Query Splunk Data in DataGrip

DataGrip is a database IDE that allows SQL developers to query, create, and manage databases. When paired with the CData JDBC Driver for Splunk, DataGrip can work with live Splunk data. This article shows how to establish a connection to Splunk data in DataGrip and use the table editor to load Splunk data.

Create a New Driver Definition for Splunk

The steps below describe how to create a new Data Source in DataGrip for Splunk.

1. In DataGrip, click File -> New > Project and name the project
2. In the Database Explorer, click the plus icon () and select Driver.
3. In the Driver tab:
   • Set Name to a user-friendly name (e.g. "CData Splunk Driver")
   • Set Driver Files to the appropriate JAR file. To add the file, click the plus (), select "Add Files," navigate to the "lib" folder in the driver's installation directory and select the JAR file (e.g. cdata.jdbc.splunk.jar).
   • Set Class to cdata.jdbc.splunk.Splunk.jar
   Additionally, in the advanced tab you can change driver properties and some other settings like VM Options, VM environment, VM home path, DBMS, etc
   • For most cases, change the DBMS type to "Unknown" in Expert options to avoid native SQL Server queries (Transact-SQL), which might result in an invalid function error
4. Click "Apply" then "OK" to save the Connection

Configure a Connection to Splunk

1. Once the connection is saved, click the plus (), then "Data Source" then "CData Splunk Driver" to create a new Splunk Data Source.
2. In the new window, configure the connection to Splunk with a JDBC URL.

   Built-in Connection String Designer

   For assistance in constructing the JDBC URL, use the connection string designer built into the Splunk JDBC Driver. Either double-click the JAR file or execute the jar file from the command-line.

   java -jar cdata.jdbc.splunk.jar

   Fill in the connection properties and copy the connection string to the clipboard.

   To authenticate requests, set the User, Password, and URL properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

   The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

   If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

3. Set URL to the connection string, e.g., jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH
4. Click "Apply" and "OK" to save the connection string

At this point, you will see the data source in the Data Explorer.

Execute SQL Queries Against Splunk

To browse through the Splunk entities (available as tables) accessible through the JDBC Driver, expand the Data Source.

To execute queries, right click on any table and select "New" -> "Query Console."

In the Console, write the SQL query you wish to execute. For example: SELECT Name, Owner FROM DataModels

Download a free, 30-day trial of the CData JDBC Driver for Splunk and start working with your live Splunk data in DataGrip. Reach out to our Support Team if you have any questions.