The Splunk connector allows you to read search results from a Splunk server. Using theSearch Splunkoperator you can run different search queries. This document will walk you through how to:
Before you can use the Splunk connector, you have to configure a new Splunk connection. For this purpose, you will need the connection details of your Splunk server (host name and port). If your Splunk server requires authentication, you will also need valid credentials.
In RapidMiner Studio, right-click on the repository you want to store your Cassandra connection in and chooseCreate Connection.
You can also click onConnections >Create Connectionand select therepositoryfrom the dropdown of the following dialog.
Enter a name for the new connection, and setConnection TypetoSplunk:
Click onCreateand switch to theSetuptab in theEdit connectiondialog.
Fill in the connection details of your Splunk server:
The preconfigured port is the default port used by Splunk. Note that Splunk does not require user authentication by default.
While not required, we recommend testing your new Cassandra connection by clicking theTest connectionbutton. If the test fails, please check whether the details are correct.
ClickSaveto save your connection and close theEdit connectiondialog.
You can now use the newly created connection with theSearch Splunkoperator!
Search your Splunk server
TheSearch Splunkoperator allows to query Splunk servers.
打开一个新过程sin RapidMiner Studio, drag theSearch Splunkoperator into theProcessview, and connect its output port to the result port of the process: Select your Splunk connection for theconnection entryparameter from the connections folder of the repository you stored it in by clicking on thebutton next to it:
Alternatively, you can drag the Splunk connection from the repository into theProcess Paneland connect the resulting operator with theRead Cassandraoperator.
Define the search query using Splunk Search Processing Language by clicking on thequeryparameter.
Optionally, specify a time range to search in by setting theealiest timeandlatest timeparameters. Furthermore you can adjust the pagination by changing theoffsetandlimitparameters or turnpaginationoff completely.
Runthe process! In the Result Perspective, you should see the example set resulting from your query. Note that deselectingpaginationmay lead to a huge number of results and your process might run for a while.
Create Connection.
Splunk:
Createand switch to theSetuptab in theEdit connectiondialog.
Test connectionbutton. If the test fails, please check whether the details are correct.
Create Connection.
Splunk:
Createand switch to theSetuptab in theEdit connectiondialog.
Test connectionbutton. If the test fails, please check whether the details are correct.
in RapidMiner Studio, drag theSearch Splunkoperator into theProcessview, and connect its output port to the result port of the process: Select your Splunk connection for theconnection entryparameter from the connections folder of the repository you stored it in by clicking on the
button next to it:
the process! In the Result Perspective, you should see the example set resulting from your query. Note that deselectingpaginationmay lead to a huge number of results and your process might run for a while.
in RapidMiner Studio, drag theSearch Splunkoperator into theProcessview, and connect its output port to the result port of the process: Select your Splunk connection for theconnection entryparameter from the connections folder of the repository you stored it in by clicking on the
button next to it:
the process! In the Result Perspective, you should see the example set resulting from your query. Note that deselectingpaginationmay lead to a huge number of results and your process might run for a while.