Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to access splunk data from Postgres without moving data?

akshayt
New Member
‎02-27-2019 07:31 AM

I need to access splunk data from postgres.

Used DB Connect to implement this. But DB Connect export data from SPlunk and load into postgres. I don't want to move data out of Splunk.
Rather, I need to do something like use postgres foreign table concept and access splunk data.
Is it possible to do this? If yes, how can I implement this?
If not with postgres, is it possible to do with any other RDBMS then?

Thanks a lot.

0 Karma
Reply

solarboyz1
Builder
‎02-27-2019 01:52 PM

The vendor can correct me, but I'm pretty sure the answer is no.

This would require Splunk to have an SQL interface that the RDBMS system could interface.
Or the RDMB system would need a restAPI module, that can be used to translate your SQL calls to Splunk searches against its restAPI.

My recommendation is to skin this cat a different way.

The easier solution is to switch where you run the search from. Since Splunk has part of the data you require AND can search against the RDBMS, have you considered searching both from Splunk? This allows the data to continue to live in postGRE or Splunk, but Splunk can produce reports across both.

0 Karma
Reply

di2esysadmin
Path Finder
‎11-01-2019 10:08 AM

Hi xanthakita,

Yes, the HF is receiving data from AWS Cloudwatch using the ‘Splunk Add-on for AWS’ App default values: index=aws_rds_logs and sourcetype=aws:rds.

Our HF is configured to forward only, in our case to 2 Indexer hosts.

My goal is to get Splunk Stream to process the Postgres data already available in the index=aws_rds_logs without moving data.

0 Karma
Reply
Get Updates on the Splunk Community!

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...

How to Send Splunk Observability Alerts to Webex teams in Minutes

As a Developer Evangelist at Splunk, my team and I are constantly tinkering with technology to explore its ...
Top