From 4c5562f1773acc1621c2866cda968d88be0067c2 Mon Sep 17 00:00:00 2001 From: bparmar-splunk Date: Wed, 24 Nov 2021 11:10:14 +0530 Subject: [PATCH 1/3] README.md updated with Test example Update: - Login Examples using creds & tokens are added. - Job creation using search criteria example --- README.md | 155 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+) diff --git a/README.md b/README.md index 5798188b..345a5e5e 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,161 @@ To build the documentation for the SDK, it is being automatically generated with cd splunk mvn javadoc:javadoc +### Usage +#### Login using username and password +```java +import com.splunk.Service; +import com.splunk.ServiceArgs; + +/** + * Login using username and password + */ +public class SplunkLogin { + + static Service service = null; + public static void main(String args[]) { + ServiceArgs loginArgs = new ServiceArgs(); + loginArgs.setPort(8089); + loginArgs.setHost("localhost"); + loginArgs.setScheme("https"); + loginArgs.setUsername("USERNAME"); // Use your username + loginArgs.setPassword("PASSWORD"); // Use your password + + // Initialize the SDK client + service = Service.connect(loginArgs); + } +} +``` + +#### Login using Splunk Token +```java +import com.splunk.Service; +import com.splunk.ServiceArgs; + +/** + * Login using Splunk token + */ +public class SplunkLogin { + + static Service service = null; + /** + * Splunk Token. + * Actual token length would be longer than this token length. + */ + static String splunkToken = "1k_Ostpl6NBe4iVQ5d6I3Ohla_U5"; + + public static void main(String args[]) { + ServiceArgs loginArgs = new ServiceArgs(); + loginArgs.setPort(8089); + loginArgs.setHost("localhost"); + loginArgs.setScheme("https"); + loginArgs.setToken(String.format("Splunk %s", splunkToken)); + + // Initialize the SDK client + service = Service.connect(loginArgs); + } +} +``` +* Login using username and password will create Splunk token internally. +* Login using Credentials (username & password) OR directly using Splunk token are similar. +* In above two approaches, there is one limitation that expiration time of Splunk token cannot be extended. User has to re-login every time when token expires. +* To overcome this limitation, **Bearer** token is used instead of Splunk token. +* In **Bearer** token, user has a provision to set token expiration time. Splunk allows user to set relative/absolute time for token expiration. +* In other words, **Bearer** token is configurable whereas Splunk token cannot be configured. + +#### Login using Bearer Token (RECOMMENDED) +```java +import com.splunk.Service; +import com.splunk.ServiceArgs; + +/** + * Login using Bearer token + */ +public class SplunkLogin { + + static Service service = null; + /** + * Bearer Token. + * Actual token length would be longer than this token length. + */ + static String bearerToken = "1k_Ostpl6NBe4iVQ5d6I3Ohla_U5"; + + public static void main(String args[]) { + ServiceArgs loginArgs = new ServiceArgs(); + loginArgs.setPort(8089); + loginArgs.setHost("localhost"); + loginArgs.setScheme("https"); + loginArgs.setToken(String.format("Bearer %s", bearerToken)); + + // Initialize the SDK client + service = Service.connect(loginArgs); + } +} +``` + +#### Example of running a simple search by first creating the search job +```java +import com.splunk.Job; +import com.splunk.ResultsReader; +import com.splunk.ResultsReaderXml; +import com.splunk.Service; +import com.splunk.ServiceArgs; + +/** + * Logged in using Bearer token. + * Assuming that bearer token is already created from Splunk web. + * Create Job using search creation. + * Read results and print _raw fields + */ +public class SearchExample { + + static Service service = null; + + /** + * Bearer Token. + * Actual token length would be longer than this token length. + */ + static String bearerToken = "1k_Ostpl6NBe4iVQ5d6I3Ohla_U5"; + + public static void main(String args[]) { + + ServiceArgs loginArgs = new ServiceArgs(); + loginArgs.setPort(8089); + loginArgs.setHost("localhost"); + loginArgs.setScheme("https"); + loginArgs.setToken(String.format("Bearer %s", bearerToken)); + + // Initialize the SDK client + service = Service.connect(loginArgs); + + // Run a simple search by first creating the search job + Job job = service.getJobs().create("search index=_internal | head 10"); + + // Waiting for search results to be ready + while (!job.isReady()) { + try { + Thread.sleep(500); // 500 ms + } catch (Exception e) { + // Handle exception here. + } + } + + // Read results + try { + ResultsReader reader = new ResultsReaderXml(job.getEvents()); + + // Iterate over events and print _raw field + reader.forEach(event -> System.out.println(event.get("_raw"))); + + } catch (Exception e) { + // Handle exception here. + } + } +} +``` + +For more information on authentication using tokens, please visit [Splunk Docs](https://docs.splunk.com/Documentation/Splunk/8.2.3/Security/Setupauthenticationwithtokens). + ### Unit tests The Splunk SDK for Java includes several unit tests that are run at From 842b8a07df9e4be54c70f968b8016f172ed5fe52 Mon Sep 17 00:00:00 2001 From: bparmar-splunk Date: Wed, 24 Nov 2021 12:18:20 +0530 Subject: [PATCH 2/3] Splunk version updated to latest. --- .github/workflows/test.yml | 2 +- docker-compose.yml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8be22ddd..1df987b9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: - 1.8 splunk-version: - "8.0" - - "8.2.0" + - "latest" runs-on: ${{ matrix.os }} services: diff --git a/docker-compose.yml b/docker-compose.yml index 1e3f76b9..4584c6d3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,13 +2,14 @@ version: '3.6' services: splunk: - image: "splunk/splunk:8.0" + image: "splunk/splunk:latest" container_name: splunk environment: - SPLUNK_START_ARGS=--accept-license - SPLUNK_HEC_TOKEN=11111111-1111-1111-1111-1111111111113 - SPLUNK_PASSWORD=changed! - SPLUNK_APPS_URL=https://github.com/splunk/sdk-app-collection/releases/download/v1.1.0/sdkappcollection.tgz + - JAVA_VERSION=openjdk:8 ports: - 8000:8000 - 8088:8088 From 98f9e3ff9bdcef2bcaf8933c6e425a1b27028e97 Mon Sep 17 00:00:00 2001 From: bparmar-splunk Date: Thu, 25 Nov 2021 10:17:11 +0530 Subject: [PATCH 3/3] README file updated **Update:** - Splunk token is replaced **Session token**. - Bearer is replaced with **Authentication**. - Splunk Docs URL is pointing to latest release. --- README.md | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 345a5e5e..a43ec8e4 100644 --- a/README.md +++ b/README.md @@ -135,65 +135,65 @@ public class SplunkLogin { } ``` -#### Login using Splunk Token +#### Login using Session Token ```java import com.splunk.Service; import com.splunk.ServiceArgs; /** - * Login using Splunk token + * Login using Session token */ public class SplunkLogin { static Service service = null; /** - * Splunk Token. + * Session Token. * Actual token length would be longer than this token length. */ - static String splunkToken = "1k_Ostpl6NBe4iVQ5d6I3Ohla_U5"; + static String token = "1k_Ostpl6NBe4iVQ5d6I3Ohla_U5"; public static void main(String args[]) { ServiceArgs loginArgs = new ServiceArgs(); loginArgs.setPort(8089); loginArgs.setHost("localhost"); loginArgs.setScheme("https"); - loginArgs.setToken(String.format("Splunk %s", splunkToken)); + loginArgs.setToken(String.format("Splunk %s", token)); // Initialize the SDK client service = Service.connect(loginArgs); } } ``` -* Login using username and password will create Splunk token internally. -* Login using Credentials (username & password) OR directly using Splunk token are similar. -* In above two approaches, there is one limitation that expiration time of Splunk token cannot be extended. User has to re-login every time when token expires. -* To overcome this limitation, **Bearer** token is used instead of Splunk token. -* In **Bearer** token, user has a provision to set token expiration time. Splunk allows user to set relative/absolute time for token expiration. -* In other words, **Bearer** token is configurable whereas Splunk token cannot be configured. - -#### Login using Bearer Token (RECOMMENDED) +* Login using username and password will create Session token internally. +* Login using Credentials (username & password) OR directly using Session token are similar. +* In above two approaches, there is one limitation that expiration time of Session token cannot be extended. User has to re-login every time when token expires. +* To overcome this limitation, **Authentication** token is used instead of Session token. +* In **Authentication** token, user has a provision to set token expiration time. Splunk allows user to set relative/absolute time for token expiration. +* In other words, **Authentication** token is configurable whereas Session token cannot be configured. + +#### Login using Authentication Token (RECOMMENDED) ```java import com.splunk.Service; import com.splunk.ServiceArgs; /** - * Login using Bearer token + * Login using Authentication token */ public class SplunkLogin { static Service service = null; /** - * Bearer Token. + * Authentication Token. * Actual token length would be longer than this token length. */ - static String bearerToken = "1k_Ostpl6NBe4iVQ5d6I3Ohla_U5"; + static String token = "1k_Ostpl6NBe4iVQ5d6I3Ohla_U5"; public static void main(String args[]) { ServiceArgs loginArgs = new ServiceArgs(); loginArgs.setPort(8089); loginArgs.setHost("localhost"); loginArgs.setScheme("https"); - loginArgs.setToken(String.format("Bearer %s", bearerToken)); + loginArgs.setToken(String.format("Bearer %s", token)); // Initialize the SDK client service = Service.connect(loginArgs); @@ -210,8 +210,8 @@ import com.splunk.Service; import com.splunk.ServiceArgs; /** - * Logged in using Bearer token. - * Assuming that bearer token is already created from Splunk web. + * Logged in using Authentication token. + * Assuming that authentication token is already created from Splunk web. * Create Job using search creation. * Read results and print _raw fields */ @@ -220,10 +220,10 @@ public class SearchExample { static Service service = null; /** - * Bearer Token. + * Authentication Token. * Actual token length would be longer than this token length. */ - static String bearerToken = "1k_Ostpl6NBe4iVQ5d6I3Ohla_U5"; + static String token = "1k_Ostpl6NBe4iVQ5d6I3Ohla_U5"; public static void main(String args[]) { @@ -231,7 +231,7 @@ public class SearchExample { loginArgs.setPort(8089); loginArgs.setHost("localhost"); loginArgs.setScheme("https"); - loginArgs.setToken(String.format("Bearer %s", bearerToken)); + loginArgs.setToken(String.format("Bearer %s", token)); // Initialize the SDK client service = Service.connect(loginArgs); @@ -262,7 +262,7 @@ public class SearchExample { } ``` -For more information on authentication using tokens, please visit [Splunk Docs](https://docs.splunk.com/Documentation/Splunk/8.2.3/Security/Setupauthenticationwithtokens). +For more information on authentication using tokens, please visit [Splunk Docs](https://docs.splunk.com/Documentation/Splunk/latest/Security/Setupauthenticationwithtokens). ### Unit tests