【发布时间】:2019-04-11 09:10:43
【问题描述】:
我正在通过生产端口 8980 使用 rest API 从 Splunk 检索数据,在 GUI 上,当我检索不到 100 个的数据时,我可以看到 770 个事件。
这是我用 Java 检索数据的代码:
public JSONObject Post_request() throws IOException, ParseException {
String Query = "search " + OS_Vuln_Query;
Job job = session.make_Request().getJobs().create(Query);
while (!job.isDone()) {
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
e.printStackTrace();
}
}
JobResultsArgs resultsArgs = new JobResultsArgs();
resultsArgs.setOutputMode(JobResultsArgs.OutputMode.JSON);
InputStream results = job.getResults(resultsArgs);
BufferedReader br = new BufferedReader(new InputStreamReader(results));
StringBuilder sb = new StringBuilder();
String line;
while ((line = br.readLine()) != null)
{
sb.append(line);
}
JSONParser parser = new JSONParser();
JSONObject json = (JSONObject) parser.parse(sb.toString());
String vulns_as_string = json.get("results").toString();
JSONArray vulns_to_json = (JSONArray) parser.parse(vulns_as_string);
if (vulns_to_json.size()>0)
{
System.out.print("Splunk return results");
for (int v = 0; v < vulns_to_json.size(); v++)
{
String vuln_as_string = vulns_to_json.get(v).toString();
Vulnerability vulnerability = new Gson().fromJson(vuln_as_string, Vulnerability.class);
data_Parsed = true;
vulnerability.ports_to_List();
list_of_OS_Vulnerability.add(vulnerability);
}
return json;
}
System.out.print("Splunk return empty results");
return null;
}
我从不同的类向 Splunk 发出请求 - 它返回我用来将查询传递给 splunk 的服务
【问题讨论】:
标签: java json splunk splunk-query