Access Live Splunk Data in Coginiti Pro

Coginiti Pro is a single tool for all your SQL data and analytics needs, designed specifically for data engineers, analysts, and data scientists. When paired with the CData JDBC Driver for Splunk, Coginiti Pro can access and query live Splunk data. This article describes how to connect to and query Splunk data from Coginiti Pro.

With built-in optimized data processing, the CData JDBC Driver for Splunk offers unmatched performance for interacting with live Splunk data. When you issue complex SQL queries to Splunk, the driver pushes supported SQL operations, like filters and aggregations, directly to Splunk and utilizes the embedded SQL engine to process unsupported operations client-side (often SQL functions and JOIN operations). In addition, its built-in dynamic metadata querying allows you to work with and analyze Splunk data using native data types.

Gather Connection Properties and Build a Connection String

Download the CData JDBC Driver for Splunk installer, unzip the package, and run the JAR file to install the driver. Then gather the required connection properties.

To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

NOTE: To use the JDBC driver in Coginiti Pro, you may need a license (full or trial) and a Runtime Key (RTK). For more information on obtaining this license (or a trial), contact our sales team.

Built-in Connection String Designer

For assistance constructing the JDBC URL, use the connection string designer built into the Splunk JDBC Driver. Double-click the JAR file or execute the jar file from the command line.

Fill in the connection properties (including the RTK) and copy the connection string to the clipboard.

Create a JDBC Data Source for Splunk Data

1. Open Coginiti Pro and in the File menu, select "Edit Drivers."
2. In the newly opened wizard, click "Add" and select "Generic."

3. In the "JDBC Drivers" wizard, set the driver properties (below) and click "Create Driver."

   • Set JDBC Driver Name to a useful name, like CData JDBC Driver for Splunk.
   • Click "Add Files" to add the JAR file from the "lib" folder in the installation directory (e.g. cdata.jdbc.splunk.jar)
   • Select the Class Name: cdata.jdbc.splunk.SplunkDriver.

Create a Connection using the CData JDBC Driver for Splunk

1. In the File menu, click "Edit Connections."
2. In the newly opened wizard, click "Add" and select "Generic."
3. In the "Connections" wizard, set the connection properties.
   • Set Connection name to an identifying name.
   • Set Database JDBC driver to the Driver you configured earlier.
   • Set JDBC URL to the JDBC URL configured using the built-in connection string designer (e.g. jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH
4. Click "Test" to ensure the connection is configured properly. Click "Save."

Query Splunk Using SQL

1. Open the Connections tab by clicking on database icon: .
2. Click the plus sign () to add a new query tab.

3. Once the query console is open, write the SQL script you wish to execute and click "Run at Cursor".

   NOTE: You can use the explorer on the left to determine table/view names and column names.

   Using the explorer

   1. In the "Select connection" field, select the connection you wish to query.
   2. Expand your newly created connection, expand the "CData" catalog, and expand the Splunk catalog.
   3. Expand "Tables" or "Views" to find the entity you wish to query.
   4. Expand your selected entity to explore the fields (columns).

Free Trial & More Information

Download a free, 30-day trial of the CData JDBC Driver for Splunk and start working with your live Splunk data in Coginiti Pro. Reach out to our Support Team if you have any questions.