Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to access splunk data from Postgres without moving data?

akshayt
New Member
‎02-27-2019 07:31 AM

I need to access splunk data from postgres.

Used DB Connect to implement this. But DB Connect export data from SPlunk and load into postgres. I don't want to move data out of Splunk.
Rather, I need to do something like use postgres foreign table concept and access splunk data.
Is it possible to do this? If yes, how can I implement this?
If not with postgres, is it possible to do with any other RDBMS then?

Thanks a lot.

0 Karma
Reply

solarboyz1
Builder
‎02-27-2019 01:52 PM

The vendor can correct me, but I'm pretty sure the answer is no.

This would require Splunk to have an SQL interface that the RDBMS system could interface.
Or the RDMB system would need a restAPI module, that can be used to translate your SQL calls to Splunk searches against its restAPI.

My recommendation is to skin this cat a different way.

The easier solution is to switch where you run the search from. Since Splunk has part of the data you require AND can search against the RDBMS, have you considered searching both from Splunk? This allows the data to continue to live in postGRE or Splunk, but Splunk can produce reports across both.

0 Karma
Reply

di2esysadmin
Path Finder
‎11-01-2019 10:08 AM

Hi xanthakita,

Yes, the HF is receiving data from AWS Cloudwatch using the ‘Splunk Add-on for AWS’ App default values: index=aws_rds_logs and sourcetype=aws:rds.

Our HF is configured to forward only, in our case to 2 Indexer hosts.

My goal is to get Splunk Stream to process the Postgres data already available in the index=aws_rds_logs without moving data.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...