Query Splunk Data in ColdFusion



Write standard ColdFusion data access code to connect to Splunk data.

The CData JDBC driver for Splunk seamlessly integrates connectivity to Splunk data with the rapid development tools in ColdFusion. This article shows how to connect to Splunk data in ColdFusion and query Splunk tables.

Create a JDBC Data Source for Splunk in ColdFusion

The JDBC data source enables you to execute SQL from standard ColdFusion tags like cfquery and CFScript like executeQuery.

  1. Copy the driver JAR and .lic file from the installation directory onto the ColdFusion classpath. For example, copy the files into C:\MyColdFusionDirectory\cfusion\wwwroot\WEB-INF\lib. Or, open the Java and JVM page in the ColdFusion Administrator and enter the path to the files in the ColdFusion Class Path box.

    The JAR and license for the driver are located in the lib subfolder of the installation directory.

    Restart the server after this step.

  2. Add the driver as a data source:

    From the ColdFusion administrator interface, expand the Data & Services node and click Data Sources. In the Add New Data Source section, enter a name for the data source and select Other in the Driver menu.

  3. Populate the driver properties:

    • JDBC URL: Enter connection properties in the JDBC URL. The JDBC URL begins with jdbc:splunk: and is followed by the connection properties in a semicolon-separated list of name=value pairs.

      To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

      The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

      If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

      Built-in Connection String Designer

      For assistance in constructing the JDBC URL, use the connection string designer built into the Splunk JDBC Driver. Either double-click the JAR file or execute the jar file from the command-line.

      java -jar cdata.jdbc.splunk.jar

      Fill in the connection properties and copy the connection string to the clipboard.

      A typical JDBC URL is below:

      jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH
    • Driver Class: Enter the driver class. The driver class is cdata.jdbc.splunk.SplunkDriver.
    • Driver Name: Enter a user-defined name for the driver.
    • Username: Enter the username used to authenticate.
    • Password: Enter the password used to authenticate.

You can now test the connection by enabling the CData Splunk data source in the Actions column. After reporting a status of OK, the Splunk data source is ready for use.

Execute Queries

The cfquery tag can pass SQL statements to Splunk, including INSERT, UPDATE, and DELETE.. Use the cfqueryparam tag to create parameterized queries and prevent SQL injection through the query string.

Note: To use the cfquery and cfscript, create a .cfm file. Inside the .cfm file, write the code to execute the query (see below). Place the file directly in the root directory of your web server (e.g., wwwroot in Adobe ColdFusion). Restart the service after placing the file for the changes to take effect.

<cfquery name="SplunkQuery" dataSource="CDataSplunk"> SELECT * FROM DataModels WHERE Id = <cfqueryparam value="#Id#" cfsqltype="cf_sql_varchar"> </cfquery> <cfdump var="#SplunkQuery#">

Below is the equivalent in CFScript:


<cfscript>
result = queryExecute(
  "SELECT * FROM DataModels WHERE Id = ?", 
  [
    { value="SampleDataset", cfsqltype="cf_sql_varchar" }
  ],
  { datasource="CDataSplunk" }
);

writeDump( var= result );
</cfscript> 

You can then make requests to your .cfm like the following:

http://MyServer:8500/query.cfm?Id=SampleDataset

Ready to get started?

Download a free trial of the Splunk Driver to get started:

 Download Now

Learn more:

Splunk Icon Splunk JDBC Driver

Rapidly create and deploy powerful Java applications that integrate with Splunk data including Datamodels, Datasets, SearchJobs, and more!