All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Sharepoint List into Splunk

afarmer
Explorer
‎05-15-2015 05:48 PM

I would like to pull data into Splunk from a SharePoint list. The Sharepoint list would have dynamic data so I'm looking for a tool similar to DB Connect that will connect to the Sharepoint list. I've done some research, but I haven't come across anything helpful. I know I could use DB connect to perform an SQL query against Sharepoint, but I understand this isn't a recommended way to do it. Does anyone have an idea how I might accomplish this? Thanks!

Reply

Richfez
SplunkTrust
SplunkTrust
‎02-12-2017 06:56 AM

I know this is somewhat old, but I recently had to do this myself. wget (and perhaps curl) can be used to retrieve list data into a file, from where you can load it into Splunk easily. I use the first part of this post on parsing XML from Sharepoint lists to get started.

I did not have a "owssvr.iqy" file, but I could open an export someone else had made of the data, go to "Data" and "Connections", then to the properties of the 'owssvr' connection. Switch to the sub-tab "Definition" and at the bottom there's a button to "Export Connection file..." You can open this file in Notepad to get the information you need. Alternately, (and easier!) you can copy and paste each section out of the "Command Text" section of the Connection properties Definition tab.

So which do you need?

Your url you can call from wget will need to look like 

http://HOSTNAME/PATH/TO/LIST/_vti_bin/owssvr.dll?XMLDATA=1&List={GUID-GUID-GUID}&View={GUID-GUID-GUI...

http://HOSTNAME/PATH/TO/LIST/ will come from the tag <LISTWEB> in your Command Text. The other two pieces you need are the LISTNAME and VIEWGUID.

To build your url string, it's the value for LISTWEB, then the string _vti_bin/owssvr.dll?XMLDATA=1&List=, the GUID from LISTNAME (including the squiggly brackets), the string &View= and the GUID for the VIEWGUID.

Once you have that, let's put it all toegether to make your wget command: 

wget --no-check-certificate --user=username --password=password -O MYOUTPUTFILENAME 'http://HOSTNAME/PATH/TO/LIST/_vti_bin/owssvr.dll?XMLDATA=1&List={GUID-GUID-GUID}&View={GUID-GUID-GUID}`

That will require some testing and confirmation that it drops the output you want into the filename you specified as MOUTPUTFILENAME. Once you confirm that, you'll probably want to create a cron schedule for this command to run every now and then (depends on how often you need it run), and create an input in Splunk for it.

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...