Ready to get started?

Learn more about CData Sync or sign up for a free trial:

Learn More

Replicate Multiple Splunk Accounts

Replicate multiple Splunk accounts to one or many databases.

CData Sync is a stand-alone application that provides solutions for a variety of replication scenarios such as replicating sandbox and production instances into your database. CData Sync includes a web-based interface that makes it easy to manage multiple Splunk connections. In this article we show how to use the web app to replicate multiple Splunk accounts to a single database.

Configure the Replication Destination

Using CData Sync, you can replicate Splunk data to any number of databases, both cloud-based and on-premises. To add a replication destination, navigate to the Connections tab.

  1. Click Add Connection.
  2. Select a destination and enter the necessary connection properties. In this article, we use SQLite.
  3. Enter the necessary connection properties. To replicate Splunk to a SQLite database, enter a file path in the Data Source box.
  4. Click Test Connection to ensure that the connection is configured properly.
  5. Click Save Changes.

Configure Splunk Connections

You can configure connections to Splunk from the Connections tab. To add a connection to one of your Splunk accounts, navigate to the Connections tab. For each Splunk account you wish to replicate, do the following:

  1. Click Add Connection.
  2. Select a source (Splunk).
  3. Configure the connection properties.

    To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

    The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

    If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

  4. Click Connect to ensure that the connection is configured properly.
  5. Click Save Changes.

Configure Queries for Each Splunk Instance

CData Sync enables you to control replication with a point-and-click interface and with SQL queries. To configure a replication, navigate to the Jobs tab and click Add Job. Select the Source and Destination for your replication.

Replicate Entire Tables

To replicate an entire table, click Add Tables in the Tables section, choose the table(s) you wish to replicate, and click Add Selected Tables.

Customize Your Replication

You can use a SQL query to customize your replication. The REPLICATE statement is a high-level command that caches and maintains a table in your database. You can define any SELECT query supported by the Splunk API. To customize your replication, click Add Custom Query in the Tables section and define the Query Statement.

The statement below caches and incrementally updates a table of Splunk data:

REPLICATE DataModels;

You can specify a file containing the replication queries you want to use to update a particular database. Separate replication statements with semicolons. The following options are useful if you are replicating multiple Splunk accounts into the same database:

  • Use a different table prefix in the REPLICATE SELECT statement:

    REPLICATE PROD_DataModels SELECT * FROM DataModels;
  • Alternatively, use a different schema:

    REPLICATE PROD.DataModels SELECT * FROM DataModels;

Schedule Your Replication

In the Schedule section, you can schedule a job to run automatically, configuring the job to run after specified intervals ranging from once every 15 minutes to once every month.

Once you have configured the replication job, click Save Changes. You can configure any number of jobs to manage the replication of the data from your different Splunk accounts.