Databricks Community

Arch_dbxlearner · ‎01-02-2024

Hi,

I have recently started Splunk Integration with Databricks. Basically I am trying to ingest the data from Splunk to Databricks. I have gone through the documentation regarding Splunk Integration. There are some basic information about the integration but I am looking for something else which is not available in the document.

I would like to know the ways which are possible with data ingestion from Splunk.

- Can we send the log data directly from Splunk to Databricks?
- Do any intermediate tools/api required for the communication? If it's mandatory, then what are the possible tools/api?
- Splunk have event data and metric data. Is it possible to pick both these type of data by Databricks?

Could anyone please help me out with these queries?

Arch_dbxlearner · ‎01-03-2024

Thankyou @Retired_mod for the clear explanation.

I have another set of questions. Please provide your suggestion on these as well.

I have gone through a tool called "Open Telemetry", which collects the logs, metrics, etc.,. Can this tool be used as an intermediate between Databricks and Splunk?
Instead of having the Splunk to collect the event data from our application, is there any way to send the application/system logs directly to Databricks?
Is it possible to send the complete raw data and/or customised filter data from application to Databricks?

Thankyou!

Arch_dbxlearner · ‎01-05-2024

Thankyou @Retired_mod .

Currently I am planning to check the possible ways to send the sample data to Databricks from Splunk without any third party tool's intervention.

Let me play around with those and get back to you if I need any guidance at any place.

Thanks once again!

Arch_dbxlearner · ‎01-09-2024

@Retired_mod

You have mentioned that Databricks Add-on for Splunk, is bidirectional. Do we need to install this app on Databricks itself, to fetch the data from Splunk?

I tried to check this add-on on Databricks Marketplace but I could not find this. Can you please let me know the process to install the add-on?

I am looking to push the data from Splunk to Databricks and do some process and activity on daily basis. Could you please suggest me on this?

Arch_dbxlearner · ‎01-09-2024

Hi @Retired_mod

Can you please guide me on this?

Arch_dbxlearner · ‎01-22-2024

Hi @Retired_mod

I have gone through the github page of Databricks - Splunk integration. In the architecture diagram it is mentioned with 3 sections.

Setting up Databricks add-on for Splunk
Configuring Splunk DB Connect app
Creating Notebook for push and pull data from Splunk

My requirement is only to fetch the data from Splunk and put in Databricks to do analysis and create dashboard. so I assumed, for my usecase 3rd option is the method to be done and I have followed the github page - here.

I have installed the databricks cli, created a secret scope to save Splunk credentials. Now I am working on the Notebook part to create Python code to fetch data.

Am I going in the right way?
Is it sufficient to follow and setup only the 3rd method, if I need only one way communication which is from Splunk to Databricks?
Also I am referring this document here for Python script of my Notebook. Can I use this?

Could you please guide me on this to proceed further?