Description

This sample demonstrates working with the splunkjs.Service.Applications collection and splunkjs.Service.Application entity. It will list all the apps, and for each one print its name. The only difference between the two files is that the latter uses the built-in splunkjs.Async module to make asynchronous control-flow easier.

Code

var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
    username: username,
    password: password,
    scheme: scheme,
    host: host,
    port: port,
    version: version
});

// First, we log in
service.login(function(err, success) {
    // We check for both errors in the connection as well
    // as if the login itself failed.
    if (err || !success) {
        console.log("Error in logging in");
        done(err || "Login failed");
        return;
    } 
    
    // Now that we're logged in, let's get a listing of all the apps.
    service.apps().fetch(function(err, apps) {
        if (err) {
            console.log("There was an error retrieving the list of applications:", err);
            done(err);
            return;
        }
        
        var appsList = apps.list();
        console.log("Applications:");
        for(var i = 0; i < appsList.length; i++) {
            var app = appsList[i];
            console.log("  App " + i + ": " + app.name);
        } 
        
        done();
    });
});
                
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
    username: username,
    password: password,
    scheme: scheme,
    host: host,
    port: port,
    version: version
});

Async.chain([
        // First, we log in
        function(done) {
            service.login(done);
        },
        // Retrieve the apps
        function(success, done) {
            if (!success) {
                done("Error logging in");
            }
            
            service.apps().fetch(done);
        },
        // Print them out
        function(apps, done) {     
            var appsList = apps.list();       
            console.log("Applications:");
            for(var i = 0; i < appsList.length; i++) {
                var app = appsList[i];
                console.log("  App " + i + ": " + app.name);
            } 
            done();
        }
    ],
    function(err) {
        callback(err);        
    }
);
                
                

Description

This sample demonstrates working with the splunkjs.Service.SavedSearches collection and splunkjs.Service.SavedSearch entity. It will list all the saved searches, and for each one print its name and the search query associated with it. The only difference between the two files is that the latter uses the built-in splunkjs.Async module to make asynchronous control-flow easier.

Code

var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
    username: username,
    password: password,
    scheme: scheme,
    host: host,
    port: port,
    version: version
});

// First, we log in
service.login(function(err, success) {
    // We check for both errors in the connection as well
    // as if the login itself failed.
    if (err || !success) {
        console.log("Error in logging in");
        done(err || "Login failed");
        return;
    } 
    
    // Now that we're logged in, let's get a listing of all the saved searches.
    service.savedSearches().fetch(function(err, searches) {
        if (err) {
            console.log("There was an error retrieving the list of saved searches:", err);
            done(err);
            return;
        }
        
        var searchList = searches.list();
        console.log("Saved searches:");
        for(var i = 0; i < searchList.length; i++) {
            var search = searchList[i];
            console.log("  Search " + i + ": " + search.name);
            console.log("    " + search.properties().search);
        } 
        
        done();
    });
});
                
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
    username: username,
    password: password,
    scheme: scheme,
    host: host,
    port: port,
    version: version
});

Async.chain([
        // First, we log in
        function(done) {
            service.login(done);
        },
        // Retrieve the saved searches
        function(success, done) {
            if (!success) {
                done("Error logging in");
            }
            
            service.savedSearches().fetch(done);
        },
        // Print them out
        function(searches, done) {
            var searchList = searches.list();
            console.log("Saved searches:");
            for(var i = 0; i < searchList.length; i++) {
                var search = searchList[i];
                console.log("  Search " + i + ": " + search.name);
                console.log("    " + search.properties().search);
            } 
            
            done();
        }
    ],
    function(err) {
        callback(err);        
    }
);
                
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
    username: username,
    password: password,
    scheme: scheme,
    host: host,
    port: port,
    version: version
});

// First, we log in
service.login(function(err, success) {
    // We check for both errors in the connection as well
    // as if the login itself failed.
    if (err || !success) {
        console.log("Error in logging in");
        done(err || "Login failed");
        return;
    } 
    
    var savedSearchOptions = {
        name: "My Awesome Saved Search",
        search: "index=_internal error sourcetype=splunkd* | head 10"
    };
    
    // Now that we're logged in, Let's create a saved search
    service.savedSearches().create(savedSearchOptions, function(err, savedSearch) {
        if (err && err.status === 409) {
            console.log("ERROR: A saved search with the name '" + savedSearchOptions.name + "' already exists")
            done();
            return;
        }
        else if (err) {
            console.log("There was an error creating the saved search:", err);
            done(err);
            return;
        }
        
        console.log("Created saved search: " + savedSearch.name);            
        done();
    });
});
                
var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
    username: username,
    password: password,
    scheme: scheme,
    host: host,
    port: port,
    version: version
});

// First, we log in
service.login(function(err, success) {
    // We check for both errors in the connection as well
    // as if the login itself failed.
    if (err || !success) {
        console.log("Error in logging in");
        done(err || "Login failed");
        return;
    } 
    
    var name = "My Awesome Saved Search";
    
    // Now that we're logged in, Let's create a saved search
    service.savedSearches().fetch(function(err, savedSearches) {
        if (err) {
            console.log("There was an error in fetching the saved searches");
            done(err);
            return;
        } 
        
        var savedSearchToDelete = savedSearches.item(name);
        if (!savedSearchToDelete) {
            console.log("Can't delete '" + name + "' because it doesn't exist!");
            done();
        }
        else {                
            savedSearchToDelete.remove();
            console.log("Deleted saved search: " + name + "")
            done();
        }
    });
});
                
                

Description

This example shows how to work with realtime searches. It will execute a realtime search that will collect statistics about all events from “now” to infinity (as noted by the use of earliest_time=rt and latest_time=rt).

Once the job is created, it will poll the results every second, and print them out.

Since a realtime search is never “done”, we only iterate for 5 times before we terminate the loop.

Code

var http = new splunkjs.ProxyHttp("/proxy");
var service = new splunkjs.Service(http, {
    username: username,
    password: password,
    scheme: scheme,
    host: host,
    port: port,
    version: version
});

Async.chain([
        // First, we log in
        function(done) {
            service.login(done);
        },
        // Perform the search
        function(success, done) {
            if (!success) {
                done("Error logging in");
            }
            
            service.search(
                "search index=_internal | stats count by sourcetype", 
                {earliest_time: "rt", latest_time: "rt"}, 
                done);
        },
        // The search is never going to be done, so we simply poll it every second to get
        // more results
        function(job, done) {
            var MAX_COUNT = 5;
            var count = 0;
            
            Async.whilst(
                // Loop for N times
                function() { return MAX_COUNT > count; },
                // Every second, ask for preview results
                function(iterationDone) {
                    Async.sleep(1000, function() {
                        job.preview({}, function(err, results) {
                            if (err) {
                                iterationDone(err);
                                return;
                            }
                            
                            // Only do something if we have results
                            if (results.rows) {                                    
                                // Up the iteration counter
                                count++;
                                
                                console.log("========== Iteration " + count + " ==========");
                                var sourcetypeIndex = utils.indexOf(results.fields, "sourcetype");
                                var countIndex      = utils.indexOf(results.fields, "count");
                                
                                for(var i = 0; i < results.rows.length; i++) {
                                    var row = results.rows[i];
                                    
                                    // This is a hacky "padding" solution
                                    var stat = ("  " + row[sourcetypeIndex] + "                         ").slice(0, 30);
                                    
                                    // Print out the sourcetype and the count of the sourcetype so far
                                    console.log(stat + row[countIndex]);   
                                }
                                
                                console.log("=================================");
                            }
                                
                            // And we're done with this iteration
                            iterationDone();
                        });
                    });
                },
                // When we're done looping, just cancel the job
                function(err) {
                    job.cancel(done);
                }
            );
        }
    ],
    function(err) {
        callback(err);        
    }
);