All Apps and Add-ons

Sharepoint List into Splunk

afarmer
Explorer

I would like to pull data into Splunk from a SharePoint list. The Sharepoint list would have dynamic data so I'm looking for a tool similar to DB Connect that will connect to the Sharepoint list. I've done some research, but I haven't come across anything helpful. I know I could use DB connect to perform an SQL query against Sharepoint, but I understand this isn't a recommended way to do it. Does anyone have an idea how I might accomplish this? Thanks!

Richfez
SplunkTrust
SplunkTrust

I know this is somewhat old, but I recently had to do this myself. wget (and perhaps curl) can be used to retrieve list data into a file, from where you can load it into Splunk easily. I use the first part of this post on parsing XML from Sharepoint lists to get started.

I did not have a "owssvr.iqy" file, but I could open an export someone else had made of the data, go to "Data" and "Connections", then to the properties of the 'owssvr' connection. Switch to the sub-tab "Definition" and at the bottom there's a button to "Export Connection file..." You can open this file in Notepad to get the information you need. Alternately, (and easier!) you can copy and paste each section out of the "Command Text" section of the Connection properties Definition tab.

So which do you need?

Your url you can call from wget will need to look like

http://HOSTNAME/PATH/TO/LIST/_vti_bin/owssvr.dll?XMLDATA=1&List={GUID-GUID-GUID}&View={GUID-GUID-GUI...

http://HOSTNAME/PATH/TO/LIST/ will come from the tag <LISTWEB> in your Command Text. The other two pieces you need are the LISTNAME and VIEWGUID.

To build your url string, it's the value for LISTWEB, then the string _vti_bin/owssvr.dll?XMLDATA=1&List=, the GUID from LISTNAME (including the squiggly brackets), the string &View= and the GUID for the VIEWGUID.

Once you have that, let's put it all toegether to make your wget command:

wget --no-check-certificate --user=username --password=password -O MYOUTPUTFILENAME 'http://HOSTNAME/PATH/TO/LIST/_vti_bin/owssvr.dll?XMLDATA=1&List={GUID-GUID-GUID}&View={GUID-GUID-GUID}`

That will require some testing and confirmation that it drops the output you want into the filename you specified as MOUTPUTFILENAME. Once you confirm that, you'll probably want to create a cron schedule for this command to run every now and then (depends on how often you need it run), and create an input in Splunk for it.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!