This sample demonstrates working with the splunkjs.Service.Applications
collection
and splunkjs.Service.Application
entity. It will list all the apps, and for each
one print its name.
The only difference between the two files is that the latter uses the built-in
splunkjs.Async
module to make asynchronous control-flow easier.
var http = new splunkjs.ProxyHttp("/proxy"); var service = new splunkjs.Service(http, { username: username, password: password, scheme: scheme, host: host, port: port, version: version }); // First, we log in service.login(function(err, success) { // We check for both errors in the connection as well // as if the login itself failed. if (err || !success) { console.log("Error in logging in"); done(err || "Login failed"); return; } // Now that we're logged in, let's get a listing of all the apps. service.apps().fetch(function(err, apps) { if (err) { console.log("There was an error retrieving the list of applications:", err); done(err); return; } var appsList = apps.list(); console.log("Applications:"); for(var i = 0; i < appsList.length; i++) { var app = appsList[i]; console.log(" App " + i + ": " + app.name); } done(); }); });
var http = new splunkjs.ProxyHttp("/proxy"); var service = new splunkjs.Service(http, { username: username, password: password, scheme: scheme, host: host, port: port, version: version }); Async.chain([ // First, we log in function(done) { service.login(done); }, // Retrieve the apps function(success, done) { if (!success) { done("Error logging in"); } service.apps().fetch(done); }, // Print them out function(apps, done) { var appsList = apps.list(); console.log("Applications:"); for(var i = 0; i < appsList.length; i++) { var app = appsList[i]; console.log(" App " + i + ": " + app.name); } done(); } ], function(err) { callback(err); } );
This sample demonstrates working with the splunkjs.Service.SavedSearches
collection
and splunkjs.Service.SavedSearch
entity. It will list all the saved searches, and
for each one print its name and the search query associated with it.
The only difference between the two files is that the latter uses the built-in
splunkjs.Async
module to make asynchronous control-flow easier.
var http = new splunkjs.ProxyHttp("/proxy"); var service = new splunkjs.Service(http, { username: username, password: password, scheme: scheme, host: host, port: port, version: version }); // First, we log in service.login(function(err, success) { // We check for both errors in the connection as well // as if the login itself failed. if (err || !success) { console.log("Error in logging in"); done(err || "Login failed"); return; } // Now that we're logged in, let's get a listing of all the saved searches. service.savedSearches().fetch(function(err, searches) { if (err) { console.log("There was an error retrieving the list of saved searches:", err); done(err); return; } var searchList = searches.list(); console.log("Saved searches:"); for(var i = 0; i < searchList.length; i++) { var search = searchList[i]; console.log(" Search " + i + ": " + search.name); console.log(" " + search.properties().search); } done(); }); });
var http = new splunkjs.ProxyHttp("/proxy"); var service = new splunkjs.Service(http, { username: username, password: password, scheme: scheme, host: host, port: port, version: version }); Async.chain([ // First, we log in function(done) { service.login(done); }, // Retrieve the saved searches function(success, done) { if (!success) { done("Error logging in"); } service.savedSearches().fetch(done); }, // Print them out function(searches, done) { var searchList = searches.list(); console.log("Saved searches:"); for(var i = 0; i < searchList.length; i++) { var search = searchList[i]; console.log(" Search " + i + ": " + search.name); console.log(" " + search.properties().search); } done(); } ], function(err) { callback(err); } );
var http = new splunkjs.ProxyHttp("/proxy"); var service = new splunkjs.Service(http, { username: username, password: password, scheme: scheme, host: host, port: port, version: version }); // First, we log in service.login(function(err, success) { // We check for both errors in the connection as well // as if the login itself failed. if (err || !success) { console.log("Error in logging in"); done(err || "Login failed"); return; } var savedSearchOptions = { name: "My Awesome Saved Search", search: "index=_internal error sourcetype=splunkd* | head 10" }; // Now that we're logged in, Let's create a saved search service.savedSearches().create(savedSearchOptions, function(err, savedSearch) { if (err && err.status === 409) { console.log("ERROR: A saved search with the name '" + savedSearchOptions.name + "' already exists") done(); return; } else if (err) { console.log("There was an error creating the saved search:", err); done(err); return; } console.log("Created saved search: " + savedSearch.name); done(); }); });
var http = new splunkjs.ProxyHttp("/proxy"); var service = new splunkjs.Service(http, { username: username, password: password, scheme: scheme, host: host, port: port, version: version }); // First, we log in service.login(function(err, success) { // We check for both errors in the connection as well // as if the login itself failed. if (err || !success) { console.log("Error in logging in"); done(err || "Login failed"); return; } var name = "My Awesome Saved Search"; // Now that we're logged in, Let's create a saved search service.savedSearches().fetch(function(err, savedSearches) { if (err) { console.log("There was an error in fetching the saved searches"); done(err); return; } var savedSearchToDelete = savedSearches.item(name); if (!savedSearchToDelete) { console.log("Can't delete '" + name + "' because it doesn't exist!"); done(); } else { savedSearchToDelete.remove(); console.log("Deleted saved search: " + name + "") done(); } }); });
This example demonstrates running searches on Splunk using the SDK. It will run the search, print out progress (if available), search statistics (if available), and finally, print out the search results (including some key-value fields).
This example goes over the possible search types:
normal: execute a search with exec_mode=normal
, wait until the job is done, and then print out job statistics and the search results.
blocking: execute a search with exec_mode=blocking
, which will not return from the REST call until the job is done. Once it is done, it will print out job statistics and the search results.
oneshot: execute a search with exec_mode=oneshot
, which will not return the REST call until the job is done, and then it will simply return the search results, rather than the search job ID. Once it is done, we print out the results.
var http = new splunkjs.ProxyHttp("/proxy"); var service = new splunkjs.Service(http, { username: username, password: password, scheme: scheme, host: host, port: port, version: version }); Async.chain([ // First, we log in function(done) { service.login(done); }, // Perform the search function(success, done) { if (!success) { done("Error logging in"); } service.search("search index=_internal | head 3", {}, done); }, // Wait until the job is done function(job, done) { Async.whilst( // Loop until it is done function() { return !job.properties().isDone; }, // Refresh the job on every iteration, but sleep for 1 second function(iterationDone) { Async.sleep(1000, function() { // Refresh the job and note how many events we've looked at so far job.fetch(function(err) { console.log("-- fetching, " + (job.properties().eventCount || 0) + " events so far"); iterationDone(); }); }); }, // When we're done, just pass the job forward function(err) { console.log("-- job done --"); done(err, job); } ); }, // Print out the statistics and get the results function(job, done) { // Print out the statics console.log("Job Statistics: "); console.log(" Event Count: " + job.properties().eventCount); console.log(" Disk Usage: " + job.properties().diskUsage + " bytes"); console.log(" Priority: " + job.properties().priority); // Ask the server for the results job.results({}, done); }, // Print the raw results out function(results, job, done) { // Find the index of the fields we want var rawIndex = utils.indexOf(results.fields, "_raw"); var sourcetypeIndex = utils.indexOf(results.fields, "sourcetype"); var userIndex = utils.indexOf(results.fields, "user"); // Print out each result and the key-value pairs we want console.log("Results: "); for(var i = 0; i < results.rows.length; i++) { console.log(" Result " + i + ": "); console.log(" sourcetype: " + results.rows[i][sourcetypeIndex]); console.log(" user: " + results.rows[i][userIndex]); console.log(" _raw: " + results.rows[i][rawIndex]); } // Once we're done, cancel the job. job.cancel(done); } ], function(err) { callback(err); } );
var http = new splunkjs.ProxyHttp("/proxy"); var service = new splunkjs.Service(http, { username: username, password: password, scheme: scheme, host: host, port: port, version: version }); Async.chain([ // First, we log in function(done) { service.login(done); }, // Perform the search function(success, done) { if (!success) { done("Error logging in"); } service.search("search index=_internal | head 3", {exec_mode: "blocking"}, done); }, // The job is done, but let's some statistics from the server. function(job, done) { job.fetch(done); }, // Print out the statistics and get the results function(job, done) { // Print out the statics console.log("Job Statistics: "); console.log(" Event Count: " + job.properties().eventCount); console.log(" Disk Usage: " + job.properties().diskUsage + " bytes"); console.log(" Priority: " + job.properties().priority); // Ask the server for the results job.results({}, done); }, // Print the raw results out function(results, job, done) { // Find the index of the fields we want var rawIndex = utils.indexOf(results.fields, "_raw"); var sourcetypeIndex = utils.indexOf(results.fields, "sourcetype"); var userIndex = utils.indexOf(results.fields, "user"); // Print out each result and the key-value pairs we want console.log("Results: "); for(var i = 0; i < results.rows.length; i++) { console.log(" Result " + i + ": "); console.log(" sourcetype: " + results.rows[i][sourcetypeIndex]); console.log(" user: " + results.rows[i][userIndex]); console.log(" _raw: " + results.rows[i][rawIndex]); } // Once we're done, cancel the job. job.cancel(done); } ], function(err) { callback(err); } );
var http = new splunkjs.ProxyHttp("/proxy"); var service = new splunkjs.Service(http, { username: username, password: password, scheme: scheme, host: host, port: port, version: version }); Async.chain([ // First, we log in function(done) { service.login(done); }, // Perform the search function(success, done) { if (!success) { done("Error logging in"); } service.oneshotSearch("search index=_internal | head 3", {}, done); }, // The job is done, and the results are returned inline function(results, done) { // Find the index of the fields we want var rawIndex = utils.indexOf(results.fields, "_raw"); var sourcetypeIndex = utils.indexOf(results.fields, "sourcetype"); var userIndex = utils.indexOf(results.fields, "user"); // Print out each result and the key-value pairs we want console.log("Results: "); for(var i = 0; i < results.rows.length; i++) { console.log(" Result " + i + ": "); console.log(" sourcetype: " + results.rows[i][sourcetypeIndex]); console.log(" user: " + results.rows[i][userIndex]); console.log(" _raw: " + results.rows[i][rawIndex]); } done(); } ], function(err) { callback(err); } );
This example shows how to work with realtime searches. It will execute a realtime search that will collect statistics about all events from “now” to infinity (as noted by the use of earliest_time=rt
and latest_time=rt
).
Once the job is created, it will poll the results every second, and print them out.
Since a realtime search is never “done”, we only iterate for 5 times before we terminate the loop.
var http = new splunkjs.ProxyHttp("/proxy"); var service = new splunkjs.Service(http, { username: username, password: password, scheme: scheme, host: host, port: port, version: version }); Async.chain([ // First, we log in function(done) { service.login(done); }, // Perform the search function(success, done) { if (!success) { done("Error logging in"); } service.search( "search index=_internal | stats count by sourcetype", {earliest_time: "rt", latest_time: "rt"}, done); }, // The search is never going to be done, so we simply poll it every second to get // more results function(job, done) { var MAX_COUNT = 5; var count = 0; Async.whilst( // Loop for N times function() { return MAX_COUNT > count; }, // Every second, ask for preview results function(iterationDone) { Async.sleep(1000, function() { job.preview({}, function(err, results) { if (err) { iterationDone(err); return; } // Only do something if we have results if (results.rows) { // Up the iteration counter count++; console.log("========== Iteration " + count + " =========="); var sourcetypeIndex = utils.indexOf(results.fields, "sourcetype"); var countIndex = utils.indexOf(results.fields, "count"); for(var i = 0; i < results.rows.length; i++) { var row = results.rows[i]; // This is a hacky "padding" solution var stat = (" " + row[sourcetypeIndex] + " ").slice(0, 30); // Print out the sourcetype and the count of the sourcetype so far console.log(stat + row[countIndex]); } console.log("================================="); } // And we're done with this iteration iterationDone(); }); }); }, // When we're done looping, just cancel the job function(err) { job.cancel(done); } ); } ], function(err) { callback(err); } );