Learn more
 

Ready to get started?

Download a free trial of the Splunk Connector to get started:

 Download Now

Learn more:

Splunk Icon Splunk Python Connector

Python Connector Libraries for Splunk Data Connectivity. Integrate Splunk with popular Python tools like Pandas, SQLAlchemy, Dash & petl.

In this article

Related articles

How to use SQLAlchemy ORM to access Splunk Data in Python


Create Python applications and scripts that use SQLAlchemy Object-Relational Mappings of Splunk data.

The rich ecosystem of Python modules lets you get to work quickly and integrate your systems effectively. With the CData Python Connector for Splunk and the SQLAlchemy toolkit, you can build Splunk-connected Python applications and scripts. This article shows how to use SQLAlchemy to connect to Splunk data to query, update, delete, and insert Splunk data.

With built-in optimized data processing, the CData Python Connector offers unmatched performance for interacting with live Splunk data in Python. When you issue complex SQL queries from Splunk, the CData Connector pushes supported SQL operations, like filters and aggregations, directly to Splunk and utilizes the embedded SQL engine to process unsupported operations client-side (often SQL functions and JOIN operations).

Connecting to Splunk Data

Connecting to Splunk data looks just like connecting to any relational data source. Create a connection string using the required connection properties. For this article, you will pass the connection string as a parameter to the create_engine function.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

Follow the procedure below to install SQLAlchemy and start accessing Splunk through Python objects.

Install Required Modules

Use the pip utility to install the SQLAlchemy toolkit and SQLAlchemy ORM package:

pip install sqlalchemy pip install sqlalchemy.orm

Be sure to import the appropriate modules:

from sqlalchemy import create_engine, String, Column from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.orm import sessionmaker

Model Splunk Data in Python

You can now connect with a connection string. Use the create_engine function to create an Engine for working with Splunk data.

NOTE: Users should URL encode the any connection string properties that include special characters. For more information, refer to the SQL Alchemy documentation.

engine = create_engine("splunk:///?user=MyUserName&password=MyPassword&URL=MyURL&InitiateOAuth=GETANDREFRESH&OAuthSettingsLocation=/PATH/TO/OAuthSettings.txt")

Declare a Mapping Class for Splunk Data

After establishing the connection, declare a mapping class for the table you wish to model in the ORM (in this article, we will model the DataModels table). Use the sqlalchemy.ext.declarative.declarative_base function and create a new class with some or all of the fields (columns) defined.

base = declarative_base() class DataModels(base): __tablename__ = "DataModels" Name = Column(String,primary_key=True) Owner = Column(String) ...

Query Splunk Data

With the mapping class prepared, you can use a session object to query the data source. After binding the Engine to the session, provide the mapping class to the session query method.

Using the query Method

engine = create_engine("splunk:///?user=MyUserName&password=MyPassword&URL=MyURL&InitiateOAuth=GETANDREFRESH&OAuthSettingsLocation=/PATH/TO/OAuthSettings.txt") factory = sessionmaker(bind=engine) session = factory() for instance in session.query(DataModels).filter_by(Id="SampleDataset"): print("Name: ", instance.Name) print("Owner: ", instance.Owner) print("---------")

Alternatively, you can use the execute method with the appropriate table object. The code below works with an active session.

Using the execute Method

DataModels_table = DataModels.metadata.tables["DataModels"] for instance in session.execute(DataModels_table.select().where(DataModels_table.c.Id == "SampleDataset")): print("Name: ", instance.Name) print("Owner: ", instance.Owner) print("---------")

For examples of more complex querying, including JOINs, aggregations, limits, and more, refer to the Help documentation for the extension.

Insert Splunk Data

To insert Splunk data, define an instance of the mapped class and add it to the active session. Call the commit function on the session to push all added instances to Splunk.

new_rec = DataModels(Name="placeholder", Id="SampleDataset") session.add(new_rec) session.commit()

Update Splunk Data

To update Splunk data, fetch the desired record(s) with a filter query. Then, modify the values of the fields and call the commit function on the session to push the modified record to Splunk.

updated_rec = session.query(DataModels).filter_by(SOME_ID_COLUMN="SOME_ID_VALUE").first() updated_rec.Id = "SampleDataset" session.commit()

Delete Splunk Data

To delete Splunk data, fetch the desired record(s) with a filter query. Then delete the record with the active session and call the commit function on the session to perform the delete operation on the provided records (rows).

deleted_rec = session.query(DataModels).filter_by(SOME_ID_COLUMN="SOME_ID_VALUE").first() session.delete(deleted_rec) session.commit()

Free Trial & More Information

Download a free, 30-day trial of the CData Python Connector for Splunk to start building Python apps and scripts with connectivity to Splunk data. Reach out to our Support Team if you have any questions.