Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to access splunk data from Postgres without moving data?

akshayt
New Member
‎02-27-2019 07:31 AM

I need to access splunk data from postgres.

Used DB Connect to implement this. But DB Connect export data from SPlunk and load into postgres. I don't want to move data out of Splunk.
Rather, I need to do something like use postgres foreign table concept and access splunk data.
Is it possible to do this? If yes, how can I implement this?
If not with postgres, is it possible to do with any other RDBMS then?

Thanks a lot.

0 Karma
Reply

solarboyz1
Builder
‎02-27-2019 01:52 PM

The vendor can correct me, but I'm pretty sure the answer is no.

This would require Splunk to have an SQL interface that the RDBMS system could interface.
Or the RDMB system would need a restAPI module, that can be used to translate your SQL calls to Splunk searches against its restAPI.

My recommendation is to skin this cat a different way.

The easier solution is to switch where you run the search from. Since Splunk has part of the data you require AND can search against the RDBMS, have you considered searching both from Splunk? This allows the data to continue to live in postGRE or Splunk, but Splunk can produce reports across both.

0 Karma
Reply

di2esysadmin
Path Finder
‎11-01-2019 10:08 AM

Hi xanthakita,

Yes, the HF is receiving data from AWS Cloudwatch using the ‘Splunk Add-on for AWS’ App default values: index=aws_rds_logs and sourcetype=aws:rds.

Our HF is configured to forward only, in our case to 2 Indexer hosts.

My goal is to get Splunk Stream to process the Postgres data already available in the index=aws_rds_logs without moving data.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...