A PostgreSQL Interface for Splunk Data

There are a vast number of PostgreSQL clients available on the Internet. From standard Drivers to BI and Analytics tools, PostgreSQL is a popular interface for data access. Using our JDBC Drivers, you can now create PostgreSQL entry-points that you can connect to from any standard client.

To access Splunk data as a PostgreSQL database, use the CData JDBC Driver for Splunk and a JDBC foreign data wrapper (FDW). In this article, we compile the FDW, install it, and query Splunk data from PostgreSQL Server.

Connect to Splunk Data as a JDBC Data Source

To connect to Splunk as a JDBC data source, you will need the following:

• Driver JAR path: The JAR is located in the lib subfolder of the installation directory.

• Driver class: cdata.jdbc.splunk.SplunkDriver

• JDBC URL: The URL must start with "jdbc:splunk:" and can include any of the connection properties in name-value pairs separated with semicolons.

  To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

  The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

  If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

  Built-in Connection String Designer

  For assistance in constructing the JDBC URL, use the connection string designer built into the Splunk JDBC Driver. Either double-click the JAR file or execute the jar file from the command-line.

  java -jar cdata.jdbc.splunk.jar

  Fill in the connection properties and copy the connection string to the clipboard.

  A typical JDBC URL is below:

  jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH

Build the JDBC Foreign Data Wrapper

The Foreign Data Wrapper can be installed as an extension to PostgreSQL, without recompiling PostgreSQL. The jdbc2_fdw extension is used as an example (downloadable here).

1. Add a symlink from the shared object for your version of the JRE to /usr/lib/libjvm.so. For example: ln -s /usr/lib/jvm/java-6-openjdk/jre/lib/amd64/server/libjvm.so /usr/lib/libjvm.so
2. Start the build: make install USE_PGXS=1

Query Splunk Data as a PostgreSQL Database

After you have installed the extension, follow the steps below to start executing queries to Splunk data:

1. Log into your database.
2. Load the extension for the database: CREATE EXTENSION jdbc2_fdw;
3. Create a server object for Splunk: CREATE SERVER Splunk FOREIGN DATA WRAPPER jdbc2_fdw OPTIONS ( drivername 'cdata.jdbc.splunk.SplunkDriver', url 'jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH', querytimeout '15', jarfile '/home/MyUser/CData/CData\ JDBC\ Driver\ for\ Salesforce MyDriverEdition/lib/cdata.jdbc.splunk.jar');
4. Create a user mapping for the username and password of a user known to the MySQL daemon. CREATE USER MAPPING for postgres SERVER Splunk OPTIONS ( username 'admin', password 'test');
5. Create a foreign table in your local database: postgres=# CREATE FOREIGN TABLE datamodels ( datamodels_id text, datamodels_Name text, datamodels_Owner numeric) SERVER Splunk OPTIONS ( table_name 'datamodels');