Quickstart¶
intake-splunk
provides quick and easy access to tabular data stored in
Apache Splunk
This plugin reads splunk query results without random access: there is only ever a single partition.
Installation¶
To use this plugin for intake, install with the following command:
conda install -c intake intake-splunk
Usage¶
Ad-hoc¶
After installation, the function intake.open_splunk
will become available. It can be used to execute queries on the splunk
server, and download the results as a list of dictionaries.
Three parameters are of interest when defining a data source:
query: the query to execute, using Splunk’s `Query Syntax`_
Creating Catalog Entries¶
To use, catalog entries must specify driver: splunk
.