Connect to and Query Splunk Data in QlikView over ODBC

The CData ODBC drivers expand your ability to work with data from more than 200 data sources. QlikView is a business discovery platform that provides self-service BI for all business users in an organization. This article outlines simple steps to connect to Splunk data using the CData ODBC driver and create data visualizations in QlikView.

The CData ODBC drivers offer unmatched performance for interacting with live Splunk data in QlikView due to optimized data processing built into the driver. When you issue complex SQL queries from QlikView to Splunk, the driver pushes supported SQL operations, like filters and aggregations, directly to Splunk and utilizes the embedded SQL engine to process unsupported operations (often SQL functions and JOIN operations) client-side. With built-in dynamic metadata querying, you can visualize and analyze Splunk data using native QlikView data types.

Connect to Splunk as an ODBC Data Source

If you have not already, first specify connection properties in an ODBC DSN (data source name). This is the last step of the driver installation. You can use the Microsoft ODBC Data Source Administrator to create and configure ODBC DSNs.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

When you configure the DSN, you may also want to set the Max Rows connection property. This will limit the number of rows returned, which is especially helpful for improving performance when designing reports and visualizations.

Populate a Chart with Splunk Data

The steps below supply the results of an SQL query to a visualization in QlikView. In this article, you will create a bar chart with the query below:

1. Click File -> Edit Script (or click the Edit Script button in the Toolbar).
2. On the Data tab, select ODBC in the Database menu and click Connect.
3. Select the DSN (CData Splunk Sys) in the resulting dialog. A command like the following is generated: ODBC CONNECT TO [CData Splunk Sys];
4. Enter the SQL query directly into the script with the SQL command (or click Select to build the query in the SELECT statement wizard). SQL SELECT Name, Owner FROM DataModels;

   Where possible, the SQL operations in the query, like filters and aggregations, will be pushed down to Splunk, while any unsupported operations (which can include SQL functions and JOIN operations) will be managed client-side by the CData SQL engine embedded in the driver.

5. Close the script editor and reload the document to execute the script.
6. Click Tools -> Quick Chart Wizard. In the wizard, select the chart type. This example uses a bar chart. When building the chart, you have access to the fields from Splunk, typed appropriately for QlikView, thanks to built-in dynamic metadata querying.
7. When defining Dimensions, select Name in the First Dimension menu.
8. When defining Expressions, click the summary function you want and select Owner in the menu.

9. Finish the wizard to generate the chart. The CData ODBC Driver for Splunk connects to live Splunk data, so the chart can be refreshed to see real-time changes. Live connections are possible and effective, thanks to the high-performance data processing native to CData ODBC Drivers.