Ready to get started?

Learn more about the CData ADO.NET Provider for Splunk or download a free trial:

Download Now

Automate Splunk Integration Tasks from PowerShell

Are you looking for a quick and easy way to access Splunk data from PowerShell? We show how to use the Cmdlets for Splunk and the CData ADO.NET Provider for Splunk to connect to Splunk data and synchronize, automate, download, and more.

The CData Cmdlets for Splunk are standard PowerShell cmdlets that make it easy to accomplish data cleansing, normalization, backup, and other integration tasks by enabling real-time and bidirectional access to Splunk.

Cmdlets or ADO.NET?

The cmdlets are not only a PowerShell interface to the Splunk API, but also an SQL interface; this tutorial shows how to use both to create, retrieve, update, and delete Splunk data. We also show examples of the ADO.NET equivalent, which is possible with the CData ADO.NET Provider for Splunk. To access Splunk data from other .NET applications, like LINQPad, use the CData ADO.NET Provider for Splunk.

After obtaining the needed connection properties, accessing Splunk data in PowerShell consists of three basic steps.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

PowerShell

  1. Install the module:

    Install-Module SplunkCmdlets
  2. Connect:

    $splunk = Connect-Splunk -user "$user" -password "$password" -URL "$URL"
  3. Search for and retrieve data:

    $id = "SampleDataset" $datamodels = Select-Splunk -Connection $splunk -Table "DataModels" -Where "Id = `'$Id`'" $datamodels

    You can also use the Invoke-Splunk cmdlet to execute SQL commands:

    $datamodels = Invoke-Splunk -Connection $splunk -Query 'SELECT * FROM DataModels WHERE Id = @Id' -Params @{'@Id'='SampleDataset'}

ADO.NET

  1. Load the provider's assembly:

    [Reflection.Assembly]::LoadFile("C:\Program Files\CData\CData ADO.NET Provider for Splunk\lib\System.Data.CData.Splunk.dll")
  2. Connect to Splunk:

    $conn= New-Object System.Data.CData.Splunk.SplunkConnection("user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH") $conn.Open()
  3. Instantiate the SplunkDataAdapter, execute an SQL query, and output the results:

    $sql="SELECT Name, Owner from DataModels" $da= New-Object System.Data.CData.Splunk.SplunkDataAdapter($sql, $conn) $dt= New-Object System.Data.DataTable $da.Fill($dt) $dt.Rows | foreach { Write-Host $_.name $_.owner }

Update Splunk Data

PowerShell

Update-Splunk -Connection $Splunk -Columns @('Name','Owner') -Values @('MyName', 'MyOwner') -Table DataModels -Id "MyId"

ADO.NET

$cmd = New-Object System.Data.CData.Splunk.SplunkCommand("UPDATE DataModels SET Id='SampleDataset' WHERE Id = @myId", $conn) $cmd.Parameters.Add(new System.Data.CData.Splunk.SplunkParameter("@myId","10456255-0015501366")) $cmd.ExecuteNonQuery()

Insert Splunk Data

PowerShell

Add-Splunk -Connection $Splunk -Table DataModels -Columns @("Name", "Owner") -Values @("MyName", "MyOwner")

ADO.NET

$cmd = New-Object System.Data.CData.Splunk.SplunkCommand("INSERT INTO DataModels (Id) VALUES (@myId)", $conn) $cmd.Parameters.Add(new System.Data.CData.Splunk.SplunkParameter("@myId","SampleDataset")) $cmd.ExecuteNonQuery()

Delete Splunk Data

PowerShell

Remove-Splunk -Connection $Splunk -Table "DataModels" -Id "MyId"

ADO.NET

$cmd = New-Object System.Data.CData.Splunk.SplunkCommand("DELETE FROM DataModels WHERE Id=@myId", $conn) $cmd.Parameters.Add(new System.Data.CData.Splunk.SplunkParameter("@myId","001d000000YBRseAAH")) $cmd.ExecuteNonQuery()