All Apps and Add-ons

Can Splunk ingest Microsoft Access Database (.mdb) files?


We are trying to ingest badge data from a Win7 desktop that uses an access control application called WinDSX. The data is stored in a .mdb file. How can I ingest this data? Would running odbcad32.exe to create a ODBC System DSN help or not? It doesn't look like Splunk 7 can hit up ODBC connections

0 Karma


This was the only relevant Splunk Answer I found, however as noted in the question this will not work in Splunk 7.x onwards

So instead I combined code from

with code from

and scheduled this Python script to run on a cron schedule:

import pypyodbc, csv
con = pypyodbc.win_connect_mdb("C:\WinDSX\Log.mdb")
cur = con.cursor()

# run a query and get the results 
SQL = 'SELECT * FROM EvnLog;' # your query goes here
rows = cur.execute(SQL).fetchall()

# you could change the mode from 'w' to 'a' (append) for any subsequent queries
with open('WINDSX_LOGS.csv', 'a', newline='') as fou:
    csv_writer = csv.writer(fou) # default field-delimiter is ","

... and then monitored and ingested using a Splunk UF

0 Karma