Stream Splunk Data into Apache Kafka Topics



Access and stream Splunk data in Apache Kafka using the CData JDBC Driver and the Kafka Connect JDBC connector.

Apache Kafka is an open-source stream processing platform that is primarily used for building real-time data pipelines and event-driven applications. When paired with the CData JDBC Driver for Splunk, Kafka can work with live Splunk data. This article describes how to connect, access and stream Splunk data into Apache Kafka Topics and to start Confluent Control Center to help users secure, manage, and monitor the Splunk data received using Kafka infrastructure in the Confluent Platform.

With built-in optimized data processing, the CData JDBC Driver offers unmatched performance for interacting with live Splunk data. When you issue complex SQL queries to Splunk, the driver pushes supported SQL operations, like filters and aggregations, directly to Splunk and utilizes the embedded SQL engine to process unsupported operations client-side (often SQL functions and JOIN operations). Its built-in dynamic metadata querying allows you to work with and analyze Splunk data using native data types.

Prerequisites

Before connecting the CData JDBC Driver for streaming Splunk data in Apache Kafka Topics, install and configure the following in the client Linux-based system.

  1. Confluent Platform for Apache Kafka
  2. Confluent Hub CLI Installation
  3. Self-Managed Kafka JDBC Source Connector for Confluent Platform

Define a New JDBC Connection to Splunk data

  1. Download CData JDBC Driver for Splunk on a Linux-based system
  2. Follow the given instructions to create a new directory extract all the driver contents into it:
    1. Create a new directory named Splunk mkdir Splunk
    2. Move the downloaded driver file (.zip) into this new directory mv SplunkJDBCDriver.zip Splunk/
    3. Unzip the CData SplunkJDBCDriver contents into this new directory unzip SplunkJDBCDriver.zip
  3. Open the Splunk directory and navigate to the lib folder ls cd lib/
  4. Copy the contents of the lib folder of Splunk into the lib folder of Kafka Connect JDBC. Check the Kafka Connect JDBC folder contents to confirm that the cdata.jdbc.splunk.jar file is successfully copied into the lib folder cp * ../../confluent-7.5.0/share/confluent-hub-components/confluentinc-kafka-connect-jdbc/lib/ cd ../../confluent-7.5.0/share/confluent-hub-components/confluentinc-kafka-connect-jdbc/lib/
  5. Install the CData Splunk JDBC driver license using the given command, followed by your Name and Email ID java -jar cdata.jdbc.splunk.jar -l
  6. Enter the product key or "TRIAL" (In the scenarios of license expiry, please contact our CData Support team)
  7. Start the Confluent local services using the command: confluent local services start

    This starts all the Confluent Services like Zookeeper, Kafka, Schema Registry, Kafka REST, Kafka CONNECT, ksqlDB and Control Center. You are now ready to use the CData JDBC driver for Splunk to stream messages using Kafka Connect Driver into Kafka Topics on ksqlDB.

    Start the Confluent local services
  8. Create the Kafka topics manually using a POST HTTP API Request: curl --location 'server_address:8083/connectors' --header 'Content-Type: application/json' --data '{ "name": "jdbc_source_cdata_splunk_01", "config": { "connector.class": "io.confluent.connect.jdbc.JdbcSourceConnector", "connection.url": "jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;; InitiateOAuth=GETANDREFRESH", "topic.prefix": "splunk-01-", "mode": "bulk" } }'

    Let us understand the fields used in the HTTP POST body (shown above):

    • connector.class: Specifies the Java class of the Kafka Connect connector to be used.
    • connection.url: The JDBC connection URL to connect with Splunk data.

      Built-in Connection String Designer

      For assistance in constructing the JDBC URL, use the connection string designer built into the Splunk JDBC Driver. Either double-click the JAR file or execute the jar file from the command-line.

      java -jar cdata.jdbc.splunk.jar

      Fill in the connection properties and copy the connection string to the clipboard.

      To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

      The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

      If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

      Using the built-in connection string designer to generate a JDBC URL (Salesforce is shown.)

    • topic.prefix: A prefix that will be added to the Kafka topics created by the connector. It's set to "splunk-01-".
    • mode: Specifies the mode in which the connector operates. In this case, it's set to "bulk", which suggests that the connector is configured to perform bulk data transfer.

    This request adds all the tables/contents from Splunk as Kafka Topics.

    Note: The IP Address (server) to POST the request (shown above) is the Linux Network IP Address.

  9. Run ksqlDB and list the topics. Use the commands: ksql list topics; List the Kafka Topics (BigCommerce is shown)
  10. To view the data inside the topics, type the SQL Statement: PRINT topic FROM BEGINNING;

Connecting with the Confluent Control Center

To access the Confluent Control Center user interface, ensure to run the "confluent local services" as described in the above section and type http://<server address>:9021/clusters/ on your local browser.

Connect with Confluent Control Center

Get Started Today

Download a free, 30-day trial of the CData JDBC Driver for Splunk and start streaming Splunk data into Apache Kafka. Reach out to our Support Team if you have any questions.

Ready to get started?

Download a free trial of the Splunk Driver to get started:

 Download Now

Learn more:

Splunk Icon Splunk JDBC Driver

Rapidly create and deploy powerful Java applications that integrate with Splunk data including Datamodels, Datasets, SearchJobs, and more!