Connect to Splunk Data in Ruby



Connect to Splunk data in Ruby with ruby-dbi, dbd-odbc, and ruby-odbc.

The CData ODBC Driver for Splunk makes it easy to integrate connectivity to live Splunk data in Ruby. This article shows how to create a simple Ruby app that connects to Splunk data, executes a query, and displays the results.

Create an ODBC Connection to Splunk Data

If you have not already, first specify connection properties in an ODBC DSN (data source name). This is the last step of the driver installation. You can use the Microsoft ODBC Data Source Administrator to create and configure ODBC DSNs.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

Installing Ruby and Necessary Gems

If you do not have Ruby installed, refer to the Ruby installation page. With Ruby installed, you will need to install the ruby-dbi, dbd-odbc, and ruby-odbc gems:

gem install dbi gem install dbd-odbc gem install ruby-odbc

Create a Ruby App with Connectivity to Splunk Data

Create a new Ruby file (for example: SplunkSelect.rb) and open it in a text editor. Copy the following code into your file:

#connect to the DSN require 'dbi' cnxn = DBI.connect('DBI:ODBC:CData Splunk Source','','') #execute a SELECT query and store the result set resultSet = cnxn.execute("SELECT Name, Owner FROM DataModels") #display the names of the columns resultSet.column_names.each do |name| print name, "\t" end puts #display the results while row = resultSet.fetch do (0..resultSet.column_names.size - 1).each do |n| print row[n], "\t" end puts end resultSet.finish #close the connection cnxn.disconnect if cnxn

With the file completed, you are ready to display your Splunk data with Ruby. To do so, simply run your file from the command line:

ruby SplunkSelect.rb Writing SQL-92 queries to Splunk allows you to quickly and easily incorporate Splunk data into your own Ruby applications. Download a free trial today!

Ready to get started?

Download a free trial of the Splunk ODBC Driver to get started:

 Download Now

Learn more:

Splunk Icon Splunk ODBC Driver

The Splunk ODBC Driver is a powerful tool that allows you to connect with live Splunk, directly from any applications that support ODBC connectivity.

Access Splunk like you would a database - read, write, and update Datamodels, Datasets, SearchJobs, etc. through a standard ODBC Driver interface.