All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

EPO & Splunk DBConnect

AaronMoorcroft
Communicator
‎07-08-2014 05:12 AM

Hi Guys

I have seen a few posts dotted around relating to dragging in data from the EPO DB with an App called DBConnect, Ive managed to get that installed and connected to the DB however when trying to add a database input it gets a little confusing.

When trying to configure using the GUI -

I figure that I only need new evets so have picked the Tail input type
Selected the Database created earlier
Table name would be set to dbo.EPOAuditEventMsgs........ is that the correct table for AV Alerts ?
Raising column seems to be a sticking point with various diffrent posts around the forum on this, I believe that it should be set to EPOEvents.AutoID......... is this correct ?

Then as for Output, timestamp etc I assume they can be left blank ?

Any help on this woud be much appreciated, I have little to no knowledge on SQL and Splunk is very much a work in progress too.

Thanks in advance

0 Karma
Reply

AaronMoorcroft
Communicator
‎07-09-2014 02:16 AM

That looks like it could work however I have version 5.0.1 so this would not work for me accordingly to the version that it works on.

Thanks for the link though, I have managed to get it working now i had placed a space in the DB name which had stopped it from picking up the connection I guess.

The problem continues now as I have to drag the AV alerts from the tables, I was hoping that all the AV alerts would be in the one table but it doesnt look like it is, if anyone can provide any more help on this that would be great.

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎07-08-2014 11:52 AM

I am pleased to announce that we've just released an add-on that can help you with this: http://apps.splunk.com/app/1819/

Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...