Ready to get started?

Learn more about CData Cloud Hub or sign up for a free trial:

Learn More

Visualize Live Splunk Data in the Power BI Service

Use the CData Cloud Hub to create a virtual SQL Server database for Splunk data and create custom reports in the Power BI Service.

Power BI transforms your company's data into rich visuals for you to collect and organize so you can focus on what matters to you. When paired with the CData Cloud Hub, you get instant access to Splunk data for visualizations, dashboards, and more. This article shows how to build and publish a dataset from Splunk data in Power BI and then create reports on Splunk data in the Power BI service.

The CData Cloud Hub provides a pure SQL interface for Splunk, allowing you to easily build reports from live Splunk data in Power BI — with no need to replicate the data. As you build visualizations, Power BI generates SQL queries to gather data. Using optimized data processing out of the box, the CData Cloud Hub pushes all supported SQL operations (filters, JOINs, etc) directly to Splunk, leveraging server-side processing to quickly return Splunk data.

Create a Virtual SQL Database for Splunk Data

CData Cloud Hub uses a straightforward, point-and-click interface to connect to data sources and generate APIs.

  1. Login to Cloud Hub and click Databases.
  2. Select "Splunk" from Available Data Sources.
  3. Enter the necessary authentication properties to connect to Splunk.

    To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

    The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

    If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

  4. Click Test Database.
  5. Click Privileges -> Add and add the new user (or an existing user) with the appropriate permissions.

Configuring Power BI and the On-Premises Data Gateway

To connect to and visualize your Splunk data in the Power BI service through the CData Cloud Hub, install the on-premises data gateway, add a data source to the gateway from the Power BI service, and publish a dataset from Power BI Desktop to the service.

Install the On-Premises Data Gateway

The Microsoft on-premises data gateway provides secure data transfer between connected data sources and various cloud-based Microsoft tools and platforms. You can read more about the gateway in the Microsoft documentation.

You can download and install the gateway from the Power BI service:

  1. Log in to PowerBI.com
  2. Click the Download menu and click Data Gateway
  3. Follow the instructions for installation, making note of the name of the gateway

Add Splunk as a Data Source to the Power BI Service

Once you have installed the data gateway, you add the Cloud Hub as a data source to the Power BI service:

  1. Log in to PowerBI.com
  2. Click the Settings menu and click "Manage gateways"
  3. Click "ADD DATA SOURCE" and configure the connection to the Cloud Hub:

    • Set Data Source Name CloudHub_Splunk
    • Choose SQL Server as the Data Source Type
    • Set Server to the address of your Cloud Hub instance (i.e.: myinstance.cdatacloud.net)
    • Set Database to the name of your virtual Splunk database (i.e.: splunkdb)
    • Set Authentication Method to Basic
    • Set Username and Password to Cloud Hub credentials

Publish a Dataset from Power BI Desktop

With the gateway installed and the Cloud Hub added as a datasource to the Power BI service, you can publish a dataset from Power BI Desktop to the service.

  1. Open Power BI, click Get Data -> More, then select SQL Server database, and click Connect.
  2. Set the connection properties and click OK.
    • Set Server to the address of your Cloud Hub instance (i.e.: myinstance.cdatacloud.net)
    • Set Database to the name of your virtual Splunk database (i.e.: splunkdb)
    • Set Data Connectivity mode to DirectQuery*
    * DirectQuery enables live query processing and real-time visualizations of Splunk data.
  3. In the authentication wizard, select Database, set the User name and Password properties, and click Connect.
  4. Select the table(s) to visualize in the Navigator dialog.
  5. In the Query Editor, you can customize your dataset by filtering, sorting, and summarizing Splunk columns. Click Edit to open the query editor. Right-click a row to filter the rows. Right-click a column header to perform actions like the following:

    • Change column data types
    • Remove a column
    • Group by columns

    Power BI detects each column's data type from the Splunk metadata reported by the Cloud Hub.

    Power BI records your modifications to the query in the Applied Steps section, adjusting the underlying data retrieval query that is executed to the remote Splunk data. When you click Close and Apply, Power BI executes the data retrieval query.

    Otherwise, click Load to pull the data into Power BI.

  6. Define any relationships between the selected entities on the Relationships tab.
  7. Click Publish (from the Home menu) and select a Workspace.

Build Reports and Dashboards on Splunk Data in the Power BI Service

Now that you have published a dataset to the Power BI service, you can create new reports and dashboards based on the published data:

  1. Log in to PowerBI.com
  2. Click Workspaces and select a workspace
  3. Click Create and select Report
  4. Select the published dataset for the report
  5. Choose fields and visualizations to add to your report

SQL Access to Splunk Data from Cloud Applications

Now you have a direct connection to live Splunk data from the Power BI service. You can create more data sources and new visualizations, build reports, and more — all without replicating Splunk data.

To get SQL data access to 100+ SaaS, Big Data, and NoSQL sources directly from your cloud applications, see the CData Cloud Hub.