Categories

Versions

You are viewing the RapidMiner Studio documentation for version 9.9 - Check here for latest version

Using the Splunk Connector

The Splunk connector allows you to read search results from a Splunk server. Using the Search Splunk operator you can run different search queries. This document will walk you through how to:

Install the Splunk Connector extension

First, you need to install the Splunk Extension:

Connect to Your Splunk Server

Before you can use the Splunk connector, you have to configure a new Splunk connection. For this purpose, you will need the connection details of your Splunk server (host name and port). If your Splunk server requires authentication, you will also need valid credentials.

  1. In RapidMiner Studio, right-click on the repository you want to store your Cassandra connection in and choose New Connection Icon Create Connection.

    You can also click on Connections > New Connection Icon Create Connection and select the repository from the dropdown of the following dialog.

  2. Enter a name for the new connection, and set Connection Type to Splunk Icon Splunk:

  3. Click on Create IconCreate and switch to the Setup tab in the Edit connection dialog.

  4. Fill in the connection details of your Splunk server:

    The preconfigured port is the default port used by Splunk. Note that Splunk does not require user authentication by default.

    While not required, we recommend testing your new Cassandra connection by clicking the Connection Test IconTest connection button. If the test fails, please check whether the details are correct.

  5. Click Save IconSave to save your connection and close the Edit connection dialog.

You can now use the newly created connection with the Search Splunk operator!

Search your Splunk server

The Search Splunk operator allows to query Splunk servers.

  1. Open a new process New Process Icon in RapidMiner Studio, drag the Search Splunk operator into the Process view, and connect its output port to the result port of the process: Select your Splunk connection for the connection entry parameter from the connections folder of the repository you stored it in by clicking on the repository chooser icon button next to it:

    Alternatively, you can drag the Splunk connection from the repository into the Process Panel and connect the resulting operator with the Read Cassandra operator.

  2. Define the search query using Splunk Search Processing Language by clicking on the query parameter.

  3. Optionally, specify a time range to search in by setting the ealiest time and latest time parameters. Furthermore you can adjust the pagination by changing the offset and limit parameters or turn pagination off completely.

  4. Run Run Process the process! In the Result Perspective, you should see the example set resulting from your query. Note that deselecting pagination may lead to a huge number of results and your process might run for a while.