Getting Data In

How to access splunk data from Postgres without moving data?

akshayt
New Member

I need to access splunk data from postgres.

Used DB Connect to implement this. But DB Connect export data from SPlunk and load into postgres. I don't want to move data out of Splunk.
Rather, I need to do something like use postgres foreign table concept and access splunk data.
Is it possible to do this? If yes, how can I implement this?
If not with postgres, is it possible to do with any other RDBMS then?

Thanks a lot.

0 Karma

solarboyz1
Builder

The vendor can correct me, but I'm pretty sure the answer is no.

This would require Splunk to have an SQL interface that the RDBMS system could interface.
Or the RDMB system would need a restAPI module, that can be used to translate your SQL calls to Splunk searches against its restAPI.

My recommendation is to skin this cat a different way.

The easier solution is to switch where you run the search from. Since Splunk has part of the data you require AND can search against the RDBMS, have you considered searching both from Splunk? This allows the data to continue to live in postGRE or Splunk, but Splunk can produce reports across both.

0 Karma

di2esysadmin
Path Finder

Hi xanthakita,

Yes, the HF is receiving data from AWS Cloudwatch using the ‘Splunk Add-on for AWS’ App default values: index=aws_rds_logs and sourcetype=aws:rds.

Our HF is configured to forward only, in our case to 2 Indexer hosts.

My goal is to get Splunk Stream to process the Postgres data already available in the index=aws_rds_logs without moving data.

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...