Import Splunk Data into Apache Solr

Ready to get started?

Download for a free trial:

Download Now

Learn more:

Splunk JDBC Driver

Rapidly create and deploy powerful Java applications that integrate with Splunk data including Datamodels, Datasets, SearchJobs, and more!



Use the CData JDBC Driver for Splunk in Data Import Handler and create an automated import of Splunk data to Apache Solr Enterprise Search platform.

The Apache Solr platform is a popular, blazing-fast, open source enterprise search solution built on Apache Lucene.

Apache Solr is equipped with the Data Import Handler (DIH), which can import data from databases and, XML, CSV, and JSON files. When paired with the CData JDBC Driver for Splunk, you can easily import Splunk data to Apache Solr. In this article, we show step-by-step how to use CData JDBC Driver in Apache Solr Data Import Handler and import Splunk data for use in enterprise search.

Create an Apache Solr Core and a Schema for Importing Splunk

  1. Run Apache Solr and create a Core. > solr create -c CDataCore For this article, Solr is running as a standalone instance in the local environment and you can access the core at this URL: http://localhost:8983/solr/#/CDataCore/core-overview
  2. Create a schema for the Splunk data to be imported. LastModifiedDate, if it exists in Splunk, is used for incremental updates. If it does not exist, you cannot do the deltaquery in the later section.
  3. Install CData Splunk JDBC Driver. Copy the JAR and license file (cdata.splunk.jar and cdata.jdbc.splunk.lic) to the Solr directory.
    • CData JDBC JAR file: C:\Program Files\CData\CData JDBC Driver for Splunk 2019\lib
    • Apache Solr: solr-8.5.2\server\lib

Now we are ready to use Splunk data in Solr.

Define an Import of Splunk to Apache Solr

In this section, we walk through configuring the Data Import Handler.

  1. Modify the Config file of the created Core. Add the JAR file reference and add the DIH RequestHander definition. solr-data-config.xml
  2. Next, create a solr-data-config.xml at the same level. In this article, we retrieve a table from Splunk, but you can use a custom SQL query to request data as well. The Driver Class and a sample JDBC Connection string are in the sample code below.
  3. In the query section, set the SQL query that select the data from Splunk. deltaQuery and deltaImportquery define the ID and the conditions when using incremental updates from the second import of the same entity.
  4. After all settings are done, restart Solr. > solr stop -all > solr start

Run a DataImport of Splunk Data.

  1. Execute DataImport from the URL below:
    http://localhost:8983/solr/#/CDataCore/dataimport//dataimport
  2. Select the "full-import" Command, choose the table from Entity, and click "Execute."
  3. Check the result of the import from the Query.
  4. Try an incremental update using deltaQuery. Modify some data in the original Splunk data set. Select the "delta-import" command this time from DataImport window and click "Execute."
  5. Check the result of the incremental update.

Using the CData JDBC Driver for Splunk you are able to create an automated import of Splunk data into Apache Solr. Download a free, 30 day trial of any of the 200+ CData JDBC Drivers and get started today.