ETL Splunk in Oracle Data Integrator

Leverage existing skills by using the JDBC standard to read and write to Splunk: Through drop-in integration into ETL tools like Oracle Data Integrator (ODI), the CData JDBC Driver for Splunk connects real-time Splunk data to your data warehouse, business intelligence, and Big Data technologies.

JDBC connectivity enables you to work with Splunk just as you would any other database in ODI. As with an RDBMS, you can use the driver to connect directly to the Splunk APIs in real time instead of working with flat files.

This article walks through a JDBC-based ETL -- Splunk to Oracle. After reverse engineering a data model of Splunk entities, you will create a mapping and select a data loading strategy -- since the driver supports SQL-92, this last step can easily be accomplished by selecting the built-in SQL to SQL Loading Knowledge Module.

Install the Driver

To install the driver, copy the driver JAR (cdata.jdbc.splunk.jar) and .lic file (cdata.jdbc.splunk.lic), located in the installation folder, into the ODI appropriate directory:

• UNIX/Linux without Agent: ~/.odi/oracledi/userlib
• UNIX/Linux with Agent: ~/.odi/oracledi/userlib and $ODI_HOME/odi/agent/lib
• Windows without Agent: %APPDATA%\Roaming\odi\oracledi\userlib
• Windows with Agent: %APPDATA%\odi\oracledi\userlib and %APPDATA%\odi\agent\lib

Restart ODI to complete the installation.

Reverse Engineer a Model

Reverse engineering the model retrieves metadata about the driver's relational view of Splunk data. After reverse engineering, you can query real-time Splunk data and create mappings based on Splunk tables.

1. In ODI, connect to your repository and click New -> Model and Topology Objects.
2. On the Model screen of the resulting dialog, enter the following information:
   • Name: Enter Splunk.
   • Technology: Select Generic SQL (for ODI Version 12.2+, select Microsoft SQL Server).
   • Logical Schema: Enter Splunk.
   • Context: Select Global.
3. On the Data Server screen of the resulting dialog, enter the following information:
   • Name: Enter Splunk.
   • Driver List: Select Oracle JDBC Driver.
   • Driver: Enter cdata.jdbc.splunk.SplunkDriver
   • URL: Enter the JDBC URL containing the connection string.

     To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

     The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

     If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

     Built-in Connection String Designer

     For assistance in constructing the JDBC URL, use the connection string designer built into the Splunk JDBC Driver. Either double-click the JAR file or execute the jar file from the command-line.

     java -jar cdata.jdbc.splunk.jar

     Fill in the connection properties and copy the connection string to the clipboard.

     Below is a typical connection string:

     jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH
4. On the Physical Schema screen, enter the following information:
   • Name: Select from the Drop Down menu.
   • Database (Catalog): Enter CData.
   • Owner (Schema): If you select a Schema for Splunk, enter the Schema selected, otherwise enter Splunk.
   • Database (Work Catalog): Enter CData.
   • Owner (Work Schema): If you select a Schema for Splunk, enter the Schema selected, otherwise enter Splunk.
5. In the opened model click Reverse Engineer to retrieve the metadata for Splunk tables.

Edit and Save Splunk Data

After reverse engineering you can now work with Splunk data in ODI. To edit and save Splunk data, expand the Models accordion in the Designer navigator, right-click a table, and click Data. Click Refresh to pick up any changes to the data. Click Save Changes when you are finished making changes.

Create an ETL Project

Follow the steps below to create an ETL from Splunk. You will load DataModels entities into the sample data warehouse included in the ODI Getting Started VM.

1. Open SQL Developer and connect to your Oracle database. Right-click the node for your database in the Connections pane and click new SQL Worksheet.

   Alternatively you can use SQLPlus. From a command prompt enter the following:

   sqlplus / as sysdba
2. Enter the following query to create a new target table in the sample data warehouse, which is in the ODI_DEMO schema. The following query defines a few columns that match the DataModels table in Splunk: CREATE TABLE ODI_DEMO.TRG_DATAMODELS (OWNER NUMBER(20,0),Name VARCHAR2(255));
3. In ODI expand the Models accordion in the Designer navigator and double-click the Sales Administration node in the ODI_DEMO folder. The model is opened in the Model Editor.
4. Click Reverse Engineer. The TRG_DATAMODELS table is added to the model.
5. Right-click the Mappings node in your project and click New Mapping. Enter a name for the mapping and clear the Create Empty Dataset option. The Mapping Editor is displayed.
6. Drag the TRG_DATAMODELS table from the Sales Administration model onto the mapping.
7. Drag the DataModels table from the Splunk model onto the mapping.
8. Click the source connector point and drag to the target connector point. The Attribute Matching dialog is displayed. For this example, use the default options. The target expressions are then displayed in the properties for the target columns.
9. Open the Physical tab of the Mapping Editor and click DATAMODELS_AP in TARGET_GROUP.
10. In the DATAMODELS_AP properties, select LKM SQL to SQL (Built-In) on the Loading Knowledge Module tab.

You can then run the mapping to load Splunk data into Oracle.