Splunk to Tableau Connector Issue

ankitsetyaaexp · ‎05-02-2018

I am trying connect Splunk data to Tableau Desktop. I have accelerated the saved search but tableau is not retrieving the accelerated results from Splunk, but rerunning the saved search query. Hence, I do not get all fields when I pull data from Splunk to Tableau. How do we access the accelerated results in Tableau?

xpac · ‎05-02-2018

I'm not a Tableau professional, so you might be better off asking in a Tableau community or their support, but I've given it a quick look.
As far as I see you can only tell Tableau to load a certain saved search, but it doesn't support to load the results from a scheduled run.

You could however try this:

Save your search, schedule it, wait until it ran at least once
Create a second search, using this query: | loadjob savedsearch="MyUser:MyApp:MySavedSearch"

You obviously have to replace MyUser, MyApp and MySavedSearch - this search should simply load the last result from your other search. You can then refer to the second search from Tableau.

Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂

eugenek · ‎11-09-2018

We came to a similar conclusion. The additional benefit is that the account you use to access Splunk from Tableau does not need access to the indexes queried by the initial search. As long as it has permissions to see the results of the first query, it can use loadjob.

Splunk to Tableau Connector Issue

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!