Overview

Use Hydrolix as a back-end datastore for existing Splunk tables to take advantage of low-latency queries, long-term retention, and cost savings.

Hydrolix Search for Splunk can query raw data tables and summary tables for quick charting. The hdxsearch command uses the Splunk time picker to set the query window. Each table's primary timestamp defines the time-range filter.

hdxsearch supports field names in SELECT statements and full ClickHouse SQL expressions in WHERE clauses. For SQL functions or expressions in the SELECT portion, use the Splunk with DB Connect method instead.

Hydrolix Search for Splunk also includes the hdxdescribe command, which lists available projects, tables, and column schemas in Splunk.

See also

• Boost Splunk Performance and Reduce Costs 6x With Hydrolix - How the Hydrolix Search for Splunk integration improves query performance and reduces infrastructure costs
• Analyze High-Volume Hydrolix Data in Splunk - Walkthrough of analyzing and visualizing large Hydrolix datasets directly in Splunk