Connecting to Splunk

Establishing a Connection shows how to authenticate to Splunk and configure any necessary connection properties. You can also configure cmdlet capabilities through the available Connection properties, from data modeling to firewall traversal. The Advanced Settings section shows how to set up more advanced configurations and troubleshoot connection errors.

Connecting from PowerShell

The CData Cmdlets PowerShell Module for Splunk provides a familiar way to interact with Splunk from PowerShell. The cmdlets provide a standard PowerShell interface and an SQL interface to live data. The CData cmdlets enable you to work with Splunk using standard PowerShell objects; you can chain the cmdlets to each other or other cmdlets in pipelines. The cmdlets also support PowerShell debug streams.

Data Manipulation with Cmdlets

See Establishing a Connection to learn how to get started with the Connect-Splunk cmdlet. You can then pass the SplunkConnection object returned to other cmdlets for accessing data:

• Select-Splunk
• Add-Splunk
• Update-Splunk
• Remove-Splunk

Executing SQL from PowerShell

You can execute any SQL query with the Invoke-Splunk cmdlet.

Accessing Debug Output from Streams

See Capturing Errors and Logging to obtain the debug output through PowerShell streams.

PowerShell Version Support

The standard cmdlets are supported in PowerShell 2, 3, 4, and 5.

Splunk Version Support

The cmdlet leverages the Splunk REST API to enable you to access data models in Splunk Enterprise or Splunk Cloud as relational databases, enabling bidirectional access to reports, datasets, and table datasets. It supports Splunk Enterprise v9.1.2 and Splunk Cloud v9.1.2038.

Note: Splunk does not enable access to their API for users with free trial accounts. Connecting using the cmdlet requires a paid Splunk account.