4 Replies Latest reply: May 10, 2017 4:14 PM by Steve Rimar RSS

    Qlik Sense connectivity with Splunk

    Jai Soni

      We would like to read data from Splunk as a source type and checking if anyone is already using them. I guess as per Qlik they don't officially support the Splunk ODBC connectors or provide data connectors for the same.

        • Re: Qlik Sense connectivity with Splunk
          liron baram

          hi

          i manage to use splunk odbc to read data ,

          but splunk ODBC only work when all splunk parts are installed on the same machine ,

          in large volumes this wouldn't be the case , in my case we settled on writing the splunk query

          to text file and them reading it to Qlik

            • Re: Qlik Sense connectivity with Splunk
              Jai Soni

              Hi Liron,

               

              Could you please throw some light on below points:

              a) but splunk ODBC only work when all splunk parts are installed on the same machine -- What are the splunk parts we need to install and i believe machine you are referring to would Qlik Sense hosts.

              b) we settled on writing the splunk query to text file and them reading it to Qlik -- Are you not generating sql in Qlik Sense connecting splunk odbc drivers?

                • Re: Qlik Sense connectivity with Splunk
                  liron baram

                  hi

                  first point on the qlik sense server you'll need splunk odbc

                  the question is how splunk is setup. if all the installation of the splunk is on one machine the ODBC will work

                  otherwise it won't

                  because of the first problem we used  command line tools to fetch data from splunk that we run with batch file

              • Re: Qlik Sense connectivity with Splunk
                Steve Rimar

                Hi Jai -

                There are a lot of limitations with the Splunk ODBC connector:

                • Only works with saved searches in Splunk
                • Does not work with clustered Splunk servers
                • Performance is very slow due to the overhead of ODBC
                • I has issues with enterprise security especially when deployed on the Qlik Publisher


                We actually wrote our own Splunk connector for Qlik that solves these issues and works with live searches so you can do incremental loading. Here's a link to it on Qlik Market and on our website:

                 

                Thanks,

                Steve