Quickstart

intake-splunk provides quick and easy access to tabular data stored in Apache Splunk

This plugin reads splunk query results without random access: there is only ever a single partition.

Installation

To use this plugin for intake, install with the following command:

conda install -c intake intake-splunk

Usage

Ad-hoc

After installation, the function intake.open_splunk will become available. It can be used to execute queries on the splunk server, and download the results as a list of dictionaries.

Three parameters are of interest when defining a data source:

Creating Catalog Entries

To use, catalog entries must specify driver: splunk.

Using a Catalog