steampipe plugin install splunksteampipe plugin install splunk

Splunk + Steampipe

Splunk software is used for searching, monitoring and analyzing log data.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

List indexes in your Splunk account:

select
  name,
  max_time,
  total_event_count
from
  splunk_index;

+----------------+---------------------+-------------------+
| name           | max_time            | total_event_count |
+----------------+---------------------+-------------------+
| my_event_index | 2021-11-18T01:29:21 | 2345              |
+----------------+---------------------+-------------------+

Documentation

Table definitions & examples →

Get started

Install

Download and install the latest Splunk plugin:

steampipe plugin install splunk

Configuration

Installing the latest splunk plugin will create a config file (~/.steampipe/config/splunk.spc) with a single connection named splunk:

connection "splunk" {
  plugin = "splunk"

  # Splunk base URL.
  # Can also be set with the SPLUNK_URL environment variable.
  # Defaults to "https://localhost:8089".
  url = "https://localhost:8089"

  # You can connect to Splunk using one of the options below:

  # 1. Authenticate using username and password
  # If `username` or `password` are not specified credentials will be loaded
  # from the `SPLUNK_USERNAME` and `SPLUNK_PASSWORD` environment variables
  # respectively.
  # username = "admin"
  # password = "password"

  # 2. Authenticate using Splunk authentication token
  # If `auth_token` is not specified, it will be loaded from the
  # `SPLUNK_AUTH_TOKEN` environment variable.
  # auth_token = "<YOUR_AUTH_TOKEN>"
}

Get involved

Open source: https://github.com/turbot/steampipe-plugin-splunk
Community: Join #steampipe on Slack →

turbot/splunk

Splunk + Steampipe

Documentation

Get started

Install

Configuration

Get involved

Steampipe

Resources

Community