Blogs: Paul Sanford

We recently pushed new updates to to our JavaScript SDK on GitHub. We are keeping the name of this release as “Preview” for now. There are some significant updates in this release that will make it even easier to build your Splunk applications in JavaScript.

Updates

Improvement to state management

In previous versions, the SDK kept a notion of whether an entity or collection was in a “valid” state. This notion has been taken out, and these resources now only contain a local cache which can be refreshed at will by calling fetch() on that resource. For example:

job.fetch(function(err, job) {
    // the local cache is now refreshed
});

fetch() is now the only method of refreshing a resource. When fetch()…

I am pleased to announce that we have just released the Splunk Python SDK beta.  This release contains significant updates that make it even easier to build applications on top of Splunk using Python.

Updates

• Improvements to entity state management
• Improvements to usability of entity collections
• Support for collection paging – collections now support the paging arguments: count, offset, search, sort_dir, sort_key and sort_mode. Note that Inputs and Jobs are not pageable collections and only support basic enumeration and iteration.
• Support for event types:
  • Added Service.event_types + units
  • Added examples/event_types.py
• Support for fired alerts:
  • Added Service.fired_alerts + units
  • Added examples/fired_alerts.py
• Support for saved searches:
  • Added Service.saved_searches + units
  • Added examples/saved_searches.py
• Sphinx based SDK API docs and improved

…

We have frequently been asked how to export events from Splunk using the Java SDK.

We now have a Java SDK example that shows how to export events from Splunk to a file.  This is often done for compliance purposes when data need to be stored in a particular way for a particular period of time.

There are more details on the application on our developer site.

You can stay up to date on the latest developments by following us on Twitter:  @splunkdev

We recently released our Java SDK.  I wanted to provide a quick overview of the SDK.

Java SDK Overview

The Java SDK has the most comprehensive coverage of the REST API to date.  We expect our other SDKs that we have to follow suit and provide the same level of coverage as the Java SDK.  We wanted to provide a fuller experience out of the gate for Java developers given the semantics of the language and feedback from existing customers who are doing development in Java on top of Splunk.  Get the Java SDK overview on dev.splunk.com.

Java SDK and IDEs

We have provided project-level support for Eclipse and IntelliJ, and our repository directory…

Last week was a busy week for the Splunk developer platform team.  We pushed live 2 SDKs within one hour!  We are excited to announce the release of:

• Java SDK Preview on GitHub.  The Java SDK enables our growing base of customers to share and harness the core Splunk platform and the valuable data stored in Splunk across the enterprise.  The SDK ships with a number of examples including an explorer utility that provides the ability to explore the components and configuration settings of a Splunk installation.  Learn more about the Java SDK.
• JavaScript SDK Preview on GitHub The JavaScript SDK takes big data to the web by providing developers with the

…

In the Python SDK there are a couple of examples that show how to use custom search commands within your application that is running in Splunk web.

Overview – Custom Search Commands & Map/Reduce

A custom search command is just a Python script that reads data in and writes data out. There are two subtypes of custom search commands:

• A streaming custom search command is one that is streamed data in. You can think of it as applying a “function”/”transformation” to each event and then writing out the result of that operation. It is a kind of “mapper“. An example of such a command might be a command that adds a field to each event.
• A non-streaming custom search

…

Today we added new content to the Splunk developer site – http://dev.splunk.com.

Logging with Splunk Extensions

We have received a number of questions about how to setup logging in Python when you are working with Splunk extensions including scripted inputs, lookups or custom commands.  The reason is that Splunk will send output to standard out, but there isn’t an easy way to push error messages to a log file.

The example that we have created on the developer site takes you through how to setup Python’s logging module to write to a log file of your choice when you are working with Splunk extensions.  Learn more about logging with Splunk extensions.

Search Reference

…

The Python SDK contains examples of the applications that you can build on top of Splunk.  I wanted to quickly highlight a few of those now.

Reporting and the Splunk Python SDK

Customers have been asking us for ways to integrate Splunk data with a variety of reporting tools.  We decided to use Leftronic for our example in the SDK.

In this example, we are using Twitter as our data source and show how we are searching data in Splunk to build the data stream.  We then show how we are sending that data to Leftronic.

Check out our dev portal for more details on how we used the Leftronic UI on top of Splunk data - http://dev.splunk.com/view/SP-CAAADSR and get…

We are hitting the road in October and November and are sponsoring some great developer events. Next Thursday (Oct. 6), we’ll be at Monktoberfest in Portland, ME. Monktoberfest is run by our friends at Redmonk.

Also next week, Peter Zadrozny, former Chief Technologist at BEA & Java author, will be presenting about better logging techniques at JavaOne. His session is on Thursday (Oct. 6) at 2pm. If you are going to JavaOne, this session is a don’t miss.

In November, we will be at two great events in the pacific northwest. First, we are sponsoring The Keeping it RealTime Conference, Nov. 7 & 8, in Portland, OR, which has to win for one of…

I can’t believe that it has already been over 3 weeks since .conf 2011.  It was a great event.  For the developer platform, we have begun starting to work with a few startups that are doing interesting work on top of Splunk.  I wanted to quickly highlight two of those who spoke at our packed, standing room only developer platform roadmap session during the conference.

First, Pamela Roussos from AppFirst demoed the work that AppFirst has been doing using our new Python SDK. AppFirst is combining Splunk’s real-time processing and search capabilities with their deep, constant data collection between the O/S and application.  You can read more about their demo in the AppFirst blog.  Thanks to Pamela…