All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can Splunk ingest Microsoft Access Database (.mdb) files?

nick405060
Motivator
‎03-31-2020 02:25 PM

We are trying to ingest badge data from a Win7 desktop that uses an access control application called WinDSX. The data is stored in a .mdb file. How can I ingest this data? Would running odbcad32.exe to create a ODBC System DSN help or not? It doesn't look like Splunk 7 can hit up ODBC connections

0 Karma
Reply

bheafey
New Member
‎06-30-2021 12:51 PM

Hello,

Curious if you solved this?  We are attempting to do the exact same thing.

Thank you!

Bill

0 Karma
Reply

nick405060
Motivator
‎03-31-2020 05:23 PM

This was the only relevant Splunk Answer I found, however as noted in the question this will not work in Splunk 7.x onwards

https://answers.splunk.com/answers/74161/dbx-connection-to-microsoft-access.html

So instead I combined code from

https://code.google.com/archive/p/pypyodbc/wikis/pypyodbc_for_access_mdb_file.wiki

with code from

https://stackoverflow.com/questions/3620539/how-to-deal-with-mdb-access-files-with-python

and scheduled this Python script to run on a cron schedule:

import pypyodbc, csv
con = pypyodbc.win_connect_mdb("C:\WinDSX\Log.mdb")
cur = con.cursor()

# run a query and get the results 
SQL = 'SELECT * FROM EvnLog;' # your query goes here
rows = cur.execute(SQL).fetchall()
cur.close()
con.close()

# you could change the mode from 'w' to 'a' (append) for any subsequent queries
with open('WINDSX_LOGS.csv', 'a', newline='') as fou:
    csv_writer = csv.writer(fou) # default field-delimiter is ","
    csv_writer.writerows(rows)

... and then monitored and ingested using a Splunk UF

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...