Work with Live Splunk Data in Power Query

Power Query is a data transformation and data preparation engine. When paired with CData Connect Cloud, you get instant, cloud-to-cloud access to Splunk data from Power Query. This article shows how to connect to Connect Cloud from Power Query through Microsoft Excel and get live access to Splunk data for transformation and preparation.

CData Connect Cloud provides a pure SQL, cloud-to-cloud interface for Splunk, allowing you to easily integrate with live Splunk data in Power Query — without replicating the data. CData Connect Cloud looks exactly like a SQL Server database to Power Query and uses optimized data processing out of the box to push all supported SQL operations (filters, JOINs, etc) directly to Splunk, leveraging server-side processing to quickly return Splunk data.

Configure Splunk Connectivity for Power Query

Connectivity to Splunk from Power Query is made possible through CData Connect Cloud. To work with Splunk data from Power Query, we start by creating and configuring a Splunk connection.

1. Log into Connect Cloud, click Connections and click Add Connection
2. Select "Splunk" from the Add Connection panel
3. Enter the necessary authentication properties to connect to Splunk.

   To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

   The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

   If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

4. Click Create & Test
5. Navigate to the Permissions tab in the Add Splunk Connection page and update the User-based permissions.

Add a Personal Access Token

If you are connecting from a service, application, platform, or framework that does not support OAuth authentication, you can create a Personal Access Token (PAT) to use for authentication. Best practices would dictate that you create a separate PAT for each service, to maintain granularity of access.

1. Click on your username at the top right of the Connect Cloud app and click User Profile.
2. On the User Profile page, scroll down to the Personal Access Tokens section and click Create PAT.
3. Give your PAT a name and click Create.
4. The personal access token is only visible at creation, so be sure to copy it and store it securely for future use.

With the connection configured, you are ready to connect to Splunk data from Power Query.

Working with Live Splunk Data in Power Query

With the connection to Connect Cloud configured, you are ready to work with live Splunk data in Power Query.

1. In Microsoft Excel, open the Power Query Editor (from the Data ribbon, click Get Data -> Launch Power Query Editor)
2. Click New Source -> SQL Server
3. In the SQL Server database modal:
   • Set Server to tds.cdata.com,14333
   • (Optional) Set Database to the name of the Splunk connection (e.g. Splunk1 )
4. In the SQL Server credentials modal, select "Database" and
   • Set User to your Connect Cloud username (e.g. user@mydomain.com )
   • Set Password to the PAT for the above user
5. Click Connect
6. Select the table(s) you wish to work with in the Navigator and click "OK"

At this point, you have live access to Splunk data from Power Query for transformation and preparation.

SQL Access to Splunk Data

Now you have a direct connection to live Splunk data from Microsoft Power Query. You can create more connections and transform and preparte your data to better drive business — all without replicating Splunk data.

To get real-time data access to 100+ SaaS, Big Data, and NoSQL sources directly from your cloud applications, sign up for a free trial of CData Connect Cloud.