- Community
- :
- Splunk Answers
- :
- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- How can I connect thousands of individual database...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My current Splunk Enterprise instance contains a lot of logged data, but would be exponentially more useful if I could easily correlate it with data that is currently housed in thousands (and growing) of individual databases. I'm looking for some very basic ideas on a solution - how can I get this meaningful data from the individual databases into Splunk, where it will then be at my fingertips? I've been told that Splunk DB Connect is not a reasonable solution because of the number of databases, but I don't have a great understanding of the limitations so I'm open to ideas. Any suggestions?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Each database would require an individual input in Splunk; I'm not sure what sort of resources would be required on your indexer or if DB Connect has a limit on the number of possible database connections, but I think you were told correctly that it probably isn't a good solution. Sounds more like you need to consolidate your information in a data warehouse database, then configure Splunk to connect to that instead of to each individual database. With properly constructed database views or sql searches in Splunk, you might not even need to put all that data into the Splunk indexes and have it count against your license.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I understand correctly, we could connect to a single centralized database and use it as sort of a giant lookup table to avoid indexing, as I imagine indexing all of that data would incur considerable cost. Depending on what type of data we decide to pull from our numerous databases, that may be a solution. Thanks for the insight - its much appreciated!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Each database would require an individual input in Splunk; I'm not sure what sort of resources would be required on your indexer or if DB Connect has a limit on the number of possible database connections, but I think you were told correctly that it probably isn't a good solution. Sounds more like you need to consolidate your information in a data warehouse database, then configure Splunk to connect to that instead of to each individual database. With properly constructed database views or sql searches in Splunk, you might not even need to put all that data into the Splunk indexes and have it count against your license.
.conf23 Registration is Now Open!
Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...
Unify Your SecOps with Splunk Mission Control
