baris dereRapid application development with spring roo j-fall 2010 - baris dere
Rapid application development with spring roo j-fall 2010 - baris dere
 
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...
SparkOscope: Enabling Apache Spark Optimization through Cross Stack Monitorin...
 
Monitor Apache Spark 3 on Kubernetes using Metrics and Plugins
Monitor Apache Spark 3 on Kubernetes using Metrics and PluginsMonitor Apache Spark 3 on Kubernetes using Metrics and Plugins
Monitor Apache Spark 3 on Kubernetes using Metrics and Plugins
 
[Spark Summit 2017 NA] Apache Spark on Kubernetes
[Spark Summit 2017 NA] Apache Spark on Kubernetes[Spark Summit 2017 NA] Apache Spark on Kubernetes
[Spark Summit 2017 NA] Apache Spark on Kubernetes
 
Big analytics meetup - Extended Jupyter Kernel Gateway
Big analytics meetup - Extended Jupyter Kernel GatewayBig analytics meetup - Extended Jupyter Kernel Gateway
Big analytics meetup - Extended Jupyter Kernel Gateway
 
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
DevOpsDays Houston 2019 - Shaun Ladewig, Robert Stone - From OverTheWallOps t...
 
DevOps of Python applications using OpenShift (Italian version)
DevOps of Python applications using OpenShift (Italian version)DevOps of Python applications using OpenShift (Italian version)
DevOps of Python applications using OpenShift (Italian version)
 
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim ChenApache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
Apache Spark on Kubernetes Anirudh Ramanathan and Tim Chen
 
Liberate your Application Logging
Liberate your Application LoggingLiberate your Application Logging
Liberate your Application Logging
 
Apache Spark™ + IBM Watson + Twitter DataPalooza SF 2015
Apache Spark™ + IBM Watson + Twitter DataPalooza SF 2015Apache Spark™ + IBM Watson + Twitter DataPalooza SF 2015
Apache Spark™ + IBM Watson + Twitter DataPalooza SF 2015
 
Deploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM Bluemix
Deploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM BluemixDeploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM Bluemix
Deploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM Bluemix
 
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a... The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
The Analytic Platform behind IBM’s Watson Data Platform by Luciano Resende a...
 
What’s new in Apache Spark 2.3
What’s new in Apache Spark 2.3What’s new in Apache Spark 2.3
What’s new in Apache Spark 2.3
 
Building machine learning applications locally with Spark — Joel Pinho Lucas ...
Building machine learning applications locally with Spark — Joel Pinho Lucas ...Building machine learning applications locally with Spark — Joel Pinho Lucas ...
Building machine learning applications locally with Spark — Joel Pinho Lucas ...
 
Building machine learning applications locally with spark
Building machine learning applications locally with sparkBuilding machine learning applications locally with spark
Building machine learning applications locally with spark
 
7-Step Recipe For Continuous Integration Using OpenStack - Part 2
7-Step Recipe For Continuous Integration Using OpenStack - Part 27-Step Recipe For Continuous Integration Using OpenStack - Part 2
7-Step Recipe For Continuous Integration Using OpenStack - Part 2
 

Mais de Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

Mais de Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Splunk for Developers: Using the Java SDK

  • 1. Copyright © 2012 Splunk, Inc. Splunk for Developers Paul Sanford Director, Developer Platform Jon Rooney Director, Developer Marketing
  • 2. Agenda Assumptions Using Splunk for Application Development The Splunk Developer Platform Splunk By Example – the Java SDK Support and Community 2
  • 4. You Are in This Session Because…. • You are an experienced Splunk user (search, dashboards, sourcetyping, extracting fields) • You are a developer and want to use your development skills to customize and extend your Splunk experience • You love REST and love developing with APIs • You are interested in using SDKs to index, search, manage and visualize data in Splunk • You have http://dev.splunk.com bookmarked 4
  • 6. Using Splunk for Application Development Accelerate Dev & Test – Every developer should use Splunk to find and fix bugs, trace transactions in real time & build intelligence into your apps without defining a schema with semantic logging Integrate date from Splunk into other applications – Search, manage and visualize data in other applications with the REST API and SDKs for Java, Python, JavaScript and PHP Build Real-time Big Data Applications – Collection, storage, query language, visualization “out-of-the-box” – Real-time insights: clickstream analysis, IT early-warning systems, security and fraud protection 6
  • 7. Splunk is Hackable! 1st Splunk Hackathon: .conf2012 • 50 hackers • 10 teams • 5 hours • 3 winners 7
  • 8. What You Need • Splunk • Data • Text Editor or IDE • Documentation (dev.splunk.com) • SDKs on GitHub 8
  • 10. The Splunk Platform Inputs, Apps, Other Operational Intelligence Platform Content UI SDK Content REST API User and Developer Interfaces Core Functions Core Engine Search Processing Language Indexing Collection 10
  • 11. What can you do with the APIs and SDKs? Index – Log directly to Splunk (TCP, UDP, HTTP) Search – Including saved searches – Extract data from Splunk Visualize – Integrate search results with third-party reporting tools, portals and other custom applications Manage – Add/remove users and roles – Create inputs 11
  • 12. The Splunk REST API Exposes an API method for every feature in the product – Whatever you can do in the UI – you can do through the API – Run searches – Manage Splunk configurations API is RESTful – Endpoints are served by splunkd – Requests are GET, POST, and DELETE HTTP methods – Responses are Atom XML Feeds – JSON coming in 5.0 – Versioning coming in 5.0 – Search results can be output in CSV/JSON/XML 12
  • 13. Spring Integration Splunk Inbound Adaptor • Blocking, Non Blocking, Saved & Realtime Searches • Exporting 13
  • 14. Spring Integration Splunk Outbound Adaptor • HTTP REST Input • TCP Input 14
  • 15. Demos
  • 17. SDK Design Concepts • Stay true to the semantics of the particular language • E.g. Keep Python “pythonic” • Provide implementation that feels to the developer • E.g. Project, build, IDE (where applicable) support • Cover REST API endpoints based on use cases of language • E.g. Java SDK has most comprehensive coverage. JavaScript has fewer management facilities • Initially stay true to REST API semantics and abstract based on feedback • Namespaces • owner: splunk username (defaults to current user) • app: app context (defaults to default app) • sharing: user | app | global | system • Service Class • Instantiate an object to connect and login • Entry point for REST API calls 17
  • 18. Java SDK • Client/Server state • Need to maintain state explicitly • update() : to push changes to splunkd • refresh() : to get changes from splunkd • Getting Started - http://dev.splunk.com/view/java-sdk/SP-CAAAECN • Open sourced under the Apache v2.0 License • Current release status is “beta” • Clone from Github : git clone https://github.com/splunk/splunk-sdk-java.git • Project level support for Eclipse and IntelliJ (git plugins available) • Pre-requisites • Splunk installed • JRE 6+ • Ant (test, build, generate javadocs) • Run the unit tests and examples • Set up a “.splunkrc” file in your user’s home directory • Ant (build, test, generate javadocs) 18
  • 19. JavaScript SDK • 2 main components • Data SDK – Manage Splunk objects, input and search data etc. • UI SDK – Includes Splunk UI components like Charting and Timeline controls • Use of native JavaScript objects • Resource, Entity and Collection objects provide the necessary abstraction • Client/Server state • Need to maintain state explicitly • update() : to push changes to splunkd • fetch() : to get changes from splunkd • Getting Started - http://dev.splunk.com/view/javascript-sdk/SP-CAAAECM • Open sourced under the Apache v2.0 License • Current release status is “beta” • Clone from Github : git clone https://github.com/splunk/splunk-sdk-javascript.git • Pre-requisites • Splunk installed • Node.js for server side scripting, building and running tests and examples • Run the unit tests and examples using node. 19
  • 20. Python SDK • 4 main modules • binding: Provides thin abstraction over raw HTTP. • client: Provides an abstraction layer over REST APIs. • results: Provides a Splunk specific streaming XML reader. • data: Converts Splunk’s Atom feed response into Pythonic structure – directory or list • Client/Server state • Need to maintain state explicitly • update() : to push changes to splunkd • refresh() : to get changes from splunkd • Getting Started - http://dev.splunk.com/view/python-sdk/SP-CAAAEBB • Open sourced under the Apache v2.0 License • Current release status is “beta” • Clone from Github : git clone https://github.com/splunk/splunk-sdk-python.git • Pre-requisites • Splunk installed • Python 2.6+ • easy_install or pip • Run the unit tests and examples • Set up a “.splunkrc” file in your user’s home directory 20
  • 21. PHP SDK • Client/Server state • Need to maintain state explicitly • update() : to push changes to splunkd • fetch() : to get changes from splunkd • Getting Started - http://dev.splunk.com/view/php-sdk/SP-CAAAEJM • Open sourced under the Apache v2.0 License • Current release status is “preview” • Clone from Github : git clone https://github.com/splunk/splunk-sdk-php.git • Pre-requisites • Splunk installed • PHP 5.2.11+ • Web Server that supports PHP (e.g. MAMP) – for running examples • PHPUnit 3.6+ - for running the unit tests • Run the unit tests and examples • Set up a “settings.default.php” file in the examples and tests directory 21
  • 25. Logging Events via HTTP REST Uses receivers/simple endpoint Uses receivers/stream endpoint 25
  • 26. Logging Events via Raw TCP If you don’t already have a TCP port listening, simply create one via the REST API Setup Log to Splunk Teardown 26
  • 29. Paginating Results • “maxresultrows” in Splunk config default 50K • Not recommended to change this • If result set > 50K , then page through results 29
  • 32. Processing CSV/JSON/XML results Results put into Hashmap 32
  • 34. The Splunk Developer Community Splunkbase • Over 1,000 unique visitors/week to dev.spunk.com • Over 650 followers of @splunkdev 34
  • 35. Where to Go for More Info Portal – http://dev.splunk.com/ GitHub – https://github.com/splunk/ Twitter – https://twitter.com/splunkdev Blog – http://blogs.splunk.com/dev/ Support 35

Notas do Editor

  1. We’re extending Splunk so it’s easier for your to leverage it’s capabilities using technologies you’re familiar with. We’re delivering SDKs on top of our REST API to help you integrate Splunk data with other applications. Splunk is a fully-integrated platform that delivers rapid “time-to-value” to developers. Many of our customers are building robust applications on Splunk today that deliver real-time business insights like clickstream analysis, IT early-warning systems, security and fraud protection at a scale that their businesses demand.
  2. Whatdoes this platform look like?The platform consists of 2 layer:A core engine and an interface layerOn top of the platform you can’t run a broad spectrum of content that supports use casesUse cases range from application mgmt. and IT operations, to ES and PCI compliance, to web analyticsThe core engine provides the basic services for real time data input, indexing and search as well alerting, large scale distributed processing and role based accessThe Interface layer consist of the basic UI for search, reporting and visualization– it contains developer interfaces, the REST API and SDKsThe SDKs provide a convenient access to core engine services in a variety of programing language environments. These programmatic interfaces allow you to eithe:r:extend Splunkintegrate Splunk with other applicationsbuild completely new applications from scratch that require OI or analytical services that Splunk provides
  3. There is code in the develop branch (which we should probably push into main before .conf) that obviates the need for job.refresh()isDone() and isReady() refresh behind your back.
  4. In order to get all events, you have to use the export endpoint. But the export endpoint has different behavior than a normal job. An export cannot be "restarted" when getting events if the network hiccups. A search job can just do another getResults() with the appropriate offset — this is because the export endpoint doesn't save the results like a search job does. But a search job has a limited number of events it will store on the server — which can be affected by status_buckets — but there is no way to guarantee the upper limit. With the default status_buckets we can get to 500K events. Itay and I experimented with hundreds of stratus_buckets but were only to get up to about 1M events, out of 13M available events.