Replicate Splunk Data to Multiple Databases

Ready to get started?

Learn more or sign up for a free trial:

CData Sync



Replicate Splunk data to disparate databases with a single configuration.

Always-on applications rely on automatic failover capabilities and real-time access to data. CData Sync for Splunk integrates live Splunk data into your mirrored databases, always-on cloud databases, and other databases such as your reporting server: Automatically synchronize with remote Splunk data from Windows or any machine running Java.

You can use Sync's command-line interface (CLI) to easily control almost all aspects of the replication. You can use the CLI to replicate Splunk data to one or many databases without any need to change your configuration.

Connect to Splunk Data

You can save connection strings and other settings like email notifications in XML configuration files.

The following example shows how to replicate to SQLite.

Windows

<?xml version="1.0" encoding="UTF-8" ?> <CDataSync><DatabaseType>SQLite</DatabaseType> <DatabaseProvider>System.Data.SQLite</DatabaseProvider> <ConnectionString>user=MyUserName;password=MyPassword;URL=MyURL;</ConnectionString> <ReplicateAll>False</ReplicateAll> <NotificationUserName></NotificationUserName> <DatabaseConnectionString>Data Source=C:\my.db</DatabaseConnectionString> <TaskSchedulerStartTime>09:51</TaskSchedulerStartTime> <TaskSchedulerInterval>Never</TaskSchedulerInterval> </CDataSync>

Java

<?xml version="1.0" encoding="UTF-8" ?> <CDataSync><DatabaseType>SQLite</DatabaseType><DatabaseProvider>org.sqlite.JDBC</DatabaseProvider> <ConnectionString>user=MyUserName;password=MyPassword;URL=MyURL;</ConnectionString> <ReplicateAll>False</ReplicateAll> <NotificationUserName></NotificationUserName> <DatabaseConnectionString>Data Source=C:\my.db</DatabaseConnectionString> </CDataSync>

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

Configure Replication Queries

Sync enables you to control replication with standard SQL. The REPLICATE statement is a high-level command that caches and maintains a table in your database. You can define any SELECT query supported by the Splunk API. The statement below caches and incrementally updates a table of Splunk data:

REPLICATE DataModels;

You can specify a file containing the replication queries. This enables you to use the same replication queries to replicate to several databases.

Run Sync

After you have configured the connection strings and replication queries, you can run Sync with the following command-line options:

Windows

SplunkSync.exe -g MySQLiteConfig.xml -f SplunkSync.sql

Java

java -Xbootclasspath/p:c:\sqlitejdbc.jar -jar SplunkSync.jar -g MySQLiteConfig.xml -f SplunkSync.sql