Sending Data from Splunk To Database Using DB Connect ( DBX – Part 3)

Sending Data from Splunk To Database Using DB Connect ( DBX – Part 3)

In this post we are covering how to to create an output in the “Splunk DB Connect” application and get the most out of your database with Splunk.

Creating an “Output” in “Splunk DB Connect” application
Step-1: Navigate to the “Outputs” page, and click on the “New output” button.

Screenshot (172)
Step-2:  Set up Search,

Screenshot (174)
Search/Saved Search : Select whether you want to write a new search or you want to use a saved search.
Run the search to check the output of your search/saved search.
Once you are satisfied with the output, click on the “Next” button.
Step-3: Choose Table,

Screenshot (175)


Connection :  Select the connection you want to use
for this input.

Catalog : Select the Catalog (if available).
Schema : Select the Schema from your database.
Table : Search for the table/click on the table
name where you want to push the data
from Splunk.

Here, we are using a table “METHOD_INFO”,
Verify the “Table Schema”and click on the “Next” button.
Step-4: Fields Mapping

Screenshot (176)
Fields Mapping Section:
Here, you map the data fields from Splunk to the database table. You just need to click on the “Search fields” and the corresponding “Table Contents”.
You can add multiple search fields by clicking on the “Add Search  Field” button.
Upsert Configuration:
Enabling this behavior overrides any rows with the same values, you need to choose a column that can be used as a “key”.
Click on the “Next” button to move further into the configuration.
Step-5: Set properties,

Screenshot (177)

Name : Provide a unique name for this output.
Description (Optional): Add a description about what
this output does.

Application: Select the app context.
Query Timeout : Specify how long to wait for the query to
complete

Scheduling : Click on the box to enable scheduling for
this output, otherwise the output behaves as
a single shot query.

Execution Frequency :  Set the time interval(s) at which
this query should run (CRON Expression).

Click on the “Finish” button to finish the configuration.
You should get the “Done” screen as shown below.

You can also know about :  How to Configure Splunk DB Connect ( DBX - Part 1 )

Screenshot (178)

Step-5: Now you will be to see the data in the database. You can check with Database Team to verify whether data has been stored into the database or not. See the below screenshot for our database.

Screenshot (1)

Additionally, you can use the “SQL Explorer” to test/experiment with your SQL queries before you use them to create inputs/outputs etc.

Screenshot (189)
Hope, this post was worth a read.

Happy Splunking!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.