/** * Runs an export search (using the {@code search/jobs/export} endpoint), * and streams results back in an input stream. * * @param search The search query to run. * @return The {@code InputStream} object that contains the search results. */ public InputStream export(String search) { return export(search, null); }
/** * Runs an export search with arguments (using the {@code search/jobs/export} * endpoint), and streams results back in an input stream. * * @param search The search query to run. * @param args Additional search arguments (see {@code JobExportArgs}). * @return The {@code InputStream} object that contains the search results. */ // NOTE: This overload exists primarily to provide better documentation // for the "args" parameter. public InputStream export(String search, JobExportArgs args) { return export(search, (Map<String, Object>) args); }
InputStream inputStream = service.export("search sourcetype=\"" + sourceType + "\" " + ThunderConstant.TRACE_ID + "=\"" + traceId + "\"", exportArgs); if (inputStream == null) { throw new MonitorException("Input stream is null");
/** * This executes the search query to retrieve result from splunk. * It then converts each event's value into tuple and emit that into output port. */ @Override public void emitTuples() { String query = queryToRetrieveData(); logger.debug(String.format("select statement: %s", query)); try { exportSearch = store.getService().export(queryToRetrieveData(), exportArgs); multiResultsReader = new MultiResultsReaderXml(exportSearch); for (SearchResults searchResults : multiResultsReader) { for (Event event : searchResults) { for (String key: event.keySet()) { if (key.contains("raw")) { T tuple = getTuple(event.get(key)); outputPort.emit(tuple); } } } } multiResultsReader.close(); } catch (Exception e) { store.disconnect(); throw new RuntimeException(String.format("Error while running query: %s", query), e); } } }
exportSearch = store.getService().export(queryToRetrieveData(), exportArgs); multiResultsReader = new MultiResultsReaderXml(exportSearch); for (SearchResults searchResults : multiResultsReader)