Ready to get started?

Learn more about the CData ODBC Driver for Splunk or download a free trial:

Download Now

Visualize Splunk Data in Tableau

The CData ODBC driver for Splunk enables you integrate Splunk data into Tableau dashboards.

The CData ODBC Driver for Splunk enables you to access live Splunk data in business intelligence tools like Tableau. In this article, you will integrate Splunk data into a dashboard that reflects changes to Splunk data in real time.

The CData ODBC drivers offer unmatched performance for interacting with live Splunk data in Tableau due to optimized data processing built into the driver. When you issue complex SQL queries from Tableau to Splunk, the driver pushes supported SQL operations, like filters and aggregations, directly to Splunk and utilizes the embedded SQL engine to process unsupported operations (often SQL functions and JOIN operations) client-side. With built-in dynamic metadata querying, you can visualize and analyze Splunk data using native Tableau data types.

Connect to Splunk as an ODBC Data Source

If you have not already, first specify connection properties in an ODBC DSN (data source name). This is the last step of the driver installation. You can use the Microsoft ODBC Data Source Administrator to create and configure ODBC DSNs.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

When you configure the DSN, you may also want to set the Max Rows connection property. This will limit the number of rows returned, which is especially helpful for improving performance when designing reports and visualizations.

Add Splunk Data to a Dashboard

  1. Click Connect to Data -> More Servers -> Other Databases (ODBC).
    Select the CData Data Source Name (for example: CData Splunk Source).
  2. In the Database menu, select CData.
  3. In the Table box, enter a table name or click New Custom SQL to enter an SQL query. This article retrieves the DataModels table.
  4. Drag the table onto the join area. At this point, you can include multiple tables, leveraging the built-in SQL engine to process complex data requests.
  5. In the Connection menu, select the Live option, so that you skip loading a copy of the data into Tableau and instead work on real-time data. The optimized data processing native to CData ODBC drivers enables unmatched performance in live connectivity.
  6. Click the tab for your worksheet. Columns are listed as Dimensions and Measures, depending on the data type. The CData driver discovers data types automatically, allowing you to leverage the powerful data processing and visualization features of Tableau.
  7. Drop the Name column in the Dimensions pane onto the dashboard. When you select dimensions, Tableau builds a query to the driver. The results are grouped based on that dimension. In Tableau, the raw query is automatically modified as you select dimensions and measures.
  8. Drag the Owner column in the Measures field onto the Detail and Color buttons. Tableau executes the following query:

    SELECT Name, SUM(Owner) FROM DataModels GROUP BY Name

    When you select a measure, Tableau executes a command to the driver to calculate a summary function, such as SUM, AVG, etc., on the grouped values. The SQL engine (embedded within the driver) is leveraged to process the aggregation of the data, where needed, providing a seamless experience in Tableau, regardless of the data source.

    To change the summary function, open the Owner menu and select the summary you want in the Measure command.

  9. You can create other charts using dimensions and measures to build SQL queries visually:

With the CData ODBC Driver for Splunk, you get live connectivity to your Splunk data, allowing you to build real-time charts, graphs, and more.