All Apps and Add-ons

Best practices MS SQL Add-On

deangoris
Explorer

Hi,

We are searching for a way to monitor our MS SQL servers.
We are already using Splunk to index logfiles on multiple web servers and I know the basics of monitoring logfiles and perfo counters through a universal forwarder. We have a deployment server to deploy the apps made for this.

I have little experience with the add-ons available on Splunk base. I installed the MS SQL server add on.
Now I'd like to hear what the best practices are to configure it for our purposes.

  • Should I make sure the complete app is deployed to our forwarders as well?
  • Should I create a new custom app, copy the usefull stuff from the SQL add-on to it, enable necessary monitors and deploy it to our forwarders? In this way I can be sure all captured data has the correct sourcetype and all prebuilt transforms etc. will work?

Any advice on how to start with this or a link to a guide will be helpful.
The information on Splunk Docs does not give me enough advice on this.

Thanks in advance,
Dean

0 Karma

sloshburch
Splunk Employee
Splunk Employee

You'll probably be most successful by following the instructions in the app's docs (linked to in the apps' details page) in regards to where to deploy the app to.

I would keep the config you need in the local folder of the MSSQL add on. Start with it there and you may build confidence to move it's config elsewhere later...but I wouldn't start that way as it can be more confusing. Also, the design of a local folder within that app is specifically meant to help with the config management thereby allowing a 'default' folder to be overwritten during updates (but not blowing away your local folder).

Make sense?

0 Karma
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Community Content Calendar, October Edition

Welcome to the October edition of our Community Spotlight! The Splunk Community is a treasure trove of ...

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...