I am looking for your experience of onboarding more than 1000 databases in Splunk, because this is, what my customer wants to do. As I know there are three ways of onboarding Databases: 1. DBConnect, 2. via Forwarder, 3. Syslog. Due to data policies, my customer is not able to log data from databases, so DB Connect would be the only choice. Did anyone ever onboarded over 1000 oracle databases (with DB Connect)? What is your experience?
I do not have a fully solution to this. Our customer set up multiple Heavy Forwarder for DB Connect. Do manage the inputs and collections for myself, i wrote a Python Script to automate the creation of db_connections.conf and db_inputs.conf from a csv file, but that is just a little help. You can find it here: https://github.com/jbrocks/splunk-db-connect-inputs-and-collections . Further more I am also looking for experience from others. My customer actually tries to onboard as less DBs via DB Connect as possible. Where possible we try to collect the data via syslog, but this is still a long internal discussion.