如何从JAVA将JSON文件发送到Splunk Enterprise? [英] How do I send JSON files to Splunk Enterprise from JAVA?

问题描述

我首先说我是一个初学者. 我正在建立一个系统，在其中收集一些JSON文件，以JAVA(春季批处理)解析它们，卡住的部分是将这些文件发送到 HTTP EVENT COLLECTOR(HEC)在Splunk企业中.我尝试在网上搜寻一些对初学者友好的指南，但找不到任何东西.我想将带有所述文件的POST发送到Splunk企业，因此我可以在它们发送后为它们建立索引. 到目前为止，我只能像这样连接到localhost:8089:

I start by saying I'm a beginner. I'm setting up a system where I collect some JSON files, I parse them in JAVA (Spring batch) and the part where I'm stuck is sending these files to the HTTP EVENT COLLECTOR (HEC) in Splunk enterprise. I tried crawling the web for some beginner-friendly guides but I couldn't find anything. I want to send POST to the Splunk enterprise with said files, so I can index them after they've been sent. So far I could only connect to localhost:8089 like this:

HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);

        ServiceArgs connectionArgs = new ServiceArgs();
        connectionArgs.setHost("localhost");
        connectionArgs.setUsername("AdrianAlter");
        connectionArgs.setPassword("mypassword");
        connectionArgs.setPort(8089);
        connectionArgs.put("scheme","https");
        // will login and save the session key which gets put in the HTTP Authorization header
        Service splunkService = Service.connect(connectionArgs);
        System.out.println("Auth Token : " + splunkService.getToken());

        Job info = splunkService.getJobs().create("search index=main");
        System.out.println("Info: ");

推荐答案

目前尚不清楚您要做什么.在文本中，您说您正在尝试使用HTTP事件收集器(HEC)发送数据.但是，该示例代码似乎正在尝试执行搜索.

It is a bit unclear what you are trying to do. In the text, you say you are trying to send data with HTTP Event Collector (HEC). However, the sample code looks to be trying to perform a search.

要将数据发送到Java中的HEC端点，以下代码段可能是合适的起点.

To send data to a HEC endoint in Java, the following code snippet may be a suitable starting point.

 DefaultHttpClient httpclient = new DefaultHttpClient();
 HttpPost httppost = new HttpPost("https://<SERVER>:8088/services/collector/event");
 httppost.addHeader("Authorization", " Splunk <token id>");
 String eventStr = "{sourcetype=_json, index=main, event={ <JSON> }}"
 httppost.setEntity(new StringEntity(eventStr);
 HttpResponse response = httpclient.execute(httppost);
 HttpEntity entity = response.getEntity();
 System.out.println("response: " + entity);

这篇关于如何从JAVA将JSON文件发送到Splunk Enterprise?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！