turbot/splunk

GitHub
steampipe plugin install splunksteampipe plugin install splunk

Splunk + Steampipe

Splunk software is used for searching, monitoring and analyzing log data.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

List indexes in your Splunk account:

select
name,
max_time,
total_event_count
from
splunk_index;
+----------------+---------------------+-------------------+
| name | max_time | total_event_count |
+----------------+---------------------+-------------------+
| my_event_index | 2021-11-18T01:29:21 | 2345 |
+----------------+---------------------+-------------------+

Documentation

Get started

Install

Download and install the latest Splunk plugin:

steampipe plugin install splunk

Configuration

Installing the latest splunk plugin will create a config file (~/.steampipe/config/splunk.spc) with a single connection named splunk:

connection "splunk" {
plugin = "splunk"
# Splunk base URL.
# Can also be set with the SPLUNK_URL environment variable.
# Defaults to "https://localhost:8089".
url = "https://localhost:8089"
# You can connect to Splunk using one of the options below:
# 1. Authenticate using username and password
# If `username` or `password` are not specified credentials will be loaded
# from the `SPLUNK_USERNAME` and `SPLUNK_PASSWORD` environment variables
# respectively.
# username = "admin"
# password = "password"
# 2. Authenticate using Splunk authentication token
# If `auth_token` is not specified, it will be loaded from the
# `SPLUNK_AUTH_TOKEN` environment variable.
# auth_token = "<YOUR_AUTH_TOKEN>"
}

Get involved