Splunk DB Connect
In this post we will see, how to connect a RDBMS Database to Splunk.
For this we need a Splunk add-on, “Splunk DB Connect” it enables you to work with databases from Splunk. It can help you quickly integrate structured data sources with your Splunk real-time machine data collection.
Step-1: Download the “Splunk DB Connect“ add-on on your browser.
https://splunkbase.splunk.com/app/2686
Step-2: On your Splunk Instance navigate to Manage Apps >> Install app from file, upload the add-on you just downloaded and restart Splunk once the installation is complete.
Step-3: Download the suitable “JRE” package for your platform on the server running “Splunk DB Connect”.
Click on the link below to visit the “JRE-8” download page:
https://www.oracle.com/java/technologies/javase-server-jre8-downloads.html
NOTE: Please extract the JRE package to your desired directory.
Step-4: Select “Splunk DB Connect” from the list of apps.
Step-5: Click on the “Setup” button.
Step-6: Provide the “JRE Installation Path” and click on the Save button.
We kept the JRE package we downloaded under “/opt” dir.
Your “Task Server” should restart successfully,
NOTE: In case, your “Task Server” isn’t responding/restarting, consider giving a restart to the Server.
Step-7: Download the compatible “JDBC driver” for the “Database” and the “JRE/JDK”.
Here we have, “Oracle 11g XE” , and “JRE-8”.
Step-8: Move the JDBC Driver to the below directory.
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
NOTE: We are using Oracle “ojdbc8.jar”.
Step-9: Check the “Drivers” page you should see your driver installed.
Click on the “Reload” button to reload the driver list.
Step-10: Navigate to “Databases” >> “Identities“ and Click on the “New Identity” button.
Step-11: Configure “New Identity”.
Identity Name: Set a unique name for this identity.
NOTE: Please contact your “DBA” to obtain the required credentials.
Username: Provide the username to be used for connecting with the database. (We have a user named “splunk”)
Password: Provide the password for this username.
Step-12: Click on the “Save” button to save this identity.
Step-13: Navigate to “Connections” and click on the “New Connection” button.
Step-14: Configure “New Connection”.
Connection Name: Provide a unique name for this connection. Identity: Select the identity to be used for this connection. (the one we set up in Step-11). Connection Type: Select the connection type, depending on the database that you are using.( we got a Oracle database for this demonstration). Timezone : Specify the timezone to be used by "DB connect", defaults to JVM timezone. Host : Provide the hostname/ip of the DB server. Port : It takes the default value of the port used by the DB, depending on the DB you selected in the "Database Type" option.
Default Database : Mention the default database of the DB server.
(Auto-populates by default depending on your
Database Type)
Step-15: Click on the “Save” button to save this connection.
Now, your Splunk is ready to import/export the data from/to the Database.
If you are interested to learn “Splunk DB Connect” operations, please follow the below blogs.
Sending Data from Database To Splunk Using DB Connect ( DBX – Part 2)
Sending Data from Splunk To Database Using DB Connect ( DBX – Part 3)
How TO Lookup With Database Using DB Connect ( DBX – Part 4 )
That’s all in this post.
Happy Splunking!!
[…] HOW TO CONFIGURE SPLUNK DB CONNECT ( DBX – PART 1 ) […]
[…] How To Configure Splunk DB Connect ( DBX – PART 1 )Sending Data from Database To Splunk Using DB Connect ( DBX – Part 2)How TO Lookup With Database Using DB Connect ( DBX – Part 4 ) […]
[…] How To Configure Splunk DB Connect ( DBX – PART 1 ) Sending Data from Database To Splunk Using DB Connect ( DBX – Part 2) Sending Data from Splunk To Database Using DB Connect ( DBX – Part 3) […]