Command line (server) examples in the Splunk SDK for JavaScript

The Splunk SDK for JavaScript includes several command-line examples, which are located in the /splunk-sdk-javascript/examples/node directory.

Run the examples with Node.js and be sure to include any arguments that are required by the example:

node examplename.js --username "admin" --password "changeme"

You can omit the login arguments if you saved your credentials in the .splunkrc file.

To list available commands and arguments for an example, use the --help argument:

node examplename.js --help

You also can get help for a specific command:

node examplename.js commandname --help

Run examples

Here are some different command-line examples to show how to use the JavaScript examples with Node.js. First, make sure Splunk is running. Then, open a command prompt in the /splunk-sdk-javascript/examples/node directory.

• List Splunk apps
• List saved searches
• Run different types of searches
• Run a simple log handler
• Work with search jobs
• Run a search and display simplified results

List Splunk apps

The Apps.js and Apps_async.js examples list your Splunk apps--just enter one of these commands:

node helloworld/apps.js
node helloworld/apps_async.js

List saved searches

The Savedsearches.js and Savedsearches_async.js examples list your saved searches and the search query for each--enter one of these commands:

node helloworld/savedsearches.js 
node helloworld/savedsearches_async.js 

The Savedsearches_create.js example creates a simple saved search, called "My Awesome Saved Search", with a hard-coded search string. To run this example, enter:

node helloworld/savedsearches_create.js

Run different types of searches

The Search*.js examples run different types of searches with hard-coded search strings:

• The Search_normal.js example runs a normal search (exec_mode=normal). When the job is done, the example prints the job statistics and search results. To run this example, enter:

node helloworld/search_normal.js 

• The Search_blocking.js example runs a blocking search (exec_mode=blocking). The example doesn't return until the job is done, and then it prints job statistics and search results. To run this example, enter:

node helloworld/search_blocking.js 

• The Search_oneshot.js example runs a oneshot search (exec_mode=oneshot). The example doesn't return until the job is done, and then it returns only the search results (no search job ID), and prints the results. To run this example, enter:

node helloworld/search_oneshot.js 

• The Search_realtime.js example runs a real-time search that collects statistics about all events from now to infinity (earliest_time=rt and latest_time=rt). Once the job is created, it polls the results every second and prints them. Because a real-time search is never really done, the example only iterates five times. To run this example, enter:

node helloworld/search_realtime.js 

Run a simple log handler

The log.js example shows how to send data to Splunk over HTTP from within your application by using the Service.log method. A utility Logger class encapsulates various logging levels so we can simply call logger.log, logger.error, and so on.

node helloworld/log.js

Work with search jobs

The Jobs.js example manages search jobs from the command line. You can list search jobs, create new ones, get results and events, and cancel search jobs.

This command lists all search jobs:

node jobs.js list 

If successful, your output should look something like this:

~\splunk-sdk-javascript\examples\node> node jobs.js list
  Job 1 sid: 1332203612.132
  Job 2 sid: scheduler__admin__search_d2VhdGhlciBzdW1tYXJ5IEpTMg_at_1332289800_f8edda5eb76a0645
  Job 3 sid: scheduler__admin__search_V2VhdGhlciBTdW1tYXJ5_at_1332289800_73889385ef9f8f24
  Job 4 sid: rt_1332290588.37
  Job 5 sid: rt_1332290588.38
==============

This command lists the properties of a specific search job:

node jobs.js list 1332203612.132

To create a search job, you need at a minimum a search string. But you can also include optional arguments. Here's an example that creates a search job with earliest and latest times:

node jobs.js create --search "search * | head 20" --earliest_time "2012-03-19T23:17:00.000-07:00" --latest_time "2012-03-20T12:17:00.000-07:00"

This example retrieves results from a specific search job in CSV format, skipping the first 50 results:

node jobs.js results --json_mode csv  --offset 50 1332203612.132

This example previews 10 results for a specific search job:

node jobs.js preview --count 10 1332203612.132

This example retrieves 20 events for a specific search job, displaying only the artist and song fields:

node jobs.js events --count 20 --field_list "artist, song" 1332203612.132

This cancels a specific search job:

node jobs.js cancel scheduler__admin__search_UmFkaW8gLSBUb3AgU29uZ3M_at_1332205200_5762e78afd96ea83

Remember, you can get help for any individual commands (for example, enter: node jobs.js create --help). If you want more details about these arguments, see the corresponding REST endpoint documentation:

• For jobs.js create, see the POST search/jobs endpoint.
• For jobs.js results, see the GET search/jobs/{search_id}/results endpoint.
• For jobs.js preview, see the GET search/jobs/{search_id}/results_preview endpoint.
• For jobs.js events, see the GET search/jobs/{search_id}/events endpoint.

Run a search and display simplified results

The Search.js example creates normal or oneshot searches, then prints the results to the console in JSON format. The Results.js example simplifies the output for a nicer display. You can use the search.js example alone, or pipe the results to Results.js.

This example searches everything in the "test" index over 24 hours, displays 10 results, and shows the progress of the search:

node search.js --search "search index=test" --earliest_time "2012-03-15T00:00:00.000-07:00" --latest_time "2012-03-16T00:00:00.000-07:00" --count 10 --verbose 

This example shows how to runs a search and display simplified results:

node search.js --search "search * | head 10" | node results.js