堆栈内存溢出
  简体   繁体   English

Splunk不会返回所有结果-使用rest API-

[英]Splunk doesnt return all the results - using rest API -

 原文  2019-04-11 09:10:43       java/ json/ splunk/ splunk-query

问题描述

I'm retrieving data from Splunk using rest API via production port 8980, on the GUI I can see 770 events when I retrieve data I got less then a 100. 我正在通过生产端口8980使用rest API从Splunk检索数据,在GUI上检索到少于100的数据时,我可以看到770事件。

here is my code in Java to retrieve data: 这是我用Java检索数据的代码: 

public JSONObject Post_request() throws IOException, ParseException {
        String Query = "search " + OS_Vuln_Query;
        Job job = session.make_Request().getJobs().create(Query);
        while (!job.isDone()) {
            try {
                Thread.sleep(1000);
            } catch (InterruptedException e) {
                e.printStackTrace();
            }
        }
        JobResultsArgs resultsArgs = new JobResultsArgs();
        resultsArgs.setOutputMode(JobResultsArgs.OutputMode.JSON);
        InputStream results = job.getResults(resultsArgs);

        BufferedReader br = new BufferedReader(new InputStreamReader(results));
        StringBuilder sb = new StringBuilder();
        String line;
        while ((line = br.readLine()) != null)
        {
            sb.append(line);
        }
        JSONParser parser = new JSONParser();
        JSONObject json = (JSONObject) parser.parse(sb.toString());
        String vulns_as_string = json.get("results").toString();
        JSONArray vulns_to_json = (JSONArray) parser.parse(vulns_as_string);
        if (vulns_to_json.size()>0)
        {
            System.out.print("Splunk return results");
            for (int v = 0; v < vulns_to_json.size(); v++)
            {
                String vuln_as_string = vulns_to_json.get(v).toString();
                Vulnerability vulnerability = new Gson().fromJson(vuln_as_string, Vulnerability.class);
                data_Parsed = true;
                vulnerability.ports_to_List();
                list_of_OS_Vulnerability.add(vulnerability);
            }
            return json;
        }
        System.out.print("Splunk return empty results");
        return  null;
    }

I make request to Splunk from different class - it return service which I used to pass queries to splunk 我从不同的类向Splunk发出请求-它返回了我用来将查询传递给splunk的服务

1 个解决方案

解决方案1
 2 已采纳  2019-04-11 10:21:23

I figure it out from Splunk Documentation, wasn't really in the beginning. 我可以从Splunk文档中弄清楚,但这并不是一开始的。 resultsargs if not set to 0 will return the first 100 results only. resultsargs(如果未设置为0)将仅返回前100个结果。 to fix that just set setcount in resultsArgs to 0: 修复将resultsArgs中的setcount设置为0的问题: 

        resultsArgs.setCount(0); // to return all results

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Splunk通用转发器或Splunk REST API的优势? - Advantages to using Splunk Universal Forwarders or Splunk REST API? MongoDB聚合Java API不返回结果 - MongoDB aggregate Java API doesnt return results REST API可以不安装Splunk转发器吗? - Can rest api allow not to install splunk forwarder? lucene为什么不返回结果 - Why doesnt lucene return results 如何将执行的 GROOVY 脚本结果返回到 REST API 响应 - How to return executed GROOVY script results to REST API Response 使用Cloudant Client Search API不会返回所有预期结果 - Using Cloudant Client Search API Doesn't Return All Results Expected 如何使用 Java 在 Elasticsearch 中返回所有结果? - How to return all the results in Elasticsearch using Java? 无法在SpringBoot中使用ControllerAdvice返回rest api响应 - Unable to return rest api Response using ControllerAdvice in SpringBoot 使用 Rest 模板从外部 api 返回特定数据 - Return specific data from external api using Rest Template 将 SQL 结果公开为 REST API - Expose SQL Results as REST API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM