Spread our blog

Splunk DB Connect

In this post we will see, how to connect a RDBMS Database to Splunk.
For this we need a Splunk add-on, “Splunk DB Connect” it enables you to work with databases from Splunk. It can help you quickly integrate structured data sources with your Splunk real-time machine data collection.

Step-1:  Download the “Splunk DB Connect“ add-on on your browser.
Step-2:  On your Splunk Instance navigate to Manage Apps >> Install app from file, upload the add-on you just downloaded and restart Splunk once the installation is complete.
Step-3: Download the suitable “JRE” package for your platform on the server running “Splunk DB Connect”.
Click on the link below to visit the “JRE-8” download page:

NOTE: Please extract the JRE package to your desired directory.

Step-4: Select “Splunk DB Connect” from the list of apps.

Screenshot (138)
Step-5: Click on the “Setup” button.

Screenshot (139)
Step-6: Provide the “JRE Installation Path” and click on the Save button.
We kept the JRE package we downloaded under “/opt” dir.

Screenshot (141)
Your “Task Server” should restart successfully,

Screenshot (142)

Screenshot (143)

NOTE: In case, your “Task Server” isn’t responding/restarting, 
      consider giving a restart to the Server.

Step-7: Download the compatible “JDBC driver” for the “Database” and the “JRE/JDK”.
Here we have, “Oracle 11g XE” , and “JRE-8”.

Screenshot (161)
Step-8: Move the JDBC Driver to the below directory.
NOTE: We are using Oracle “ojdbc8.jar”.

Screenshot (153)

Screenshot (154)

Step-9: Check the “Drivers” page you should see your driver installed.
Click on the “Reload” button to reload the driver list.

You can also know about :  Splunk Infrastructure Monitoring Solution: Windows Platform Integration (Part-II)

Screenshot (156)
Step-10: Navigate to “Databases” >> “Identities“ and Click on the “New Identity” button.

Screenshot (148)
Step-11: Configure “New Identity”.

Screenshot (149)
Identity Name: Set a unique name for this identity.

NOTE: Please contact your “DBA” to obtain the required

Username: Provide the username to be used for connecting with the database. (We have a user named “splunk”)
Password: Provide the password for this username.

Step-12: Click on the “Save” button to save this identity.

Screenshot (150)
Step-13: Navigate to “Connections” and click on the “New Connection” button.

Screenshot (166)
Step-14: Configure “New Connection”.

Screenshot (164)

Connection Name: Provide a unique name for this connection.

Identity: Select the identity to be used for this connection.
          (the one we set up in Step-11).

Connection Type: Select the connection type, depending on the 
                 database that you are using.( we got a Oracle 
                 database for this demonstration).

Timezone : Specify the timezone to be used by "DB connect", 
           defaults to JVM timezone.

Host : Provide the hostname/ip of the DB server.

Port : It takes the default value of the port used by
       the DB, depending on the DB  you selected in 
       the "Database Type" option.

Screenshot (165)

Default Database : Mention the default database of the DB server. 
                  (Auto-populates by default depending on your 
                  Database Type)

Step-15: Click on the “Save” button to save this connection.

Screenshot (159)

Now, your Splunk is ready to import/export the data from/to the Database.
If you are interested to learn “Splunk DB Connect” operations, please follow the below blogs.

Sending Data from Database To Splunk Using DB Connect ( DBX – Part 2)

Sending Data from Splunk To Database Using DB Connect ( DBX – Part 3)

How TO Lookup With Database Using DB Connect ( DBX – Part 4 )

That’s all in this post.

You can also know about :  Integrate Zoom with Splunk: Splunk Connect for Zoom

Happy Splunking!!

What’s your Reaction?

Spread our blog



Please enter your comment!
Please enter your name here