 |
VOOZH | about |
|
VOOZH | about |
CData Sync for Splunk is a stand-alone application that provides solutions for a variety of replication scenarios such as replicating sandbox and production instances into your database. Both Sync for Windows and Sync for Java include a command-line interface (CLI) that makes it easy to manage multiple Splunk connections. In this article we show how to use the CLI to replicate multiple Splunk accounts.
You can save connection and email notification settings in an XML configuration file. To replicate multiple Splunk accounts, use multiple configuration files. Below is an example configuration to replicate Splunk to SQLite:
<?xml version="1.0" encoding="UTF-8" ?> <CDataSync> <DatabaseType>SQLite</DatabaseType> <DatabaseProvider>System.Data.SQLite</DatabaseProvider> <ConnectionString>user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH;</ConnectionString> <ReplicateAll>False</ReplicateAll> <NotificationUserName></NotificationUserName> <DatabaseConnectionString>Data Source=C:\my.db</DatabaseConnectionString> <TaskSchedulerStartTime>09:51</TaskSchedulerStartTime> <TaskSchedulerInterval>Never</TaskSchedulerInterval> </CDataSync>
<?xml version="1.0" encoding="UTF-8" ?> <CDataSync> <DatabaseType>SQLite</DatabaseType> <DatabaseProvider>org.sqlite.JDBC</DatabaseProvider> <ConnectionString>user=MyUserName;password=MyPassword;URL=MyURL;InitiateOAuth=GETANDREFRESH;</ConnectionString> <ReplicateAll>False</ReplicateAll> <NotificationUserName></NotificationUserName> <DatabaseConnectionString>Data Source=C:\my.db</DatabaseConnectionString> </CDataSync>
To authenticate requests, set the , , and properties to valid Splunk credentials. The port on which the requests are made to Splunk is port 8089.
The data provider uses plain-text authentication by default, since the data provider attempts to negotiate TLS/SSL with the server.
If you need to manually configure TLS/SSL, see Getting Started -> Advanced Settings in the data provider help documentation.
Sync enables you to control replication with standard SQL. The REPLICATE statement is a high-level command that caches and maintains a table in your database. You can define any SELECT query supported by the Splunk API. The statement below caches and incrementally updates a table of Splunk data:
REPLICATE DataModels;
You can specify a file containing the replication queries you want to use to update a particular database. Separate replication statements with semicolons. The following options are useful if you are replicating multiple Splunk accounts into the same database:
You can use a different table prefix in the REPLICATE SELECT statement:
REPLICATE PROD_DataModels SELECT * FROM DataModels
Alternatively, you can use a different schema:
REPLICATE PROD.DataModels SELECT * FROM DataModels
After you have configured the connection strings and replication queries, you can run Sync with the following command-line options:
SplunkSync.exe -g MyProductionSplunkConfig.xml -f MyProductionSplunkSync.sql
java -Xbootclasspath/p:c:\sqlitejdbc.jar -jar SplunkSync.jar -g MyProductionSplunkConfig.xml -f MyProductionSplunkSync.sql
Learn more or sign up for a free trial:
CData Sync