How to Build an ETL App for Splunk Data in Python with CData

The rich ecosystem of Python modules lets you get to work quickly and integrate your systems more effectively. With the CData Python Connector for Splunk and the petl framework, you can build Splunk-connected applications and pipelines for extracting, transforming, and loading Splunk data. This article shows how to connect to Splunk with the CData Python Connector and use petl and pandas to extract, transform, and load Splunk data.

With built-in, optimized data processing, the CData Python Connector offers unmatched performance for interacting with live Splunk data in Python. When you issue complex SQL queries from Splunk, the driver pushes supported SQL operations, like filters and aggregations, directly to Splunk and utilizes the embedded SQL engine to process unsupported operations client-side (often SQL functions and JOIN operations).

Connecting to Splunk Data

Connecting to Splunk data looks just like connecting to any relational data source. Create a connection string using the required connection properties. For this article, you will pass the connection string as a parameter to the create_engine function.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

After installing the CData Splunk Connector, follow the procedure below to install the other required modules and start accessing Splunk through Python objects.

Install Required Modules

Use the pip utility to install the required modules and frameworks:

pip install petl
pip install pandas

Build an ETL App for Splunk Data in Python

Once the required modules and frameworks are installed, we are ready to build our ETL app. Code snippets follow, but the full source code is available at the end of the article.

First, be sure to import the modules (including the CData Connector) with the following:

import petl as etl
import pandas as pd
import cdata.splunk as mod

You can now connect with a connection string. Use the connect function for the CData Splunk Connector to create a connection for working with Splunk data.

cnxn = mod.connect("user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH;OAuthSettingsLocation=/PATH/TO/OAuthSettings.txt")")

Create a SQL Statement to Query Splunk

Use SQL to create a statement for querying Splunk. In this article, we read data from the DataModels entity.

sql = "SELECT Name, Owner FROM DataModels WHERE Id = 'SampleDataset'"

Extract, Transform, and Load the Splunk Data

With the query results stored in a DataFrame, we can use petl to extract, transform, and load the Splunk data. In this example, we extract Splunk data, sort the data by the Owner column, and load the data into a CSV file.

Loading Splunk Data into a CSV File

table1 = etl.fromdb(cnxn,sql)

table2 = etl.sort(table1,'Owner')

etl.tocsv(table2,'datamodels_data.csv')

In the following example, we add new rows to the DataModels table.

Adding New Rows to Splunk

table1 = [ ['Name','Owner'], ['NewName1','NewOwner1'], ['NewName2','NewOwner2'], ['NewName3','NewOwner3'] ]

etl.appenddb(table1, cnxn, 'DataModels')

With the CData Python Connector for Splunk, you can work with Splunk data just like you would with any database, including direct access to data in ETL packages like petl.

Free Trial & More Information

Download a free, 30-day trial of the CData Python Connector for Splunk to start building Python apps and scripts with connectivity to Splunk data. Reach out to our Support Team if you have any questions.

Full Source Code

import petl as etl
import pandas as pd
import cdata.splunk as mod

cnxn = mod.connect("user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH;OAuthSettingsLocation=/PATH/TO/OAuthSettings.txt")")

sql = "SELECT Name, Owner FROM DataModels WHERE Id = 'SampleDataset'"

table1 = etl.fromdb(cnxn,sql)

table2 = etl.sort(table1,'Owner')

etl.tocsv(table2,'datamodels_data.csv')

table3 = [ ['Name','Owner'], ['NewName1','NewOwner1'], ['NewName2','NewOwner2'], ['NewName3','NewOwner3'] ]

etl.appenddb(table3, cnxn, 'DataModels')