 |
VOOZH | about |
|
VOOZH | about |
The CData Cmdlets for Splunk are standard PowerShell cmdlets that make it easy to accomplish data cleansing, normalization, backup, and other integration tasks by enabling real-time and bidirectional access to Splunk.
The Cmdlets are not only a PowerShell interface to Splunk, but also an SQL interface; this tutorial shows how to use both to create, retrieve, update, and delete Splunk data. We also show examples of the ADO.NET equivalent, which is possible with the CData ADO.NET Provider for Splunk. To access Splunk data from other .NET applications, like LINQPad, use the CData ADO.NET Provider for Splunk.
Once you have acquired the necessary connection properties, accessing Splunk data in PowerShell can be enabled in three steps.
To authenticate requests, set the , , and properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.
The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.
If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.
Install the module:
Install-Module SplunkCmdlets
Connect:
$splunk = Connect-Splunk -user "$user" -password "$password" -URL "$URL" -InitiateOAuth "$InitiateOAuth"
Search for and retrieve data:
$id = "SampleDataset" $datamodels = Select-Splunk -Connection $splunk -Table "DataModels" -Where "Id = `'$Id`'" $datamodels
You can also use the Invoke-Splunk cmdlet to execute SQL commands:
$datamodels = Invoke-Splunk -Connection $splunk -Query 'SELECT * FROM DataModels WHERE Id = @Id' -Params @{'@Id'='SampleDataset'}
Load the provider's assembly:
[Reflection.Assembly]::LoadFile("C:\Program Files\CData\CData ADO.NET Provider for Splunk\lib\System.Data.CData.Splunk.dll")
Connect to Splunk:
$conn= New-Object System.Data.CData.Splunk.SplunkConnection("user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH;")
$conn.Open()
Instantiate the SplunkDataAdapter, execute an SQL query, and output the results:
$sql="SELECT Name, Owner from DataModels"
$da= New-Object System.Data.CData.Splunk.SplunkDataAdapter($sql, $conn)
$dt= New-Object System.Data.DataTable
$da.Fill($dt)
$dt.Rows | foreach {
Write-Host $_.name $_.owner
}
Update-Splunk -Connection $Splunk -Columns @('Name','Owner') -Values @('MyName', 'MyOwner') -Table DataModels -Id "MyId"
$cmd = New-Object System.Data.CData.Splunk.SplunkCommand("UPDATE DataModels SET Id='SampleDataset' WHERE Id = @myId", $conn)
$cmd.Parameters.Add((New-Object System.Data.CData.Splunk.SplunkParameter("@myId","10456255-0015501366")))
$cmd.ExecuteNonQuery()
Add-Splunk -Connection $Splunk -Table DataModels -Columns @("Name", "Owner") -Values @("MyName", "MyOwner")
$cmd = New-Object System.Data.CData.Splunk.SplunkCommand("INSERT INTO DataModels (Id) VALUES (@myId)", $conn)
$cmd.Parameters.Add((New-Object System.Data.CData.Splunk.SplunkParameter("@myId","SampleDataset")))
$cmd.ExecuteNonQuery()
Remove-Splunk -Connection $Splunk -Table "DataModels" -Id "MyId"
$cmd = New-Object System.Data.CData.Splunk.SplunkCommand("DELETE FROM DataModels WHERE Id=@myId", $conn)
$cmd.Parameters.Add((New-Object System.Data.CData.Splunk.SplunkParameter("@myId","001d000000YBRseAAH")))
$cmd.ExecuteNonQuery()
CodeProject
Download a free trial of the Splunk Data Provider to get started:
Download NowLearn more:
👁 Splunk IconRapidly create and deploy powerful .NET applications that integrate with Splunk data including Datamodels, Datasets, SearchJobs, and more!
