Splunk and New Relic are the most popular Observability platforms. Splunk is a powerful operational intelligence & log monitoring tool. New Relic product suite includes Application Performance Monitoring (APM), Real User Monitoring (Browser), Synthetics, Mobile, Infrastructure, and a lot more.

Similar to Splunk SPL (Search Processing Language), New Relic provides NRQL (New Relic Query Language) to query the data and visualize in New Relic One & New Relic Insights.

Example SPL: index=main | stats count
Example NRQL: select count(*) from PageView

The Splunk Add-on and App for New Relic in Splunkbase delivers what it promises. However, the add-on collects data from New Relic and indexes it in Splunk, which adds to the Splunk license and storage.

Have you ever thought about executing NRQL statements to query New Relic data in Splunk at no extra cost, the same way you run ad-hoc queries to remote databases using dbxquery command?

New Relic NRQL Command for Splunk is the answer to your question. This app contains Splunk Generating Command nrql which queries New Relic and generates Splunk reports from the query results returned.

Syntax:
| nrql connection=<string> query=<string> (output=_raw)?

Example 1:
| nrql connection="example-account" query="select count(*) from PageView since yesterday"

Example 2:
| nrql connection="example-account" query="select count(*) from PageView since yesterday facet deviceType" | table deviceType, count

Example 3:
| nrql connection="example-account" query="select count(*) from PageView since '2020-05-03 00:00:00' until '2020-05-04 00:00:00' facet deviceType timeseries auto" | eval _time=strptime(beginTimeSeconds,"%s") | xyseries _time, deviceType, count

Download the app today from Splunkbase: https://splunkbase.splunk.com/app/4988/

Would you like to try this app on a Splunk sandbox before deploying it on a production search head? Try Splunk Sandbox The Easy Way.

For documentation and source code, please see https://github.com/dmanojbaba/splunk-command-newrelic-nrql