All Apps and Add-ons

Can Splunk ingest Microsoft Access Database (.mdb) files?


We are trying to ingest badge data from a Win7 desktop that uses an access control application called WinDSX. The data is stored in a .mdb file. How can I ingest this data? Would running odbcad32.exe to create a ODBC System DSN help or not? It doesn't look like Splunk 7 can hit up ODBC connections

0 Karma

New Member


Curious if you solved this?  We are attempting to do the exact same thing.

Thank you!


0 Karma


This was the only relevant Splunk Answer I found, however as noted in the question this will not work in Splunk 7.x onwards

So instead I combined code from

with code from

and scheduled this Python script to run on a cron schedule:

import pypyodbc, csv
con = pypyodbc.win_connect_mdb("C:\WinDSX\Log.mdb")
cur = con.cursor()

# run a query and get the results 
SQL = 'SELECT * FROM EvnLog;' # your query goes here
rows = cur.execute(SQL).fetchall()

# you could change the mode from 'w' to 'a' (append) for any subsequent queries
with open('WINDSX_LOGS.csv', 'a', newline='') as fou:
    csv_writer = csv.writer(fou) # default field-delimiter is ","

... and then monitored and ingested using a Splunk UF

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...