Ready to get started?

Learn more about the CData ODBC Driver for Splunk or download a free trial:

Download Now

Connect to Splunk Data in Python on Linux/UNIX

The CData ODBC Driver for Splunk enables you to create Python applications on Linux/UNIX machines with connectivity to Splunk data. Leverage the pyodbc module for ODBC in Python.

The rich ecosystem of Python modules lets you get to work quicker and integrate your systems more effectively. With the CData Linux/UNIX ODBC Driver for Splunk and the pyodbc module, you can easily build Splunk-connected Python applications. This article shows how to use the pyodbc built-in functions to connect to Splunk data, execute queries, and output the results.

Using the CData ODBC Drivers on a UNIX/Linux Machine

The CData ODBC Drivers are supported in various Red Hat-based and Debian-based systems, including Ubuntu, Debian, RHEL, CentOS, and Fedora. There are also several libraries and packages that are required, many of which may be installed by default, depending on your system. For more information on the supported versions of Linux operating systems and the required libraries, please refer to the "Getting Started" section in the help documentation (installed and found online).

Installing the Driver Manager

Before installing the driver, check that your system has a driver manager. For this article, you will use unixODBC, a free and open source ODBC driver manager that is widely supported.

For Debian-based systems like Ubuntu, you can install unixODBC with the APT package manager:

$ sudo apt-get install unixODBC unixODBC-dev

For systems based on Red Hat Linux, you can install unixODBC with yum or dnf:

$ sudo yum install unixODBC unixODBC-devel

The unixODBC driver manager reads information about drivers from an odbcinst.ini file and about data sources from an odbc.ini file. You can determine the location of the configuration files on your system by entering the following command into a terminal:

$ odbcinst -j

The output of the command will display the locations of the configuration files for ODBC data sources and registered ODBC drivers. User data sources can only be accessed by the user account whose home folder the odbc.ini is located in. System data sources can be accessed by all users. Below is an example of the output of this command:

DRIVERS............: /etc/odbcinst.ini SYSTEM DATA SOURCES: /etc/odbc.ini FILE DATA SOURCES..: /etc/ODBCDataSources USER DATA SOURCES..: /home/myuser/.odbc.ini SQLULEN Size.......: 8 SQLLEN Size........: 8 SQLSETPOSIROW Size.: 8

Installing the Driver

You can download the driver in standard package formats: the Debian .deb package format or the .rpm file format. Once you have downloaded the file, you can install the driver from the terminal.

The driver installer registers the driver with unixODBC and creates a system DSN, which can be used later in any tools or applications that support ODBC connectivity.

For Debian-based systems like Ubuntu, run the following command with sudo or as root: $ dpkg -i /path/to/package.deb

For Red Hat systems and other systems that support .rpms, run the following command with sudo or as root: $ rpm -i /path/to/package.rpm

Once the driver is installed, you can list the registered drivers and defined data sources using the unixODBC driver manager:

List the Registered Driver(s)

$ odbcinst -q -d CData ODBC Driver for Splunk ...

List the Defined Data Source(s)

$ odbcinst -q -s CData Splunk Source ...

To use the CData ODBC Driver for Splunk with unixODBC, ensure that the driver is configured to use UTF-16. To do so, edit the INI file for the driver (cdata.odbc.splunk.ini), which can be found in the lib folder in the installation location (typically /opt/cdata/cdata-odbc-driver-for-splunk), as follows:

cdata.odbc.splunk.ini

... [Driver] DriverManagerEncoding = UTF-16

Modifying the DSN

The driver installation predefines a system DSN. You can modify the DSN by editing the system data sources file (/etc/odbc.ini) and defining the required connection properties. Additionally, you can create user-specific DSNs that will not require root access to modify in $HOME/.odbc.ini.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

/etc/odbc.ini or $HOME/.odbc.ini

[CData Splunk Source] Driver = CData ODBC Driver for Splunk Description = My Description user = MyUserName password = MyPassword URL = MyURL

For specific information on using these configuration files, please refer to the help documentation (installed and found online).

You can follow the procedure below to install pyodbc and start accessing Splunk through Python objects.

Install pyodbc

You can use the pip utility to install the module:

pip install pyodbc

Be sure to import with the module with the following:

import pyodbc

Connect to Splunk Data in Python

You can now connect with an ODBC connection string or a DSN. Below is the syntax for a connection string:

cnxn = pyodbc.connect('DRIVER={CData ODBC Driver for Splunk};user=MyUserName;password=MyPassword;URL=MyURL;')

Below is the syntax for a DSN:

cnxn = pyodbc.connect('DSN=CData Splunk Sys;')

Execute SQL to Splunk

Instantiate a Cursor and use the execute method of the Cursor class to execute any SQL statement.

cursor = cnxn.cursor()

Select

You can use fetchall, fetchone, and fetchmany to retrieve Rows returned from SELECT statements:

import pyodbc cursor = cnxn.cursor() cnxn = pyodbc.connect('DSN=CData Splunk Source;User=MyUser;Password=MyPassword') cursor.execute("SELECT Name, Owner FROM DataModels WHERE Id = 'SampleDataset'") rows = cursor.fetchall() for row in rows: print(row.Name, row.Owner)

You can provide parameterized queries in a sequence or in the argument list:

cursor.execute( "SELECT Name, Owner FROM DataModels WHERE Id = ?", 'SampleDataset',1)

Insert

INSERT commands also use the execute method; however, you must subsequently call the commit method after an insert or you will lose your changes:

cursor.execute("INSERT INTO DataModels (Id) VALUES ('SampleDataset')") cnxn.commit()

Update and Delete

As with an insert, you must also call commit after calling execute for an update or delete:

cursor.execute("UPDATE DataModels SET Id = 'SampleDataset'") cnxn.commit()

Metadata Discovery

You can use the getinfo method to retrieve data such as information about the data source and the capabilities of the driver. The getinfo method passes through input to the ODBC SQLGetInfo method.

cnxn.getinfo(pyodbc.SQL_DATA_SOURCE_NAME)

You are now ready to build Python apps in Linux/UNIX environments with connectivity to Splunk data, using the CData ODBC Driver for Splunk.