Files
spring-integration-samples/basic/splunk
2021-09-21 12:05:47 -04:00
..
2019-03-22 14:52:00 -04:00
2021-09-21 12:05:47 -04:00
2015-12-11 18:11:48 -05:00

Splunk Sample

This example demonstrates the use of Splunk Outbound and Inbound Adapter. As configuration example is used a xml file

Running the sample

Start Splunk server and change references in application.yml file.

type from the root project

$ gradlew :splunk:run

Using an IDE such as eclipse

Type from /basic/splunk

mvn eclipse:eclipse

import the project and run it org.springframework.integration.samples.splunk.Application like any other main

Output

The application sends 10 "custom" SplunkEvent to a main index and the read all event with yesterday as earliest-time the received message are printed on sysout with stream adapter

Program output:

Producer:

[2015-11-22	21:16:04:546+0100 _bkt="main~2~783FBE3F-8AA4-4DE3-BC2C-CA406157661C" _cd="2:23" _serial="0" _raw="2015-11-22	18:38:08:923+0100 ean="164" severity="ALERT" email="mail@gmail.com" order_number="21501001010101"" splunk_server="fbalicchia-desktop" index="main" source="tinyMain" _indextime="1448213888" _subsecond=".923" linecount="1" _si="fbalicchia-desktop,main" host="127.0.0.1" _sourcetype="customMessage" sourcetype="customMessage" _time="2015-11-22T18:38:08.923+01:00"]
[2015-11-22	21:16:04:546+0100 _bkt="main~2~783FBE3F-8AA4-4DE3-BC2C-CA406157661C" _cd="2:18" _serial="1" _raw="2015-11-22	18:38:08:822+0100 ean="62" severity="ALERT" email="mail@gmail.com" order_number="21501001010101"" splunk_server="fbalicchia-desktop" index="main" source="tinyMain" _indextime="1448213888" _subsecond=".822" linecount="1" _si="fbalicchia-desktop,main" host="127.0.0.1" _sourcetype="customMessage" sourcetype="customMessage" _time="2015-11-22T18:38:08.822+01:00"]
[2015-11-22	21:16:04:546+0100 _bkt="main~2~783FBE3F-8AA4-4DE3-BC2C-CA406157661C" _cd="2:13" _serial="2" _raw="2015-11-22	16:26:50:770+0100 ean="194" severity="ALERT" email="mail@gmail.com" order_number="21501001010101"" splunk_server="fbalicchia-desktop" index="main" source="tinyMain" _indextime="1448206010" _subsecond=".770" linecount="1" _si="fbalicchia-desktop,main" host="127.0.0.1" _sourcetype="customMessage" sourcetype="customMessage" _time="2015-11-22T16:26:50.770+01:00"]
[2015-11-22	21:16:04:546+0100 _bkt="main~2~783FBE3F-8AA4-4DE3-BC2C-CA406157661C" _cd="2:8" _serial="3" _raw="2015-11-22	16:26:50:670+0100 ean="42" severity="ALERT" email="mail@gmail.com" order_number="21501001010101"" splunk_server="fbalicchia-desktop" index="main" source="tinyMain" _indextime="1448206010" _subsecond=".670" linecount="1" _si="fbalicchia-desktop,main" host="127.0.0.1" _sourcetype="customMessage" sourcetype="customMessage" _time="2015-11-22T16:26:50.670+01:00"]

]

In this snippet we see toString() of message that send from program to Splunk, you can see the custom fields included email, ean code ecc.ecc

Consumer:

[2015-11-22	21:32:33:467+0100 _bkt="main~2~783FBE3F-8AA4-4DE3-BC2C-CA406157661C" _cd="2:158" _serial="0" _raw="2015-11-22	21:25:50:956+0100 ean="216" severity="ALERT" email="mail@gmail.com" order_number="21501001010101"" splunk_server="fbalicchia-desktop" index="main" _kv="1" source="tinyMain" _indextime="1448223950" _subsecond=".956" ean="216" linecount="1" _si="fbalicchia-desktop,main" host="127.0.0.1" _sourcetype="customMessage" sourcetype="customMessage" _time="2015-11-22T21:25:50.956+01:00"]
[2015-11-22	21:32:33:467+0100 _bkt="main~2~783FBE3F-8AA4-4DE3-BC2C-CA406157661C" _cd="2:153" _serial="1" _raw="2015-11-22	21:25:50:936+0100 ean="504" severity="ALERT" email="mail@gmail.com" order_number="21501001010101"" splunk_server="fbalicchia-desktop" index="main" _kv="1" source="tinyMain" _indextime="1448223950" _subsecond=".936" ean="504" linecount="1" _si="fbalicchia-desktop,main" host="127.0.0.1" _sourcetype="customMessage" sourcetype="customMessage" _time="2015-11-22T21:25:50.936+01:00"]
[2015-11-22	21:32:33:467+0100 _bkt="main~2~783FBE3F-8AA4-4DE3-BC2C-CA406157661C" _cd="2:148" _serial="2" _raw="2015-11-22	21:25:50:916+0100 ean="357" severity="ALERT" email="mail@gmail.com" order_number="21501001010101"" splunk_server="fbalicchia-desktop" index="main" _kv="1" source="tinyMain" _indextime="1448223950" _subsecond=".916" ean="357" linecount="1" _si="fbalicchia-desktop,main" host="127.0.0.1" _sourcetype="customMessage" sourcetype="customMessage" _time="2015-11-22T21:25:50.916+01:00"]

The layout of the message is the same but we found entry with ean code greater than '135'. Splunk support out of the box a good query languages where more info can be found at splunk project documentation

Please note that Before use this example, please, verify that jdk.tls.disabledAlgorithms=SSLv3 entry in lib/security/java.security is commenting out