Getting Data In

How to access splunk data from Postgres without moving data?

akshayt
New Member

I need to access splunk data from postgres.

Used DB Connect to implement this. But DB Connect export data from SPlunk and load into postgres. I don't want to move data out of Splunk.
Rather, I need to do something like use postgres foreign table concept and access splunk data.
Is it possible to do this? If yes, how can I implement this?
If not with postgres, is it possible to do with any other RDBMS then?

Thanks a lot.

0 Karma

solarboyz1
Builder

The vendor can correct me, but I'm pretty sure the answer is no.

This would require Splunk to have an SQL interface that the RDBMS system could interface.
Or the RDMB system would need a restAPI module, that can be used to translate your SQL calls to Splunk searches against its restAPI.

My recommendation is to skin this cat a different way.

The easier solution is to switch where you run the search from. Since Splunk has part of the data you require AND can search against the RDBMS, have you considered searching both from Splunk? This allows the data to continue to live in postGRE or Splunk, but Splunk can produce reports across both.

0 Karma

di2esysadmin
Path Finder

Hi xanthakita,

Yes, the HF is receiving data from AWS Cloudwatch using the ‘Splunk Add-on for AWS’ App default values: index=aws_rds_logs and sourcetype=aws:rds.

Our HF is configured to forward only, in our case to 2 Indexer hosts.

My goal is to get Splunk Stream to process the Postgres data already available in the index=aws_rds_logs without moving data.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...