The add-in models Splunk reports, searches, datasets, and data models as tables in a relational database that you can read from/write to with SQL-92 queries.

Dynamic Schema Generation

You can work with all of the tables in your account: when you connect the add-in retrieves the metadata from Splunk and dynamically reflects any changes in the table schemas.

You can call the CreateSchema stored procedure to persist a static schema across connections. The stored procedure saves the schema to a text file; the text file has a simple format that also makes schemas easy to customize.

Tables

See Tables for more details on updating and querying datasets, data models, and searches.

Views

The add-in also surfaces data through Views representing the following Splunk objects:

• Reports: See LookUpReport for an example of a view representing a saved report in Splunk.
• Data-model datasets: See AlertsInInternalServer for an example of a view representing a dataset. See Datasets to retrieve a list of dataset views.
• Table-type datasets: See UploadedModel for an example of a view representing a table dataset in Splunk.