Automate Splunk Integration Tasks from PowerShell


Are you in search of a quick and easy way to access Splunk data from PowerShell? This article demonstrates how to utilize the Splunk Cmdlets for tasks like connecting to Splunk data, automating operations, downloading data, and more.

The CData Cmdlets for Splunk are standard PowerShell cmdlets that make it easy to accomplish data cleansing, normalization, backup, and other integration tasks by enabling real-time and bidirectional access to Splunk.

PowerShell Cmdlets or ADO.NET Provider?

The Cmdlets are not only a PowerShell interface to Splunk, but also an SQL interface; this tutorial shows how to use both to create, retrieve, update, and delete Splunk data. We also show examples of the ADO.NET equivalent, which is possible with the CData ADO.NET Provider for Splunk. To access Splunk data from other .NET applications, like LINQPad, use the CData ADO.NET Provider for Splunk.

Once you have acquired the necessary connection properties, accessing Splunk data in PowerShell can be enabled in three steps.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

PowerShell

  1. Install the module:

    Install-Module SplunkCmdlets

  2. Connect:

    $splunk = Connect-Splunk -user "$user" -password "$password" -URL "$URL"

  3. Search for and retrieve data:

    $id = "SampleDataset" $datamodels = Select-Splunk -Connection $splunk -Table "DataModels" -Where "Id = `'$Id`'" $datamodels

    You can also use the Invoke-Splunk cmdlet to execute SQL commands:

    $datamodels = Invoke-Splunk -Connection $splunk -Query 'SELECT * FROM DataModels WHERE Id = @Id' -Params @{'@Id'='SampleDataset'}

ADO.NET

  1. Load the provider's assembly:

    [Reflection.Assembly]::LoadFile("C:\Program Files\CData\CData ADO.NET Provider for Splunk\lib\System.Data.CData.Splunk.dll")

  2. Connect to Splunk:

    $conn= New-Object System.Data.CData.Splunk.SplunkConnection("user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH") $conn.Open()

  3. Instantiate the SplunkDataAdapter, execute an SQL query, and output the results:

    $sql="SELECT Name, Owner from DataModels" $da= New-Object System.Data.CData.Splunk.SplunkDataAdapter($sql, $conn) $dt= New-Object System.Data.DataTable $da.Fill($dt) $dt.Rows | foreach { Write-Host $_.name $_.owner }

Update Splunk Data

PowerShell

Update-Splunk -Connection $Splunk -Columns @('Name','Owner') -Values @('MyName', 'MyOwner') -Table DataModels -Id "MyId"

ADO.NET

$cmd = New-Object System.Data.CData.Splunk.SplunkCommand("UPDATE DataModels SET Id='SampleDataset' WHERE Id = @myId", $conn) $cmd.Parameters.Add((New-Object System.Data.CData.Splunk.SplunkParameter("@myId","10456255-0015501366"))) $cmd.ExecuteNonQuery()

Insert Splunk Data

PowerShell

Add-Splunk -Connection $Splunk -Table DataModels -Columns @("Name", "Owner") -Values @("MyName", "MyOwner")

ADO.NET

$cmd = New-Object System.Data.CData.Splunk.SplunkCommand("INSERT INTO DataModels (Id) VALUES (@myId)", $conn) $cmd.Parameters.Add((New-Object System.Data.CData.Splunk.SplunkParameter("@myId","SampleDataset"))) $cmd.ExecuteNonQuery()

Delete Splunk Data

PowerShell

Remove-Splunk -Connection $Splunk -Table "DataModels" -Id "MyId"

ADO.NET

$cmd = New-Object System.Data.CData.Splunk.SplunkCommand("DELETE FROM DataModels WHERE Id=@myId", $conn) $cmd.Parameters.Add((New-Object System.Data.CData.Splunk.SplunkParameter("@myId","001d000000YBRseAAH"))) $cmd.ExecuteNonQuery()

Ready to get started?

Download a free trial of the Splunk Data Provider to get started:

 Download Now

Learn more:

Splunk Icon Splunk ADO.NET Provider

Rapidly create and deploy powerful .NET applications that integrate with Splunk data including Datamodels, Datasets, SearchJobs, and more!

In this article

Related articles