Connecting to Splunk

The Sisense Splunk connector is a certified connector that allows you to import data from the Splunk API into Sisense via the Sisense generic JDBC connector. The connector offers the most natural way to connect to Splunk data including Datamodels, Datasets, SearchJobs, and more, and provides additional powerful features.

The support for the connector is provided by Sisense and will be assisted by the certification partner's support, if needed. For any support issues or additional functionality requests, please contact your Sisense representative or open a request through the Sisense Help Center. For advanced inquiries specific to driver functionality, you can also contact the certification partner’s support directly via [email protected].

After you have downloaded the driver, you can connect through a connection string in Sisense. The connection string is used to authenticate users who connect to the Splunk APIs. Once you have connected to Splunk, you can import a variety of tables from the Splunk API.

This page describes how to download the Splunk driver and deploy it, how to connect to Splunk with a connection string, provides information about the Splunk data model, and more.

Note: For the list of connectors available on Linux, click here.

Downloading the Splunk JDBC Driver

You can download the Splunk JDBC driver here.

For a short video of downloading the driver, see below (the video uses the Box driver as an example).

Note:

Deploying the Splunk JDBC Driver

Prerequisite: The install file (setup.jar) is a Java Application that requires Java 6 (J2SE) or above to run.

To install the driver, double-click the setup.jar file and proceed with the instructions in the installation wizard.

Depending on the machine on which you are accessing the Sisense application, install the driver in one of the following locations:

Note: The default location of the JAR file: C:\Program Files\CData\CData JDBC Driver for <Driver Name> 2019\lib

For a short video of the process, see below (the video uses the Box driver as an example).

JAVA Troubleshooting

If you do not have Java 6 installed, you may download it from here.

If your system is not set up to run Java applications, execute the following command: java -jar setup.jar.

Connecting to Splunk

Sisense uses connection strings to connect to Splunk and import data into Sisense. Each connection string contains authentication parameters that the data source uses to verify your identity and what information you can export to Sisense.

To create the connection string:

  1. Open the lib directory for the connector. This is the default path: C:\Program Files\CData\CData JDBC Driver for <Driver Name> 2019\lib.
  2. Double-click the jar file in the lib directory.

    Alternatively, to open the jar file from the command line, enter the following command in the command prompt (change the driver name to your driver): cd C:\Program Files\CData\CData JDBC Driver for <Driver Name> 2019\lib. Press Enter and then enter the following command (change the driver name to your driver): “C:\Program Files\Sisense\infra\jre\bin\java.exe" -jar cdata.jdbc.<Driver Name>.jar. Press Enter again.
    For example:

    The Connection String Builder opens.
  3. Enter the values for the following connection properties (click in the Value column to enter a value or to modify an existing value):
    • User: Set this to your user name in Splunk.
    • Password: Set this to your user password in Splunk.
    • URL: Set this URL to your Splunk endpoint; for example, https://yoursitename.splunk.com:8089.
      Note:
      • By default the driver makes requests on port 8089.
      • The driver uses plaintext authentication by default, since the driver attempts to negotiate TLS/SSL with the server.
  4. If the Connection String Builder has a InitiateOAuth property, set it to OFF to avoid entering the OAuth Authorization process. Note: This property may not appear for some connectors.
  5. Press Enter to add all the connection properties to the connection string.
    For example:
    jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;
  6. Click Test Connection. A new browser tab opens where you need to log in to your application in order to grant access. (Each application will display a different window and messages.)
    Close the Authorization Successful! message that opens.
  7. Go back to the Connection String Builder dialog, and click OK in the Test Connection Successful message to close it.
  8. Click Copy to Clipboard to obtain the connection string.

For a short video of the process, see below (the video uses the XML driver as an example):

You need to follow the above instructions only on first connect, and then when your credentials to the application change.

To help you create a connection string and test the connection, see Connection String Builder for Certified Connectors.

If you have any issues connecting to your data source, see Troubleshooting JDBC Data Connectors.

Adding Splunk Tables to your ElastiCube

  1. Open Sisense.
    For a non-local installation, open Sisense on the hosted cloud environment.
  2. In the Data page, open an ElastiCube or create a new ElastiCube.
  3. In the Model Editor, click . The Add Data dialog box is displayed.
  4. Click Generic JDBC to open the JDBC settings.
  5. In Connection String, paste the string you obtained above.
  6. In JDBC JARs Folder, enter the name of the directory where the Splunk JAR file is located (see Deploying the Splunk JDBC Driver).
  7. In Driver's Class Name, enter the following class name: cdata.jdbc.splunk.SplunkDriver.
  8. If you wish to secure the connection, enter your Splunk credentials in User Name and Password and remove the relevant properties from the connection string. Otherwise, leave these fields blank.
  9. Click Next. A list of tables in the database are displayed. All tables and views associated with the database will appear in a new window.
  10. From the Tables list, select the relevant table or view you want to work with. You can click next to the relevant table or click Preview to see a preview of the data inside it. 
  11. (Optional) Click + to customize the data you want to import with SQL. See Importing Data with Custom Queries for more information.
  12. After you have selected all the relevant tables, click Done. The tables are added to your data model.

For a short video of the process, see below (the video uses the XML driver as an example):

Splunk Connector: Additional Resources

For the full documentation set for the Splunk connector, click here.

For connection string options, click here.

For information on the Splunk data model, click here.