Excel Spreadsheet Automation with the QUERY Formula

The CData Excel Add-In for Splunk provides formulas that can edit, save, and delete Splunk data. The following three steps show how you can automate the following task: Search Splunk data for a user-specified value and then organize the results into an Excel spreadsheet.

The syntax of the CDATAQUERY formula is the following: =CDATAQUERY(Query, [Connection], [Parameters], [ResultLocation]);

This formula requires three inputs:

• Query: The declaration of the Splunk data records you want to retrieve or the modifications to be made, written in standard SQL.

• Connection: Either the connection name, such as SplunkConnection1, or a connection string. The connection string consists of the required properties for connecting to Splunk data, separated by semicolons.

  To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

  The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

  If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

• ResultLocation: The cell that the output of results should start from.

Pass Spreadsheet Cells as Inputs to the Query

The procedure below results in a spreadsheet that organizes all the formula inputs in the first column.

1. Define cells for the formula inputs. In addition to the connection inputs, add another input to define a criterion for a filter to be used to search Splunk data, such as Id.
2. In another cell, write the formula, referencing the cell values from the user input cells defined above. Single quotes are used to enclose values such as addresses that may contain spaces.
=CDATAQUERY("SELECT * FROM DataModels WHERE Id = '"&B4&"'","user="&B1&";password="&B2&";URL="&B3&";Provider=Splunk",B5)
3. Change the filter to change the data.