All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Best practices MS SQL Add-On

deangoris
Explorer
‎01-22-2018 02:43 AM

Hi,

We are searching for a way to monitor our MS SQL servers.
We are already using Splunk to index logfiles on multiple web servers and I know the basics of monitoring logfiles and perfo counters through a universal forwarder. We have a deployment server to deploy the apps made for this.

I have little experience with the add-ons available on Splunk base. I installed the MS SQL server add on.
Now I'd like to hear what the best practices are to configure it for our purposes.

  • Should I make sure the complete app is deployed to our forwarders as well?
  • Should I create a new custom app, copy the usefull stuff from the SQL add-on to it, enable necessary monitors and deploy it to our forwarders? In this way I can be sure all captured data has the correct sourcetype and all prebuilt transforms etc. will work?

Any advice on how to start with this or a link to a guide will be helpful.
The information on Splunk Docs does not give me enough advice on this.

Thanks in advance,
Dean

0 Karma
Reply

sloshburch
Splunk Employee
Splunk Employee
‎01-29-2018 05:22 AM

You'll probably be most successful by following the instructions in the app's docs (linked to in the apps' details page) in regards to where to deploy the app to.

I would keep the config you need in the local folder of the MSSQL add on. Start with it there and you may build confidence to move it's config elsewhere later...but I wouldn't start that way as it can be more confusing. Also, the design of a local folder within that app is specifically meant to help with the config management thereby allowing a 'default' folder to be overwritten during updates (but not blowing away your local folder).

Make sense?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...