SQL MR: SPLUNK_CONNECT

Aster Field Strong
Teradata Employee

THIS IS A BETA CUSTOM SQL-MR FUNCTION AND IS NOT SUPPORTED BY TERADATA ENGINEERING, CLIENT SUPPORT, or the FIELD.  PLEASE USE AT YOUR OWN RISK.

Pull or Push data from / to Splunk from Aster.

SQL-MR Usage:

SELECT * FROM SPLUNK_CONNECT (
      ON {table_name|view_name|(query)}
      PARTITION BY 1
      HOST('host') --hostname, IP address, or fully qualified domain name
      USERNAME('username') --username
      PASSWORD('password') --password
      MODE('push'|'pull'|'test') --push or pull or test
      --[for push]
      SOURCE('source') --source name
      SOURCE_TYPE('source_type') --source type is the format of the data input (note: source type determines how Splunk formats your data)
      INDEX('index') --index in which events will be located
      EVENT_COL('event_col') --column that contains the event to be pushed to splunk
      --[for pull]
      SEARCH('query') -- splunk search query
      EARLIEST_TIME('time') -- can be UTC time (w/ fractional sec), a relative time specifier (to now), or a formatted time string
      LATEST_TIME('time') -- can be UTC time (w/ fractional sec), a relative time specifier (to now), or a formatted time string
      OUTPUT_FORMAT('json'|'xml') -- json or xml
);

PUSH EXAMPLE:
select * from splunkconnect (
    ON sample
    partition by 1
    host('192.168.100.151')
    username('admin')
    password('splunk')
    mode('push')
    source('sample_demo')
    source_type('sample_demo')
    index('main')
    event_col('path')
);

PULL EXAMPLE:
select * from splunkconnect (
    ON (select 1)
    partition by 1
    host('192.168.100.151')
    username('admin')
    password('splunk')
    mode('pull')
    search('* | head 10')
    earliest_time('2015-06-19T12:00:00.000-07:00')
    latest_time('-1m')
    output_format('json')
);

TEST EXAMPLE
select * from splunkconnect (
    ON sample
    partition by 1
    host('192.168.100.151')
    username('admin')
    password('splunk')
    mode('test')
);