Splunk Java SDK takes too much time to get result

Question

I am trying to get 10 events from Splunk. But it takes more than 40 minutes when UI returns results less than 1 sec

        String token = "token";
    String host = "splunk.mycompany.com";
    Map<String, Object> result = new HashMap<>();
    result.put("host", host);
    result.put("token", token);
    HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);

    Service service = new Service(result);
    Job job = service.getJobs().create("search index=some_index earliest=-1h |head 10");
    while (!job.isReady()) {
        try {
            Thread.sleep(500); // 500 ms
        } catch (Exception e) {
            // Handle exception here.
        }
    }

    // Read results
    try {
        ResultsReader reader = new ResultsReaderXml(job.getEvents());

        // Iterate over events and print _raw field
        reader.forEach(event -> System.out.println(event.get("_raw")));

    } catch (Exception e) {
        // Handle exception here.
    }

What can be a cause of this? Also it may fail with timeout exception

This code is from Splunk java sdk GitHub page. Token, host, etc. are changed from real to stub due to NDA.

You can get the results directly using `search/jobs/export` endpoint, have you tried that? https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTREF/RESTsearch#search.2Fjobs.2Fexport — Abhijit Sarkar, Feb 22 '22 at 18:28

score 0 · Answer 1 · answered Feb 23 '22 at 14:39

0

The problem was with the host. Worked with DevOps team and solved it

answered Feb 23 '22 at 14:39

user9527149

11
1

This could be a comment – acarlstein Feb 23 '22 at 15:03

Splunk Java SDK takes too much time to get result

1 Answers1