All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I connect thousands of individual databases to Splunk?

hoiby
Explorer
‎10-23-2014 05:11 PM

My current Splunk Enterprise instance contains a lot of logged data, but would be exponentially more useful if I could easily correlate it with data that is currently housed in thousands (and growing) of individual databases. I'm looking for some very basic ideas on a solution - how can I get this meaningful data from the individual databases into Splunk, where it will then be at my fingertips? I've been told that Splunk DB Connect is not a reasonable solution because of the number of databases, but I don't have a great understanding of the limitations so I'm open to ideas. Any suggestions?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

pmdba
Builder
‎10-25-2014 08:59 PM

Each database would require an individual input in Splunk; I'm not sure what sort of resources would be required on your indexer or if DB Connect has a limit on the number of possible database connections, but I think you were told correctly that it probably isn't a good solution. Sounds more like you need to consolidate your information in a data warehouse database, then configure Splunk to connect to that instead of to each individual database. With properly constructed database views or sql searches in Splunk, you might not even need to put all that data into the Splunk indexes and have it count against your license.

View solution in original post

Reply
Solved! Jump to solution

hoiby
Explorer
‎10-27-2014 09:15 AM

If I understand correctly, we could connect to a single centralized database and use it as sort of a giant lookup table to avoid indexing, as I imagine indexing all of that data would incur considerable cost. Depending on what type of data we decide to pull from our numerous databases, that may be a solution. Thanks for the insight - its much appreciated!

0 Karma
Reply
Solved! Jump to solution
Solution

pmdba
Builder
‎10-25-2014 08:59 PM

Each database would require an individual input in Splunk; I'm not sure what sort of resources would be required on your indexer or if DB Connect has a limit on the number of possible database connections, but I think you were told correctly that it probably isn't a good solution. Sounds more like you need to consolidate your information in a data warehouse database, then configure Splunk to connect to that instead of to each individual database. With properly constructed database views or sql searches in Splunk, you might not even need to put all that data into the Splunk indexes and have it count against your license.

Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...