Archive

How to extract Splunk data from Qlikview?

vaidhyanathan_g
New Member

We have a requirement to extract Splunk (log data) from Qlikview 11 and to do transformation in Qlikview before displaying data in a Qlikview dashboard

Tags (1)
0 Karma

Richfez
SplunkTrust
SplunkTrust

Qlikview 11 appears to use tab-delimited files for logging. At least that's what Qlikview's very interestingly written FAQ says. I'm sure that information is trivial for you to confirm.

I'm making some assumptions here. The systems where the logs are aren't the same systems where Splunk is, but I'm assuming you have an instance of Splunk Enterprise set up (or possibly Splunk Light, or can use Splunk Cloud - something). I'm also starting from the beginning - skip the sections that you've already got sorted out. And lastly, so that this doesn't turn into a 7 page instructible, I'm only including a summary as sort of a guideline. Some research and work on your part is required, though it you get stuck feel free to create a new, targeted Question for the individual problems!

Since the log tiles are tab delimited, open a few of them up and take a look at them. If they look useful, you'll want to download and install the Universal Forwarder and point it to your indexer. Set up data inputs, fiddling with the sourcetypes and stuff to get them so they have the right timestamp and the fields are identified. There's a lot of good help on doing this in the Getting Data In manual sections. You might have to do some research to find out WHAT the fields in the logs are. That's a Qlikview question more than a Splunk question.

By "Transformation" I don't know what you want or need. I think if you have data coming in and defined in fields and all that, you will probably be able to just start searching and transforming and using the built in tools to start making charts and visualizations of the data that you can add to a dashboard. This is a big topic but mostly not real hard, but if you aren't very familiar with it some of the Splunk docs (specifically, the Splunk Search Tutorial and the free online Splunk Tutorial) may be very helpful.

Then it's all fun and festivities after that!

0 Karma

MuS
SplunkTrust
SplunkTrust

Nice answer @rich7177, but isn't this question the other way around - Getting data from Splunk into the Qlikview thingy? I'm still not sure even after reading the question multiple times now 😉

0 Karma

Richfez
SplunkTrust
SplunkTrust

I wrote it so all you would have to do in that case is read my answer backwards.

vaidhyanathan_g
New Member

Thanks for your reply. But my requirement is to extract data from Splunk to Qlikview.

0 Karma

MuS
SplunkTrust
SplunkTrust

Okay, since you want to get data from Splunk into Qlikview you should start on their side and ask there https://community.qlik.com/search.jspa?q=splunk or take a look at this answer https://answers.splunk.com/answers/89583/extracting-data-from-splunk-for-reporting-in-an-external-sy...

Richfez
SplunkTrust
SplunkTrust

Oh, I second MuS's answer then.

I had read "displaying data in a Qlikview dashboard" as "Build a dashboard in Splunk called 'Qlikview' and display this data in there."

🙂

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!