All Apps and Add-ons

DB Connect to Remote MSSQL DB as Windows Authentication

bcusick
Communicator

Hi,

I am trying to configure a DB connection in DB Connect. The authentication (Microsoft SQL Server) will use Windows Authentication, not SQL Server auth. I have not set up any firewall rules, which I'm sure I have to do. So, two questions:

  1. Can I use Windows authentication to connect?
  2. DB Connect says not to specify a port, but can I use any port for the firewall rule to query the database?

Currently I get the error: "Encountered the following error while trying to save: In handler 'databases': Unknown error while validating database connection"

Thanks,

B

0 Karma
1 Solution

ziegfried
Influencer
  1. Yes. Just specify the username in the form of DOMAIN\username. This enables NTLMv2 (Windows) authentication.
  2. You have to make sure the firewall doesn't block the port the database server is listening on (which is likely 1433, the default port) for connections from your Splunk server where DB Connect is installed.

For troubleshooting errors, I'd recommend looking at the DB Connect debug logs after such an error occurs. There is a saved search called "Recent DB Connect errors" that ships with the app, which is a good starting point.

View solution in original post

ziegfried
Influencer
  1. Yes. Just specify the username in the form of DOMAIN\username. This enables NTLMv2 (Windows) authentication.
  2. You have to make sure the firewall doesn't block the port the database server is listening on (which is likely 1433, the default port) for connections from your Splunk server where DB Connect is installed.

For troubleshooting errors, I'd recommend looking at the DB Connect debug logs after such an error occurs. There is a saved search called "Recent DB Connect errors" that ships with the app, which is a good starting point.

richard_g_curry
Explorer

"Is there a way to combine DB Connect data with Search data?"

It does not appear that this was answered -- yes you can. You can use the append command (http://docs.splunk.com/Documentation/Splunk/4.3.3/SearchReference/Append) or combine the indexes and sourcetypes of your 'other' data.

0 Karma

bcusick
Communicator

Hi, I had to have the Splunk admin configure this connection after opening the firewall. I cannot do so as a "power user". Is there a way to combine DB Connect data with Search data? My dashboards are intended to show a high-level view of everything going on

0 Karma

bcusick
Communicator

Thanks. Put in a request yesterday for a firewall change (to be completed tomorrow evening). Will respond when I can test. 🙂

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...