splunk-sdk-go

module
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 7, 2023 License: Apache-2.0

README

Splunk SDK for Go

Version 1.7.0

The Splunk Software Development Kit for Go contains functions designed to enable developers to communicate with Splunk Enterprise through the splunk API.

⚠ This version is more focused on getting metrics from Splunk Enterprise.

Getting started with the Splunk SDK for Go

Requirements

Here's what you need to get going with the Splunk Enterprise SDK for Go.

  • Go 1.18+

    The Splunk SDK for Go has been tested with Go version 1.18 to 1.20

  • Spunk Enterprise 9.0.4

    The Splunk SDK has been tested with Splunk Enterprise 9.0.4

    If you haven't already installed Splunk Enterprise, download it here. For more information, see the Splunk Enterprise Installation Manual.

Install the SDK

Use the following command to install the Splunk SDK for Go

go get -u github.com/kuro-jojo/splunk-sdk-go
Example Go Reference

You'll need at first a Splunk enterprise instance running. If you don't have one, you can run a local instance with a docker image.

  • For that you'll need docker to be installed

  • Then run a local Splunk enterprise instance (check it on docker) :

       docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=<password>" --name splunk splunk/splunk:latest

    After the container starts up successfully and enters the "healthy" state, you should be able to access SplunkWeb at http://localhost:8000 with admin:<password>.

Following are the different ways to connect to Splunk Enterprise

⚠ Avoid writing your sensitive information in your code in production. Use environment variables or a configuration file instead.

Using username and password

    import (
        splunk "github.com/kuro-jojo/splunk-sdk-go/client"
    )
    ...
        splunkInstance := "localhost" // or your splunk instance IP
        splunkServerPort := "8089" // by default
        splunkUsername := "admin"
        splunkPassword := "myComplexPassword" //
        client := splunk.NewBasicAuthenticatedClient(
        &http.Client{
            Timeout: time.Duration(60) * time.Second,
        },
        splunkInstance,
        splunkServerPort,
        splunkUsername,
        splunkPassword,
        true, // if true : SSL verification disabled

Using token authentication

    import (
        splunk "github.com/kuro-jojo/splunk-sdk-go/client"
    )
    ...
        splunkInstance := "localhost"
        splunkServerPort := "8089" // by default
        splunkToken := "eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnIjo..."
        client := splunk.NewClientAuthenticatedByToken(
        &http.Client{
            Timeout: time.Duration(60) * time.Second,
        },
        splunkInstance,
        splunkServerPort,
        splunkToken,
        true, // if true : SSL verification disabled

Using authentication sessionKey

    import (
        splunk "github.com/kuro-jojo/splunk-sdk-go/client"
    )
    ...
        splunkInstance := "localhost"
        splunkServerPort := "8089" // by default
        splunkSessionKey := "ff8be3be-ef07-4576-..."
        client := splunk.NewClientAuthenticatedBySessionKey(
        &http.Client{
            Timeout: time.Duration(60) * time.Second,
        },
        splunkInstance,
        splunkServerPort,
        splunkSessionKey,
        true, // if true : SSL verification disabled
Create a new job
...
import (
    splunk "github.com/kuro-jojo/splunk-sdk-go/client"
    job "github.com/kuro-jojo/splunk-sdk-go/jobs"
    ...
)
...
    // create the parameters for the search
    searchParameters := splunk.SearchParams{
        SearchQuery: "index=main | head 10",
    }

    spReq := splunk.SearchRequest{
        Params: searchParameters,
        Headers: map[string]string{
            "Content-Type": "application/text",
            "..."
        },
    }

    // create the job and get the sid of the job which will be used to get the results
    sid, err := job.CreateJob(client, &spReq)

    if err != nil {
        fmt.Printf("Got an error : %s", err)
        return
    }
Retrieving the results of a job
...
import (
    splunk "github.com/kuro-jojo/splunk-sdk-go/client"
    job "github.com/kuro-jojo/splunk-sdk-go/jobs"
    ...
)
...

    // get the results of the search using the sid of the job
    results, err := job.RetrieveJobResult(client, sid)

    if err != nil {
        fmt.Printf("Got an error : %s", err)
        return
    }
Getting metric from a job
...
import (
    splunk "github.com/kuro-jojo/splunk-sdk-go/client"
    job "github.com/kuro-jojo/splunk-sdk-go/jobs"
    ...
)
...
    // create the parameters for the search

    spReq := splunk.SearchRequest{
        Params: splunk.SearchParams{
            SearchQuery: "index=main | stats count",
        },
    }

    metric, err := job.GetMetricFromNewJob(client, &spReq)
    fmt.Println(metric)
    if err != nil {
        fmt.Printf("Got an error : %s", err)
        return
    }

License

The Splunk Enterprise Software Development Kit for Go is licensed under the Apache License 2.0. See LICENSE for details.

Directories

Path Synopsis
pkg
utils

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.