Products

Solutions

Connectors

Support

Company

Resources

Ready to get started?

Download a free trial of the Splunk Driver to get started:

Download Now

Learn more:

Splunk JDBC Driver

Rapidly create and deploy powerful Java applications that integrate with Splunk data including Datamodels, Datasets, SearchJobs, and more!

Load Splunk Data to a Database Using Embulk

Use CData JDBC drivers with the open source ETL/ELT tool Embulk to load Splunk data to a database.

Embulk is an open source bulk data loader. When paired with the CData JDBC Driver for Splunk, Embulk easily loads data from Splunk to any supported destination. In this article, we explain how to use the CData JDBC Driver for Splunk in Embulk to load Splunk data to a MySQL dtabase.

With built-in optimized data processing, the CData JDBC Driver offers unmatched performance for interacting with live Splunk data. When you issue complex SQL queries to Splunk, the driver pushes supported SQL operations, like filters and aggregations, directly to Splunk and utilizes the embedded SQL engine to process unsupported operations client-side (often SQL functions and JOIN operations).

Configure a JDBC Connection to Splunk Data

Before creating a bulk load job in Embulk, note the installation location for the JAR file for the JDBC Driver (typically C:\Program Files\CData\CData JDBC Driver for Splunk\lib).

Embulk supports JDBC connectivity, so you can easily connect to Splunk and execute SQL queries. Before creating a bulk load job, create a JDBC URL for authenticating with Splunk.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

Built-in Connection String Designer

For assistance in constructing the JDBC URL, use the connection string designer built into the Splunk JDBC Driver. Either double-click the JAR file or execute the jar file from the command-line.


java -jar cdata.jdbc.splunk.jar

Fill in the connection properties and copy the connection string to the clipboard.

Using the built-in connection string designer to generate a JDBC URL (Salesforce is shown.)

Below is a typical JDBC connection string for Splunk:


jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH

Load Splunk Data in Embulk

After installing the CData JDBC Driver and creating a JDBC connection string, install the required Embulk plugins.

Install Embulk Input & Output Plugins

Install the JDBC Input Plugin in Embulk.
https://github.com/embulk/embulk-input-jdbc/tree/master/embulk-input-jdbc


embulk gem install embulk-input-jdbc

In this article, we use MySQL as the destination database. You can also choose SQL Server, PostgreSQL, or Google BigQuery as the destination using the output Plugins.
https://github.com/embulk/embulk-output-jdbc/tree/master/embulk-output-mysql embulk gem install embulk-output-mysql

With the input and output plugins installed, we are ready to load Splunk data into MySQL using Embulk.

Create a Job to Load Splunk Data

Start by creating a config file in Embulk, using a name like splunk-mysql.yml.

For the input plugin options, use the CData JDBC Driver for Splunk, including the path to the driver JAR file, the driver class (e.g. cdata.jdbc.splunk.SplunkDriver), and the JDBC URL from above
For the output plugin options, use the values and credentials for the MySQL database

Sample Config File (splunk-mysql.yml)


in:
	type: jdbc
	driver_path: C:\Program Files\CData[product_name] 20xx\lib\cdata.jdbc.splunk.jar
	driver_class: cdata.jdbc.splunk.SplunkDriver
	url: jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=REFRESH
	table: "DataModels"
out: 
	type: mysql
	host: localhost
	database: DatabaseName
	user: UserId
	password: UserPassword
	table: "DataModels"
	mode: insert

After creating the file, run the Embulk job.


embulk run splunk-mysql.yml

After running the the Embulk job, find the Salesforce data in the MySQL table.

Load Filtered Splunk Data

In addition to loading data directly from a table, you can use a custom SQL query to have more granular control of the data loaded. You can also perform increment loads by setting a last updated column in a SQL WHERE clause in the query field.


in:
	type: jdbc
	driver_path: C:\Program Files\CData[product_name] 20xx\lib\cdata.jdbc.splunk.jar
	driver_class: cdata.jdbc.splunk.SplunkDriver
	url: jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=REFRESH
	query: "SELECT Name, Owner FROM DataModels WHERE [RecordId] = 1"
out: 
	type: mysql
	host: localhost
	database: DatabaseName
	user: UserId
	password: UserPassword
	table: "DataModels"
	mode: insert

More Information & Free Trial

By using CData JDBC Driver for Splunk as a connector, Embulk can integrate Splunk data into your data load jobs. And with drivers for more than 200+ other enterprise sources, you can integrate any enterprise SaaS, big data, or NoSQL source as well. Download a 30-day free trial and get started today.

CData Software is a leading provider of data access and connectivity solutions. Our standards-based connectors streamline data access and insulate customers from the complexities of integrating with on-premise or cloud databases, SaaS, APIs, NoSQL, and Big Data.

Connect With Us

Get Started

Data Connectors

ETL/ ELT Solutions

Cloud & API Connectivity

OEM & Custom Drivers