从splunk源中读取并写入主题-写入相同的记录。不获取最新记录

时间:2019-11-19 20:49:24

标签: java apache-kafka apache-kafka-connect splunk

相同的记录正在写入主题。不从splunk中获取最新记录。在start方法中设置时间参数以提取最后一分钟的数据。任何输入。

当前我没有设置源偏移量。每次运行轮询时,它会查找源偏移量然后进行轮询吗?在日志中,我们可以有时间作为偏移量吗?

@Override
public List<SourceRecord> poll() throws InterruptedException {
    List<SourceRecord> results = new ArrayList<>();
    Map<String, String> recordProperties = new HashMap<String, String>();
    while (true) {
        try {
            String line = null;                
            InputStream stream = job.getResults(previewArgs);
            String earlierKey = null;
            String value = null;                                
            ResultsReaderCsv csv = new ResultsReaderCsv(stream);
            HashMap<String, String> event;    
            while ((event = csv.getNextEvent()) != null) {
                for (String key: event.keySet())   {                
                    if(key.equals("rawlogs")){
                        recordProperties.put("rawlogs", event.get(key));                                                        results.add(extractRecord(Splunklog.SplunkLogSchema(), line, recordProperties));
                        return results;}}}
            csv.close();
            stream.close();
            Thread.sleep(500);
        } catch(Exception ex) {
            System.out.println("Exception occurred : " + ex);
        }
    }
}
private SourceRecord extractRecord(Schema schema, String line, Map<String, String> recordProperties) {
    Map<String, String> sourcePartition = Collections.singletonMap(FILENAME_FIELD, FILENAME);       
    Map<String, String> sourceOffset = Collections.singletonMap(POSITION_FIELD, recordProperties.get(OFFSET_KEY));
    return new SourceRecord(sourcePartition, sourceOffset, TOPIC_NAME, schema, recordProperties);        
}

@Override
public void start(Map<String, String> properties) {
    try {
        config = new SplunkSourceTaskConfig(properties);
    } catch (ConfigException e) {
          throw new ConnectException("Couldn't start SplunkSourceTask due to configuration error", e);
    }
    HttpService.setSslSecurityProtocol(SSLSecurityProtocol.TLSv1_2);
    Service service = new Service("splnkip", port);
    String credentials = "user:pwd";
    String basicAuthHeader = Base64.encode(credentials.getBytes());
    service.setToken("Basic " + basicAuthHeader);       
    String startOffset = readOffset();
    JobArgs jobArgs = new JobArgs();
    if (startOffset != null) {
        log.info("-------------------------------task OFFSET!NULL ");
        jobArgs.setExecutionMode(JobArgs.ExecutionMode.BLOCKING);
        jobArgs.setSearchMode(JobArgs.SearchMode.NORMAL);
        jobArgs.setEarliestTime(startOffset);
        jobArgs.setLatestTime("now");
        jobArgs.setStatusBuckets(300);
    } else {
        log.info("-------------------------------task OFFSET=NULL ");
        jobArgs.setExecutionMode(JobArgs.ExecutionMode.BLOCKING);
        jobArgs.setSearchMode(JobArgs.SearchMode.NORMAL);
        jobArgs.setEarliestTime("+419m");
        jobArgs.setLatestTime("+420m");
        jobArgs.setStatusBuckets(300);
    }

    String mySearch = "search host=search query";
    job = service.search(mySearch, jobArgs);        
    while (!job.isReady()) {
        try {
            Thread.sleep(500);
        } catch (InterruptedException ex) {
            log.error("Exception occurred while waiting for job to start: " + ex);
        }
    }        
    previewArgs = new JobResultsPreviewArgs();
    previewArgs.put("output_mode", "csv");        
    stop = new AtomicBoolean(false);
}

0 个答案:

没有答案