Connecting to Splunk


The Splunk SDK for C# v1.0.x is deprecated, and has been replaced by the Splunk SDK for C# 2.0. Unlike the Splunk SDK for C# 1.0.x, the Splunk SDK for C# 2.0 abides by .NET guidelines, as well as FxCop and StyleCop rules.In addition, the API client in Splunk SDK for C# 2.0 is a Portable Class Library (PCL), and supports cross-platform development.Version 2 of the SDK is incompatible with version 1, and applications built with Splunk SDK for C# version 1.0.x will not recompile using Splunk SDK for C# version 2.0. See Migrating from Splunk SDK for C# v1.0.x for more information.

Sisense enables easy and quick access to Splunk. The steps below detail how to connect to this type of data source.

  1. Click Add data in the top menu of Sisense.
  2. Under the Database Servers category, select Splunk.
  3. You will be prompted to enter the following information:
  4. Click Connect to Server.
    A list of available Splunk instances will appear in the list box below.
  5. Select the relevant Splunk instance you want to work with and click OK.
    All saved searches associated with the Splunk instance will appear in a new window.
    To preview data contained in a particular Splunk search, highlight the search in the list and in click in the Preview pane. To preview the search, select the Preview checkbox.
  6. Select the checkbox next to each table or view you want to use.
    Fields with similar names can be linked by selecting the Automatically create relationships for fields with the same name checkbox.
  7. Once all relevant tables are selected, click Add.