Splunk + Steampipe
Splunk software is used for searching, monitoring and analyzing log data.
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
List indexes in your Splunk account:
select name, max_time, total_event_countfrom splunk_index;
+----------------+---------------------+-------------------+| name | max_time | total_event_count |+----------------+---------------------+-------------------+| my_event_index | 2021-11-18T01:29:21 | 2345 |+----------------+---------------------+-------------------+
Documentation
Get started
Install
Download and install the latest Splunk plugin:
steampipe plugin install splunk
Configuration
Installing the latest splunk plugin will create a config file (~/.steampipe/config/splunk.spc
) with a single connection named splunk
:
connection "splunk" { plugin = "splunk"
# Splunk base URL. # Can also be set with the SPLUNK_URL environment variable. # Defaults to "https://localhost:8089". url = "https://localhost:8089"
# You can connect to Splunk using one of the options below:
# 1. Authenticate using username and password # If `username` or `password` are not specified credentials will be loaded # from the `SPLUNK_USERNAME` and `SPLUNK_PASSWORD` environment variables # respectively. # username = "admin" # password = "password"
# 2. Authenticate using Splunk authentication token # If `auth_token` is not specified, it will be loaded from the # `SPLUNK_AUTH_TOKEN` environment variable. # auth_token = "<YOUR_AUTH_TOKEN>"}
Get involved
- Open source: https://github.com/turbot/steampipe-plugin-splunk
- Community: Join #steampipe on Slack →