Skip to content

pvik/go-splunk-rest

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
auth.go
auth.go
 
 
connection.go
connection.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
http.go
http.go
 
 
search.go
search.go
 
 

Repository files navigation

go-splunk-rest

golang library to interact with splunk Rest API.

Supports basic, session key and authentication token methods of authentication.

Provides functions to deal with Search jobs.

Please open an issue if you want any specific Splunk API endpoints included.

Install

go get github.com/pvik/go-splunk-rest

Examples

Splunk2DB uses this library, for additional code on how to use this library.

To make a simple blocking search

import "github.com/pvik/go-splunk-rest"

// ... 

	splunkConn := splunk.Connection{
		Host: "https://abc.splunk.com:8089",
		AuthType: "authentication-token",
		AuthenticationToken: "abcdef111",

		// or
		//AuthType: "authorization-token" // will use session keys or set this to "basic" for basic auth
		//Username: "api-user",
		//Password: "secure-password"
	}
	
	recs, err := splunkConn.Search("| from my_datamodel | fields - _raw | head 100", splunk.SearchOptions{})

The API provides an easy way to automatically shrink the search time window if the API result return is limited to the max_count (typically defaults to 10000)

Example To use this feature

	splunkConn := splunk.Connection{
		Host: "https://abc.splunk.com:8089",
		AuthType: "authentication-token",
		AuthenticationToken: "abcdef111",

		// or
		//AuthType: "authorization-token" // will use session keys or set this to "basic" for basic auth
		//Username: "api-user",
		//Password: "secure-password"
	}
	
	searchOptions := splunk.SearchOptions{
		MaxCount: 100,
		
		UseEarliestTime: true,
		EarliestTime: time.Now().Sub(30*24*time.Hour),
		UseLatestTime: true,
		LatestTime: time.Now(),

		AllowPartition: true,
	}
	
	recs, err := splunkConn.Search("| from my_datamodel | fields - _raw | head 100", searchOptions)

The library provides an easy way to search in an async fashion

	splunkConn := splunk.Connection{
		Host: "https://abc.splunk.com:8089",
		AuthType: "authentication-token",
		AuthenticationToken: "abcdef111",

		// or
		//AuthType: "authorization-token" // will use session keys or set this to "basic" for basic auth
		//Username: "api-user",
		//Password: "secure-password"
	}
	
	go splunkConn.SearchAndExec("| from my_datamodel | fields - _raw | head 100",  splunk.SearchOptions{},
		func(results []map[string]interface{}) error {
			// do something with results 
			// this will be called once the search completes 
			
			// ... 
			
			return nil 
		}, 
		func(e error) {
			// handle search error 
			log.Errorf("search failed: %s", e)
		}
	)

About

Go library to interact with Splunk Rest API

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

10 tags

Packages

No packages published

Languages