Products

Solutions

Connectors

Support

Company

Resources

Ready to get started?

Download a free trial of the Splunk ODBC Driver to get started:

Download Now

Learn more:

Splunk ODBC Driver

The Splunk ODBC Driver is a powerful tool that allows you to connect with live Splunk, directly from any applications that support ODBC connectivity.

Access Splunk like you would a database - read, write, and update Datamodels, Datasets, SearchJobs, etc. through a standard ODBC Driver interface.

Replicate Splunk Data from PowerShell

Write a quick PowerShell script to query Splunk data. Use connectivity to the live data to replicate Splunk data to SQL Server.

The CData ODBC Driver for Splunk enables out-of-the-box integration with Microsoft's built-in support for ODBC. The ODBC driver instantly integrates connectivity to the real Splunk data with PowerShell.

You can use the .NET Framework Provider for ODBC built into PowerShell to quickly automate integration tasks like replicating Splunk data to other databases. This article shows how to replicate Splunk data to SQL Server in 5 lines of code.

You can also write PowerShell code to execute create, read, update, and delete (CRUD) operations. See the examples below.

Create an ODBC Data Source for Splunk

If you have not already, first specify connection properties in an ODBC DSN (data source name). This is the last step of the driver installation. You can use the Microsoft ODBC Data Source Administrator to create and configure ODBC DSNs.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

Connect to Splunk

The code below shows how to use the DSN to initialize the connection to Splunk data in PowerShell:


$conn = New-Object System.Data.Odbc.OdbcConnection
$conn.ConnectionString = "DSN=CData Splunk Source x64"

Back Up Splunk Data to SQL Server

After you enable caching, you can use the code below to replicate data to SQL Server.

Set the following connection properties to configure the caching database:

CacheProvider: The name of the ADO.NET provider. This can be found in the Machine.config for your version of .NET. For example, to configure SQL Server, enter System.Data.SqlClient.
CacheConnection: The connection string of properties required to connect to the database. Below is an example for SQL Server:
Server=localhost;Database=RSB;User Id=sqltest;Password=sqltest;

The SQL query in the example can be used to refresh the entire cached table, including its schema. Any already existing cache is deleted.


$conn.Open()
# Create and execute the SQL Query
$SQL = "CACHE DROP EXISTING SELECT * FROM " + $DataModels
$cmd = New-Object System.Data.Odbc.OdbcCommand($sql,$conn)
$count = $cmd.ExecuteNonQuery()
$conn.Close()

The driver gives you complete control over the caching functionality. See the help documentation for more caching commands and usage examples. See the help documentation for steps to replicate to other databases.

Other Operations

To retrieve Splunk data in PowerShell, call the Fill method of the OdbcDataAdapter method. To execute data manipulation commands, initialize the OdbcCommand object and then call ExecuteNonQuery. Below are some more examples CRUD commands to Splunk through the .NET Framework Provider for ODBC:

Retrieve Splunk Data


$sql="SELECT Name, Owner from DataModels"
 
$da= New-Object System.Data.Odbc.OdbcDataAdapter($sql, $conn)
$dt= New-Object System.Data.DataTable
$da.Fill($dt) 
 
$dt.Rows | foreach {
  $dt.Columns | foreach ($col in dt{
    Write-Host $1[$_]
  }
}

Update Splunk Data


$cmd = New-Object System.Data.Odbc.OdbcCommand("UPDATE DataModels SET Id='SampleDataset' WHERE Id = @myId", $conn)
$cmd.Parameters.Add(new System.Data.Odbc.OdbcParameter("myId","001d000000YBRseAAH")
$cmd.ExecuteNonQuery()

Insert Splunk Data


$cmd = New-Object System.Data.Odbc.OdbcCommand("INSERT INTO DataModels SET Id='SampleDataset' WHERE Id = @myId", $conn)
$cmd.Parameters.Add(new System.Data.Odbc.OdbcParameter("myId","001d000000YBRseAAH")
$cmd.ExecuteNonQuery()

Delete Splunk Data


$cmd = New-Object System.Data.Odbc.OdbcCommand("DELETE FROM DataModels WHERE Id = @myid", $conn)
$cmd.Parameters.Add(new System.Data.Odbc.OdbcParameter("myId","001d000000YBRseAAH")
$cmd.ExecuteNonQuery()

CData Software is a leading provider of data access and connectivity solutions. Our standards-based connectors streamline data access and insulate customers from the complexities of integrating with on-premise or cloud databases, SaaS, APIs, NoSQL, and Big Data.

Connect With Us

Get Started

Data Connectors

ETL/ ELT Solutions

Cloud & API Connectivity

OEM & Custom Drivers