 |
VOOZH | about |
|
VOOZH | about |
Databricks is a cloud-based service that provides data processing capabilities through Apache Spark. When paired with the CData JDBC Driver, customers can use Databricks to perform data engineering and data science on live Splunk data. This article explains how to host the CData JDBC Driver in AWS, as well as connect to and process live Splunk data in Databricks.
With built-in optimized data processing, the CData JDBC Driver offers unmatched performance for interacting with live Splunk data. When you issue complex SQL queries to Splunk, the driver pushes supported SQL operations, like filters and aggregations, directly to Splunk and utilizes the embedded SQL engine to process unsupported operations client-side (often SQL functions and JOIN operations). Its built-in dynamic metadata querying allows you to work with and analyze Splunk data using native data types.
To work with live Splunk data in Databricks, install the driver on your Databricks cluster.
With the JAR file installed, we are ready to work with live Splunk data in Databricks. Start by creating a new notebook in your workspace. Name the notebook, select Python as the language (though Scala is available as well), and choose the cluster where you installed the JDBC driver. When the notebook launches, we can configure the connection, query Splunk, and create a basic report.
Connect to Splunk by referencing the JDBC Driver class and constructing a connection string to use in the JDBC URL. Additionally, you will need to set the property in the JDBC URL (unless you are using a Beta driver). You can view the licensing file included in the installation for information on how to set this property.
driver = "cdata.jdbc.splunk.SplunkDriver" url = "jdbc:splunk:RTK=5246...;user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH;"
For assistance in constructing the JDBC URL, use the connection string designer built into the Splunk JDBC Driver. Either double-click the JAR file or execute the jar file from the command-line.
java -jar cdata.jdbc.splunk.jar
Fill in the connection properties and copy the connection string to the clipboard.
To authenticate requests, set the , , and properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.
The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.
If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.
๐ Using the built-in connection string designer to generate a JDBC URL (Salesforce is shown.)Once you configure the connection, you can load Splunk data as a dataframe using the CData JDBC Driver and the connection information.
remote_table = spark.read.format ( "jdbc" ) \ .option ( "driver" , driver) \ .option ( "url" , url) \ .option ( "dbtable" , "DataModels") \ .load ()
Check the loaded Splunk data by calling the display function.
display (remote_table.select ("Name"))
๐ Displaying Splunk DataIf you want to process data with Databricks SparkSQL, register the loaded data as a Temp View.
remote_table.createOrReplaceTempView ( "SAMPLE_VIEW" )
With the Temp View created, you can use SparkSQL to retrieve the Splunk data for reporting, visualization, and analysis.
% sql SELECT Name, Owner FROM SAMPLE_VIEW ORDER BY Owner DESC LIMIT 5๐ Displaying Splunk Data
The data from Splunk is only available in the target notebook. If you want to use it with other users, save it as a table.
remote_table.write.format ( "parquet" ) .saveAsTable ( "SAMPLE_TABLE" )
Download a free, 30-day trial of the CData JDBC Driver for Splunk and start working with your live Splunk data in Databricks. Reach out to our Support Team if you have any questions.
Download a free trial of the Splunk Driver to get started:
Download NowLearn more:
๐ Splunk IconRapidly create and deploy powerful Java applications that integrate with Splunk data including Datamodels, Datasets, SearchJobs, and more!
