Ready to get started?

Download a free trial of the Splunk Connector to get started:

 Download Now

Learn more:

Splunk Icon Splunk Python Connector

Python Connector Libraries for Splunk Data Connectivity. Integrate Splunk with popular Python tools like Pandas, SQLAlchemy, Dash & petl.

How to Visualize Splunk Data in Python with pandas

Use pandas and other modules to analyze and visualize live Splunk data in Python.

The rich ecosystem of Python modules lets you get to work quickly and integrate your systems more effectively. With the CData Python Connector for Splunk, the pandas & Matplotlib modules, and the SQLAlchemy toolkit, you can build Splunk-connected Python applications and scripts for visualizing Splunk data. This article shows how to use the pandas, SQLAlchemy, and Matplotlib built-in functions to connect to Splunk data, execute queries, and visualize the results.

With built-in optimized data processing, the CData Python Connector offers unmatched performance for interacting with live Splunk data in Python. When you issue complex SQL queries from Splunk, the driver pushes supported SQL operations, like filters and aggregations, directly to Splunk and utilizes the embedded SQL engine to process unsupported operations client-side (often SQL functions and JOIN operations).

Connecting to Splunk Data

Connecting to Splunk data looks just like connecting to any relational data source. Create a connection string using the required connection properties. For this article, you will pass the connection string as a parameter to the create_engine function.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

Follow the procedure below to install the required modules and start accessing Splunk through Python objects.

Install Required Modules

Use the pip utility to install the pandas & Matplotlib modules and the SQLAlchemy toolkit:

pip install pandas
pip install matplotlib
pip install sqlalchemy

Be sure to import the module with the following:

import pandas
import matplotlib.pyplot as plt
from sqlalchemy import create_engine

Visualize Splunk Data in Python

You can now connect with a connection string. Use the create_engine function to create an Engine for working with Splunk data.

engine = create_engine("splunk:///?user=MyUserName&password=MyPassword&URL=MyURL&InitiateOAuth=GETANDREFRESH&OAuthSettingsLocation=/PATH/TO/OAuthSettings.txt")

Execute SQL to Splunk

Use the read_sql function from pandas to execute any SQL statement and store the resultset in a DataFrame.

df = pandas.read_sql("SELECT Name, Owner FROM DataModels WHERE Id = 'SampleDataset'", engine)

Visualize Splunk Data

With the query results stored in a DataFrame, use the plot function to build a chart to display the Splunk data. The show method displays the chart in a new window.

df.plot(kind="bar", x="Name", y="Owner")

Free Trial & More Information

Download a free, 30-day trial of the CData Python Connector for Splunk to start building Python apps and scripts with connectivity to Splunk data. Reach out to our Support Team if you have any questions.

Full Source Code

import pandas
import matplotlib.pyplot as plt
from sqlalchemy import create_engin

engine = create_engine("splunk:///?user=MyUserName&password=MyPassword&URL=MyURL&InitiateOAuth=GETANDREFRESH&OAuthSettingsLocation=/PATH/TO/OAuthSettings.txt")
df = pandas.read_sql("SELECT Name, Owner FROM DataModels WHERE Id = 'SampleDataset'", engine)

df.plot(kind="bar", x="Name", y="Owner")