TIPS & TRICKS

Splunk SDK for Ruby now in Public Preview

Another day in the life of SplunkDev and another SDK under Splunk’s Developer Platform.

Splunk SDK for Ruby is now publicly available. Thanks to the every one in the external Ruby community for their feedback and their contribution to the open source project!

So what can you do with the SDK? Below are some highlights:

  • Connect to Splunk
  • Run blocking and asynchronous searches
  • Get data out from Splunk using the /export endpoint
  • Write data into Splunk
  • Manage Splunk objects like Jobs, Indexes, Users etc.
  • and more …

Learn more and find out how to get started at Splunk SDK for Ruby. Download the SDK and let us know what you think at DevInfo.

Let’s take a look at some sample code …

Connect to Splunk

require 'splunk-sdk-ruby'
service = Splunk::connect(:scheme=>"https", :host=>"localhost", :port=>8089, :username=>"admin", :password=>"changeme")

Run a oneshot search and print the results

stream = service.create_oneshot("search index=_internal | head 10")
reader = Splunk::ResultsReader.new(stream)
reader.each do |result|
  puts result
end

Run an export and print the results

stream = service.create_export("search index=_internal | head 10")
reader = Splunk::ResultsReader.new(stream)
reader.each do |result|
  puts result
end

Write events into Splunk

main = service.indexes["main"]

# Using the simple receiver endpoint
main.submit("This is a test event.")

# Using the streaming receiver endpoint
socket = main.attach()
begin
  socket.write("The first event.\r\n")
  socket.write("The second event.\r\n")
ensure
  socket.close()
end

----------------------------------------------------
Thanks!
Neeraj Luthra

Splunk
Posted by

Splunk

Join the Discussion