Connect to Splunk Data in as an External Source in Dremio

The CData JDBC Driver for Splunk implements JDBC Standards and allows various applications, including Dremio, to work with live Splunk data. Dremio is a data lakehouse platform designed to empower self-service, interactive analytics on the data lake. With the CData JDBC Driver, you can include live Splunk data as a part of your enterprise data lake. This article describes how to connect to Splunk data from Dremio as an External Source.

The CData JDBC Driver enables high-speed access to live Splunk data in Dremio. Once you install the driver, authenticate with Splunk and gain immediate access to Splunk data within your data lake. By surfacing Splunk data using native data types and handling complex filters, aggregations, & other operations automatically, the CData JDBC Driver grants seamless access to Splunk data.

Build the ARP Connector

To use the CData JDBC Driver in Dremio, you need to build an Advanced Relation Pushdown (ARP) Connector. You can view the source code for the Connector on GitHub or download the ZIP file (GitHub.com) directly. Once you copy or extract the files, run the following command from the root directory of the connector (the directory containing the pom.xml file) to build the connector.

mvn clean install

Once the JAR file for the connector is built (in the target directory), you are ready to copy the ARP connector and JDBC Driver to your Dremio instance.

Installing the Connector and JDBC Driver

Install the ARP Connector to %DREMIO_HOME%/jars/ and the JDBC Driver for Splunk to %DREMIO_HOME%/jars/3rdparty. You can use commands similar to the following:

ARP Connector

docker cp PATH\TO\dremio-splunk-plugin-20.0.0.jar dremio_image_name:/opt/dremio/jars/

JDBC Driver for Splunk

docker cp PATH\TO\cdata.jdbc.splunk.jar dremio_image_name:/opt/dremio/jars/3rdparty/

Connecting to Splunk

Splunk will now appear as an External Source option in Dremio. The ARP Connector built uses a JDBC URL to connect to Splunk data. The JDBC Driver has a built-in connection string designer that you can use (see below).

Built-in Connection String Designer

For assistance in constructing the JDBC URL, use the connection string designer built into the Splunk JDBC Driver. Double-click the JAR file or execute the jar file from the command line.

java -jar cdata.jdbc.splunk.jar

Fill in the connection properties and copy the connection string to the clipboard.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

NOTE: To use the JDBC Driver in Dremio, you will need a license (full or trial) and a Runtime Key (RTK). For more information on obtaining this license (or a trial), contact our sales team.

Add the Runtime Key (RTK) to the JDBC URL. You will end up with a JDBC URL similar to the following:

jdbc:splunk:RTK=5246...;user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH

Access Splunk as an External Source

To add Splunk as an External Source, click to add a new source and select Splunk. Copy the JDBC URL and paste it into the New Splunk Source wizard.

Save the connection and you are ready to query live Splunk data in Dremio, easily incorporating Splunk data into your data lake.

More Information & Free Trial

Using the CData JDBC Driver for Splunk in Dremio, you can incorporate live Splunk data into your data lake. Check out our CData JDBC Driver for Splunk page for more information about connecting to Splunk. Download a free, 30 day trial of the CData JDBC Driver for Splunk and get started today.