Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- App for SQL Logs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
App for SQL Logs
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ExtraHop now has a Splunkbase app for database monitoring. Databases supported are Oracle, Microsoft SQL, Informix, DB2, Sybase and Sybase IQ, Postgres, and MySql.
http://splunk-base.splunk.com/apps/53757/extrahop. Disclaimer: the Splunk App does require the ExtraHop APM platform to be installed as a real-time feed for Splunk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
By "SQL", what do you mean? Microsoft SQL Server? MySql? Generic log data written into a relational database? Or something else?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What types of logs from SQL are you trying to get? If you are looking to monitor the data being written to and read from a table, that sounds like a trace flag that you would write out to a file and then Splunk can pick up that file. I am not a SQL guy, but that is how I have seen it done before.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if you are using SQL 2005 or greater, you can to put in a login trigger. Within that trigger you can have it write to a file or to the Windows events (prefered).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm concern more on who is accessing my SQL Server and other System Status.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
http://splunk-base.splunk.com/apps/search/?q=sql
Not currently, no. Build one! 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Like any input, as long as it's text Splunk will index it. Windows event logs, the errorlog files, etc.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So how do you monitor SQL logs now? Do you just monitor Windows Event Logs in your SQL Servers?
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
