Replicate Splunk Data to Multiple Databases

Always-on applications rely on automatic failover capabilities and real-time access to data. CData Sync integrates live Splunk data into your mirrored databases, always-on cloud databases, and other databases such as your reporting server: Automatically synchronize with remote Splunk data from Windows.

Configure Replication Destinations

Using CData Sync, you can replicate Splunk data to any number of databases, both cloud-based and on-premises. To add a replication destination, navigate to the Connections tab.

For each destination database:

1. Click Add Connection.
2. Select a destination. In this article, we use SQLite.
3. Enter the necessary connection properties. To replicate Splunk to a SQLite database, enter a file path in the Data Source box.
4. Click Test Connection to ensure that the connection is configured properly.
5. Click Save Changes.

Configure the Splunk Connection

You can configure a connection to Splunk from the Connections tab. To add a connection to your Splunk account, navigate to the Connections tab.

1. Click Add Connection.
2. Select a source (Splunk).
3. Configure the connection properties.
   
   

   To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

   The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

   If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

4. Click Connect to ensure that the connection is configured properly.
5. Click Save Changes.

Configure Replication Queries

CData Sync enables you to control replication with a point-and-click interface and with SQL queries. For each replication you wish to configure, navigate to the Jobs tab and click Add Job. Select the Source and Destination for your replication.

Replicate Entire Tables

To replicate an entire table, click Add Tables in the Tables section, choose the table(s) you wish to replicate, and click Add Selected Tables.

Customize Your Replication

You can use a SQL query to customize your replication. The REPLICATE statement is a high-level command that caches and maintains a table in your database. You can define any SELECT query supported by the Splunk API. To customize your replication, click Add Custom Query in the Tables section and define the Query Statement.

The statement below caches and incrementally updates a table of Splunk data:

REPLICATE DataModels;

You can specify a file containing the replication queries you want to use to update a particular database. Separate replication statements with semicolons. The following options are useful if you are replicating multiple Splunk accounts into the same database:

• Use a different table prefix in the REPLICATE SELECT statement:

  REPLICATE PROD_DataModels SELECT * FROM DataModels;

• Alternatively, use a different schema:

  REPLICATE PROD.DataModels SELECT * FROM DataModels;

Schedule Your Replication

In the Schedule section, you can schedule a job to run automatically, configuring the job to run after specified intervals ranging from once every 10 minutes to once every month.

Once you have configured the replication job, click Save Changes. You can configure any number of jobs to manage the replication of your Splunk data to disparate on-premises, cloud-based, and other databases.