Ready to get started?

Learn more about the CData JDBC Driver for Splunk or download a free trial:

Download Now

Analyze Splunk Data in R

Use standard R functions and the development environment of your choice to analyze Splunk data with the CData JDBC Driver for Splunk.

Access Splunk data with pure R script and standard SQL on any machine where R and Java can be installed. You can use the CData JDBC Driver for Splunk and the RJDBC package to work with remote Splunk data in R. By using the CData Driver, you are leveraging a driver written for industry-proven standards to access your data in the popular, open-source R language. This article shows how to use the driver to execute SQL queries to Splunk and visualize Splunk data by calling standard R functions.

Install R

You can match the driver's performance gains from multi-threading and managed code by running the multithreaded Microsoft R Open or by running open R linked with the BLAS/LAPACK libraries. This article uses Microsoft R Open 3.2.3, which is preconfigured to install packages from the Jan. 1, 2016 snapshot of the CRAN repository. This snapshot ensures reproducibility.

Load the RJDBC Package

To use the driver, download the RJDBC package. After installing the RJDBC package, the following line loads the package:

library(RJDBC)

Connect to Splunk as a JDBC Data Source

You will need the following information to connect to Splunk as a JDBC data source:

  • Driver Class: Set this to cdata.jdbc.splunk.SplunkDriver
  • Classpath: Set this to the location of the driver JAR. By default this is the lib subfolder of the installation folder.

The DBI functions, such as dbConnect and dbSendQuery, provide a unified interface for writing data access code in R. Use the following line to initialize a DBI driver that can make JDBC requests to the CData JDBC Driver for Splunk:

driver <- JDBC(driverClass = "cdata.jdbc.splunk.SplunkDriver", classPath = "MyInstallationDir\lib\cdata.jdbc.splunk.jar", identifier.quote = "'")

You can now use DBI functions to connect to Splunk and execute SQL queries. Initialize the JDBC connection with the dbConnect function.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

Built-in Connection String Designer

For assistance in constructing the JDBC URL, use the connection string designer built into the Splunk JDBC Driver. Either double-click the JAR file or execute the jar file from the command-line.

java -jar cdata.jdbc.splunk.jar

Fill in the connection properties and copy the connection string to the clipboard.

Below is a sample dbConnect call, including a typical JDBC connection string:

conn <- dbConnect(driver,"jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH")

Schema Discovery

The driver models Splunk APIs as relational tables, views, and stored procedures. Use the following line to retrieve the list of tables:

dbListTables(conn)

Execute SQL Queries

You can use the dbGetQuery function to execute any SQL query supported by the Splunk API:

datamodels <- dbGetQuery(conn,"SELECT Name, Owner FROM DataModels")

You can view the results in a data viewer window with the following command:

View(datamodels)

Plot Splunk Data

You can now analyze Splunk data with any of the data visualization packages available in the CRAN repository. You can create simple bar plots with the built-in bar plot function:

par(las=2,ps=10,mar=c(5,15,4,2)) barplot(datamodels$Owner, main="Splunk DataModels", names.arg = datamodels$Name, horiz=TRUE)