feat(cloud-query): integrate Splunk connection support to cloud query#3350
Merged
michaeljguarino merged 10 commits intomasterfrom Mar 30, 2026
Merged
Conversation
- Add SplunkConnection module and corresponding fields in toolquery Protobuf definitions - Update tool enums and schema definitions to include Splunk - Implement Splunk connection configuration changesets - Extend GraphQL types to support Splunk connection attributes
floreks
changed the title
Contributor
Greptile SummaryThis PR integrates Splunk as a new log-query data source across the full stack: a new Key changes:
Issues found:
Confidence Score: 4/5Safe to merge after addressing the unbounded empty-query scan risk; all prior P0/P1 concerns from previous review rounds have been resolved. All previously flagged critical issues (Bearer vs Splunk auth, scanner buffer too small, preview-result duplication, ghost entries from non-result lines, non-deterministic timestamps) are now correctly handled. One new P1 remains: an empty go/cloud-query/internal/tools/provider_splunk.go — empty-query guard in
|
| Filename | Overview |
|---|---|
| go/cloud-query/internal/tools/provider_splunk.go | Core Splunk log provider; previous P1 issues (preview filtering, 10 MB scanner buffer, ghost entries, non-deterministic timestamps) are all addressed; unbounded search on empty query is a remaining concern. |
| go/cloud-query/internal/tools/clients/splunk.go | New Splunk HTTP client; correctly uses Splunk auth scheme (not Bearer), opt-in InsecureSkipVerify via URL query param, and normalises the base URL before use. |
| go/cloud-query/internal/tools/clients/splunk_test.go | Tests normalizeSplunkURL only; no coverage for provider_splunk.go parsing/filtering logic. |
| go/cloud-query/internal/tools/provider.go | Splunk wired into newLogsProvider switch — clean and consistent with existing provider pattern. |
| lib/console/schema/workbench_tool.ex | Splunk schema added with encrypted credentials, auth validation (token or username/password required), and correct category inference (:logs). |
| lib/console/ai/workbench/conversion.ex | Splunk proto conversion added consistently with other providers, mapping all four connection fields. |
| go/cloud-query/api/proto/toolquery.proto | SplunkConnection message and splunk oneof case (field 6) added correctly to proto definition. |
Reviews (6): Last reviewed commit: "refactor(splunk): remove redundant token..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
…dant JSON marshalling
- Introduce klog for informative logging when Splunk log timestamp is missing - Default to zero time to avoid errors in parsing routines when timestamp is empty
- Introduce Splunk connection types and attributes in GraphQL schema - Update Go client models to reflect Splunk integration - Expand tool enums to include Splunk
Member
Author
|
@greptileai review again |
- Add `Preview` field to `SplunkSearchResponse` structure - Skip processing of preview responses or those lacking essential fields (Message, Timestamp)
Member
Author
|
@greptileai all fixed, check again |
…nd increase scanner buffer size - Set both 'Authorization' headers for compatibility with older versions. - Increase scanner buffer size to 10MB in `toLogsQueryOutput` for handling larger responses.
Member
Author
|
@greptileai review again |
- Use klog to log errors instead of returning them. - Continue processing other items after logging an error.
- Remove redundant unit tests for `SplunkProvider` that are no longer needed.
…-workbench-splunk-logs-support
…ance label processing - Eliminate unnecessary token auth code for backwards compatibility. - Add logic to remove empty labels in `provider_splunk.go`. - Simplify `parseTime` function by changing input type to string.
Member
Author
|
@greptileai review |
michaeljguarino
approved these changes
Mar 30, 2026
michaeljguarino
deleted the
sebastian/prod-4508-workbench-splunk-logs-support
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Test Plan
Locally w/ plrl-dev-aws
Checklist
Plural Flow: console