我首先说我是个初学者。我正在建立一个系统,在其中收集一些JSON文件,然后用JAVA(春季批处理)解析它们,而卡住的部分是将这些文件发送到Splunk企业中的HTTP EVENT COLLECTOR(HEC) 。我尝试在网上搜寻一些对初学者友好的指南,但找不到任何东西。我想将带有所述文件的POST发送到Splunk企业,以便在它们发送后可以对其进行索引。到目前为止,我只能像这样连接到localhost:8089:
HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
ServiceArgs connectionArgs = new ServiceArgs();
connectionArgs.setHost("localhost");
connectionArgs.setUsername("AdrianAlter");
connectionArgs.setPassword("mypassword");
connectionArgs.setPort(8089);
connectionArgs.put("scheme","https");
// will login and save the session key which gets put in the HTTP Authorization header
Service splunkService = Service.connect(connectionArgs);
System.out.println("Auth Token : " + splunkService.getToken());
Job info = splunkService.getJobs().create("search index=main");
System.out.println("Info: ");
尚不清楚您要做什么。在文本中,您说您正在尝试使用HTTP事件收集器(HEC)发送数据。但是,该示例代码似乎正在尝试执行搜索。
要将数据发送到Java中的HEC端点,以下代码段可能是合适的起点。
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("https://<SERVER>:8088/services/collector/event");
httppost.addHeader("Authorization", " Splunk <token id>");
String eventStr = "{sourcetype=_json, index=main, event={ <JSON> }}"
httppost.setEntity(new StringEntity(eventStr);
HttpResponse response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
System.out.println("response: " + entity);