About Federated Search for Azure Databricks
Run federated searches from your Splunk platform deployment over Azure Databricks tables stored remotely in Unity Catalog using SPL2 search commands and syntax.
Federated Search for Azure Databricks lets you run federated searches from your Splunk platform deployment over Azure Databricks tables stored remotely in Unity Catalog. When you run these federated searches, you'll use familiar SPL2 search commands and syntax.
What you need to get started
-
You must have a Splunk Cloud Platform (SCP) deployment.
-
Your user account on the SCP deployment must have a role with the
edit_connectionsandedit_datasetscapabilities. See Define roles on the Splunk platform with capabilities in the Splunk Cloud Platform Manage Users and Security manual. -
You must have access to an Azure Databricks workspace with a runtime of 11.3 LTS or higher that contains the data you want to share and which is assigned to a Unity Catalog metastore. See Enable Unity Catalog for a workspace.
Checklist of tasks to set up Federated Search for Azure Databricks
Use this checklist to guide you through the cross-account setup of Federated Search for Azure Databricks.
| Step | Task | Description |
|---|---|---|
| 1 | Create an Azure Databricks connection | You upload a Delta Sharing credentials file to a connection to give it the ability to authenticate federated searches over Azure Databricks datasets from your Splunk platform deployment. |
| 2 | Define an Azure Databricks dataset | When combined with a connection, a dataset provides the ability to run searches over a specific Unity Catalog table in your Azure Databricks workspace. |
| 3 | Give your users role-based access control of federated datasets | After you have successfully created an Azure Databricks dataset, give your users role-based access to it. |
| 4 | Write and run federated searches over federated datasets with SPL2 | Run federated searches over your new Azure Databricks dataset with SPL2. |