Query Splunk Data in DataGrip

DataGrip is a database IDE that allows SQL developers to query, create, and manage databases. When paired with the CData JDBC Driver for Splunk, DataGrip can work with live Splunk data. This article shows how to establish a connection to Splunk data in DataGrip and use the table editor to load Splunk data.

Create a New Driver Definition for Splunk

The steps below describe how to create a new Data Source in DataGrip for Splunk.

1. In DataGrip, click File -> New > Project and name the project 👁 Creating a new DataGrip project.
   
2. In the Database Explorer, click the plus icon () and select Driver. 👁 Adding a new Driver.
   
3. In the Driver tab:
   • Set Name to a user-friendly name (e.g. "CData Splunk Driver")
   • Set Driver Files to the appropriate JAR file. To add the file, click the plus (), select "Add Files," navigate to the "lib" folder in the driver's installation directory and select the JAR file (e.g. cdata.jdbc.splunk.jar).
   • Set Class to cdata.jdbc.splunk.Splunk.jar
4. Click "Apply" then "OK" to save the Connection 👁 A configured Driver (Salesforce is shown).
   

Configure a Connection to Splunk

1. Once the connection is saved, click the plus (), then "Data Source" then "CData Splunk Driver" to create a new Splunk Data Source.
2. In the new window, configure the connection to Splunk with a JDBC URL.

   Built-in Connection String Designer

   For assistance in constructing the JDBC URL, use the connection string designer built into the Splunk JDBC Driver. Either double-click the JAR file or execute the jar file from the command-line.

    java -jar cdata.jdbc.splunk.jar
    

   Fill in the connection properties and copy the connection string to the clipboard.

   To authenticate requests, set the , , and properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.

   The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.

   If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.

   👁 Using the built-in connection string designer to generate a JDBC URL (Salesforce is shown.)
   
3. Set URL to the connection string, e.g.,

   jdbc:splunk:user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH;

4. Click "Apply" and "OK" to save the connection string 👁 A configured Data Source (Salesforce is shown).
   

At this point, you will see the data source in the Data Explorer.

Execute SQL Queries Against Splunk

To browse through the Splunk entities (available as tables) accessible through the JDBC Driver, expand the Data Source.

To execute queries, right click on any table and select "New" -> "Query Console."

In the Console, write the SQL query you wish to execute. For example:

SELECT Name, Owner FROM DataModels

Download a free, 30-day trial of the CData JDBC Driver for Splunk and start working with your live Splunk data in DataGrip. Reach out to our Support Team if you have any questions.