Splunk PHP SDK now available

This one goes out to all the developers waiting for the Splunk PHP SDK. Well, the wait has finally ended.

A public preview of PHP SDK 0.1.0 is now available on Github. While in its early stages, you can do a lot with this SDK. It allows you to run any saved searches or ad-hoc searches. It supports various search modes – normal, oneshot, blocking etc. giving you the control to run both synchronous as well as asynchronous searches.

Below are a few code snippets showing what you can do with the SDK:

Connect to Splunk

// Import Splunk.php
require_once 'Splunk.php';

// Create an instance of Splunk_Service to connect to a Splunk server
$service = new Splunk_Service(array(
    'host' => 'localhost',
    'port' => '8089',
    'username' => 'admin',
    'password' => 'changeme',


Execute a Saved Search

// Retrieve the saved search named "Errors in the last 24 hours"
$savedSearch = $service->getSavedSearches()->get('Errors in the last 24 hours');

// Create a normal search job based on the saved search
$job = $savedSearch->dispatch();

// Wait for job to complete and get results
// Wait for the job to complete, then get results
while (!$job->isDone())
    printf("Progress: %03.1f%%\r\n", $job->getProgress() * 100);
    usleep(0.5 * 1000000);
$results = $job->getResults();

// Process results


You can find more detail at Overview of Splunk PHP SDK. To help you get started quickly, we have included some examples in the SDK as well.


Try it out, let us know if it meets your expectations, what more you would like to see … or if it is simply awesome!

Neeraj Luthra

Posted by